Detect CA installation type in ipa-replica-prepare and ipa-ca-install.

ipa-ca-install can only add a dogtag CA to an IPA install. ipa-replica-prepare can only be run on the initial master with a selfsign backend. https://fedorahosted.org/freeipa/ticket/1756 https://fedorahosted.org/freeipa/ticket/1757
author: Rob Crittenden <rcritten@redhat.com> 2011-09-27 17:44:20 +0200
committer: Martin Kosek <mkosek@redhat.com> 2011-09-27 17:50:46 +0200
commit: a41457ec3a905a68af60c1b359c25679c3c5a7b7 (patch)
tree: 7b1b8a0a23316ac7e15f80081dbd98b8463ea0e2 /install/tools/ipa-replica-prepare
parent: 2028a4095d00054fb2015ab38d1f3720ea105e13 (diff)
download: freeipa.git-a41457ec3a905a68af60c1b359c25679c3c5a7b7.tar.gz
freeipa.git-a41457ec3a905a68af60c1b359c25679c3c5a7b7.tar.xz
freeipa.git-a41457ec3a905a68af60c1b359c25679c3c5a7b7.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index 16536b37..038fd69c 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -243,6 +243,9 @@ def main():
     if not options.pkinit_pkcs12 and not certs.ipa_self_signed():
         options.setup_pkinit = False
 
+    if certs.ipa_self_signed_master() == False:
+        sys.exit('A selfsign CA backend can only prepare on the original master')
+
     try:
         installutils.verify_fqdn(replica_fqdn, system_name_check=False)
     except RuntimeError, e:
author	Rob Crittenden <rcritten@redhat.com>	2011-09-27 17:44:20 +0200
committer	Martin Kosek <mkosek@redhat.com>	2011-09-27 17:50:46 +0200
commit	a41457ec3a905a68af60c1b359c25679c3c5a7b7 (patch)
tree	7b1b8a0a23316ac7e15f80081dbd98b8463ea0e2 /install/tools/ipa-replica-prepare
parent	2028a4095d00054fb2015ab38d1f3720ea105e13 (diff)
download	freeipa.git-a41457ec3a905a68af60c1b359c25679c3c5a7b7.tar.gz freeipa.git-a41457ec3a905a68af60c1b359c25679c3c5a7b7.tar.xz freeipa.git-a41457ec3a905a68af60c1b359c25679c3c5a7b7.zip