1 files changed, 29 insertions, 0 deletions

diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index 66a76c75d..89e4ad4e6 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -23,6 +23,9 @@ import shutil
 import tempfile
 import traceback
 
+from pki.client import PKIConnection
+import pki.system
+
 from ipapython import certmonger
 from ipapython import dogtag
 from ipapython import ipaldap
@@ -58,6 +61,32 @@ def check_inst(subsystem):
     return True
 
 
+def get_security_domain():
+    """
+    Get the security domain from the REST interface on the local Dogtag CA
+    This function will succeed if the local dogtag CA is up.
+    """
+    connection = PKIConnection()
+    domain_client = pki.system.SecurityDomainClient(connection)
+    info = domain_client.get_security_domain_info()
+    return info
+
+
+def is_installing_replica(sys_type):
+    """
+    We expect only one of each type of Dogtag subsystem in an IPA deployment.
+    That means that if a subsystem of the specified type has already been deployed -
+    and therefore appears in the security domain - then we must be installing
+    a replica.
+    """
+    info = get_security_domain()
+    try:
+        sys_list = info.systems[sys_type]
+        return len(sys_list) > 0
+    except KeyError:
+        return False
+
+
 class DogtagInstance(service.Service):
     """
     This is the base class for a Dogtag 10+ instance, which uses a