2 files changed, 65 insertions, 0 deletions

diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index 66a76c75d..89e4ad4e6 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -23,6 +23,9 @@ import shutil
 import tempfile
 import traceback
 
+from pki.client import PKIConnection
+import pki.system
+
 from ipapython import certmonger
 from ipapython import dogtag
 from ipapython import ipaldap
@@ -58,6 +61,32 @@ def check_inst(subsystem):
     return True
 
 
+def get_security_domain():
+    """
+    Get the security domain from the REST interface on the local Dogtag CA
+    This function will succeed if the local dogtag CA is up.
+    """
+    connection = PKIConnection()
+    domain_client = pki.system.SecurityDomainClient(connection)
+    info = domain_client.get_security_domain_info()
+    return info
+
+
+def is_installing_replica(sys_type):
+    """
+    We expect only one of each type of Dogtag subsystem in an IPA deployment.
+    That means that if a subsystem of the specified type has already been deployed -
+    and therefore appears in the security domain - then we must be installing
+    a replica.
+    """
+    info = get_security_domain()
+    try:
+        sys_list = info.systems[sys_type]
+        return len(sys_list) > 0
+    except KeyError:
+        return False
+
+
 class DogtagInstance(service.Service):
     """
     This is the base class for a Dogtag 10+ instance, which uses a
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index e2d785881..675050ce4 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -42,6 +42,7 @@ from ipapython import config
 from ipalib import errors
 from ipaserver.install import certs
 from ipapython import services as ipaservices
+from ipapython import version
 
 # Used to determine install status
 IPA_MODULES = [
@@ -570,6 +571,41 @@ def read_replica_info_drm_enabled(config_dir):
             return enable_drm
 
 
+def create_replica_config(dirman_password, filename, options):
+    try:
+        top_dir, dir = expand_replica_info(filename, dirman_password)
+        global REPLICA_INFO_TOP_DIR
+        REPLICA_INFO_TOP_DIR = top_dir
+    except Exception, e:
+        print "ERROR: Failed to decrypt or open the replica file."
+        print "Verify you entered the correct Directory Manager password."
+        sys.exit(1)
+    config = ReplicaConfig()
+    read_replica_info(dir, config)
+    root_logger.debug('Installing replica file with version %d (0 means no version in prepared file).' % config.version)
+    if config.version and config.version > version.NUM_VERSION:
+        root_logger.error('A replica file from a newer release (%d) cannot be installed on an older version (%d)' % (
+        config.version, version.NUM_VERSION))
+        sys.exit(1)
+    config.dirman_password = dirman_password
+    try:
+        host = get_host_name(options.no_host_dns)
+    except BadHostError, e:
+        root_logger.error(str(e))
+        sys.exit(1)
+    if config.host_name != host:
+        try:
+            print "This replica was created for '%s' but this machine is named '%s'" % (config.host_name, host)
+            if not ipautil.user_input("This may cause problems. Continue?", False):
+                sys.exit(0)
+            config.host_name = host
+            print ""
+        except KeyboardInterrupt:
+            sys.exit(0)
+    config.dir = dir
+    config.ca_ds_port = read_replica_info_dogtag_port(config.dir)
+    return config
+
 def check_server_configuration():
     """
     Check if IPA server is configured on the system.