During replication installation see if an agreement already exists.

We were inferring that an agreement existed if the host was present
as an IPA host. This was not enough if the replica installation failed
early enough.

https://fedorahosted.org/freeipa/ticket/2030

install/tools/ipa-replica-install

@@ -30,7 +30,7 @@ from ipapython import ipautil
 from ipaserver.install import dsinstance, installutils, krbinstance, service
 from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
 from ipaserver.install import memcacheinstance
-from ipaserver.install.replication import replica_conn_check
+from ipaserver.install.replication import replica_conn_check, ReplicationManager
 from ipaserver.install.installutils import HostnameLocalhost, resolve_host
 from ipaserver.install.installutils import ReplicaConfig, expand_replica_info, read_replica_info
 from ipaserver.install.installutils import get_host_name, BadHostError
@@ -401,21 +401,35 @@ def main():
         conn.connect(bind_dn='cn=directory manager',
                      bind_pw=config.dirman_password,
                      tls_cacertfile=CACERT)
+        replman = ReplicationManager(config.realm_name, config.master_host_name,
+                                     config.dirman_password)
+        found = False
         try:
             entry = conn.find_entries(u'fqdn=%s' % host, ['dn', 'fqdn'], u'%s,%s' % (api.env.container_host, api.env.basedn))
-            print "The host %s already exists on the master server. Depending on your configuration, you may perform the following:\n" % host
-            print "Remove the replication agreement, if any:"
-            print "    %% ipa-replica-manage del %s" % host
-            print "Remove the host entry:"
+            print "The host %s already exists on the master server.\nYou should remove it before proceeding:" % host
             print "    %% ipa host-del %s" % host
-            sys.exit(3)
+            found = True
         except errors.NotFound:
             pass
-        conn.disconnect()
+        try:
+            (agreement_cn, agreement_dn) = replman.agreement_dn(host)
+            entry = conn.get_entry(agreement_dn, ['*'])
+            print "A replication agreement for this host already exists. It needs to be removed. Run this on the master that generated the info file:"
+            print "    %% ipa-replica-manage del %s --force" % host
+            found = True
+        except errors.NotFound:
+            pass
+        if found:
+            sys.exit(3)
     except errors.ACIError:
         sys.exit("\nThe password provided is incorrect for LDAP server %s" % config.master_host_name)
     except errors.LDAPError:
         sys.exit("\nUnable to connect to LDAP server %s" % config.master_host_name)
+    finally:
+        if conn and conn.isconnected():
+            conn.disconnect()
+        if replman and replman.conn:
+            replman.conn.unbind_s()
 
     # Configure ntpd
     if options.conf_ntp:

install/tools/man/ipa-replica-install.1

@@ -1,5 +1,5 @@
 .\" A man page for ipa-replica-install
-.\" Copyright (C) 2008 Red Hat, Inc.
+.\" Copyright (C) 2008-2012 Red Hat, Inc.
 .\"
 .\" This program is free software; you can redistribute it and/or modify
 .\" it under the terms of the GNU General Public License as published by
@@ -16,7 +16,7 @@
 .\"
 .\" Author: Rob Crittenden <rcritten@redhat.com>
 .\"
-.TH "ipa-replica-install" "1" "Sep 5 2011" "FreeIPA" "FreeIPA Manual Pages"
+.TH "ipa-replica-install" "1" "May 16 2012" "FreeIPA" "FreeIPA Manual Pages"
 .SH "NAME"
 ipa\-replica\-install \- Create an IPA replica
 .SH "SYNOPSIS"
@@ -25,6 +25,10 @@ ipa\-replica\-install [\fIOPTION\fR]... replica_file
 Configures a new IPA server that is a replica of the server that generated it. Once it has been created it is an exact copy of the original IPA server and is an equal master. Changes made to any master are automatically replicated to other masters.
 
 The replica_file is created using the ipa\-replica\-prepare utility.
+
+If the installation fails you may need to run ipa\-server\-install \-\-uninstall before running ipa\-replica\-install again.
+
+The installation will fail if the host you are installing the replica on exists as a host in IPA or an existing replication agreement exists (for example, from a previously failed installation).
 .SH "OPTIONS"
 .SS "BASIC OPTIONS"
 .TP
@@ -33,7 +37,7 @@ Install and configure a CA on this replica. If a CA is not configured then
 certificate operations will be forwarded to a master with a CA installed.
 .TP
 \fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
-The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail. If the server hostname is not resolvable, a record for the hostname and IP_ADDRESS is added to /etc/hosts.
+The IP address of this server. If this address does not match the address the host resolves to and \-\-setup\-dns is not selected the installation will fail. If the server hostname is not resolvable, a record for the hostname and IP_ADDRESS is added to /etc/hosts.
 .TP
 \fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
 Directory Manager (existing master) password
@@ -98,3 +102,5 @@ Do not automatically create DNS SSHFP records.
 0 if the command was successful
 
 1 if an error occurred
+
+3 if the host exists in the IPA server or a replication agreement to the remote master already exists