Fix ipa-replica-prepare's error message about missing local CA instance

ipa-replica-prepare must be run on a replica with CA or all the certs needs to be provided (for CA-less case). The old messages were utterly confusing because they mixed errors about missing certs and missing local CA instance into one text. https://fedorahosted.org/freeipa/ticket/6134 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Ben Lipton <blipton@redhat.com>
2025-01-12 09:11:55 -06:00 · 2016-08-01 17:32:04 +02:00 · 2016-08-01 17:32:04 +02:00 · 503d096ebc
commit 503d096ebc
parent cad6a551d6
1 changed files with 4 additions and 7 deletions
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@ -236,6 +236,10 @@ class ReplicaPrepare(admintool.AdminTool):
        except errors.DatabaseError as e:
            raise admintool.ScriptError(e.desc)

+        if ca_enabled and not ipautil.file_exists(paths.CA_CS_CFG_PATH):
+            raise admintool.ScriptError(
+                "CA is not installed on this server. "
+                "ipa-replica-prepare must be run on an IPA server with CA.")
        if not ca_enabled and not options.http_cert_files:
            raise admintool.ScriptError(
                "Cannot issue certificates: a CA is not installed. Use the "
@ -347,13 +351,6 @@ class ReplicaPrepare(admintool.AdminTool):
                "Apache Server SSL certificate and Directory Server SSL "
                 "certificate are not signed by the same CA certificate")

-        if (not ipautil.file_exists(paths.CA_CS_CFG_PATH) and
-                options.dirsrv_pin is None):
-            self.log.info("If you installed IPA with your own certificates "
-                "using PKCS#12 files you must provide PKCS#12 files for any "
-                "replicas you create as well.")
-            raise admintool.ScriptError("The replica must be created on the "
-                "primary IPA server.")

    def run(self):
        options = self.options