replica install: merge KRA agent cert export into KRA install

Merge all KRA agent cert export code paths into a single code path in KRA
install.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>

ipaserver/install/kra.py

@@ -19,6 +19,9 @@ from ipaserver.install import service
 
 
 def install_check(api, replica_config, options):
+    if replica_config is not None and not replica_config.setup_kra:
+        return
+
     kra = krainstance.KRAInstance(api.env.realm)
     if kra.is_installed():
         raise RuntimeError("KRA is already installed.")
@@ -68,6 +71,7 @@ def install(api, replica_config, options):
 
         pkcs12_info = None
         master_host = None
+        ra_only = False
         promote = False
     else:
         krafile = os.path.join(replica_config.dir, 'kracert.p12')
@@ -94,6 +98,7 @@ def install(api, replica_config, options):
 
         pkcs12_info = (krafile,)
         master_host = replica_config.kra_host_name
+        ra_only = not replica_config.setup_kra
         promote = options.promote
 
     kra = krainstance.KRAInstance(realm_name)
@@ -101,16 +106,18 @@ def install(api, replica_config, options):
                            subject_base=subject_base,
                            pkcs12_info=pkcs12_info,
                            master_host=master_host,
+                           ra_only=ra_only,
                            promote=promote)
 
     service.print_msg("Restarting the directory server")
     ds = dsinstance.DsInstance()
     ds.restart()
 
-    kra.enable_client_auth_to_db(paths.KRA_CS_CFG_PATH)
+    if not ra_only:
+        kra.enable_client_auth_to_db(paths.KRA_CS_CFG_PATH)
 
-    # Restart apache for new proxy config file
-    services.knownservices.httpd.restart(capture_output=True)
+        # Restart apache for new proxy config file
+        services.knownservices.httpd.restart(capture_output=True)
 
 
 def uninstall(standalone):