Sanitize CA replica install

Check if cafile exist first. https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Tomas Babej <tbabej@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-06-30 12:16:56 +02:00 · 2015-06-30 12:16:56 +02:00 · b2f0a018b6
commit b2f0a018b6
parent 37729936dd
1 changed files with 10 additions and 12 deletions
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@ -391,6 +391,9 @@ def install_check(installer):
    installutils.verify_fqdn(config.master_host_name, options.no_host_dns)

    cafile = config.dir + "/ca.crt"
+    if not ipautil.file_exists(cafile):
+        raise RuntimeError("CA cert file is not available. Please run "
+                           "ipa-replica-prepare to create a new replica file.")

    ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name)
    remote_api = create_api(mode=None)
@ -510,10 +513,6 @@ def install_check(installer):
            config.master_host_name, config.host_name, config.realm_name,
            options.setup_ca, config.ca_ds_port, options.admin_password)

-    if not ipautil.file_exists(cafile):
-        raise RuntimeError("CA cert file is not available. Please run "
-                           "ipa-replica-prepare to create a new replica file.")
-
    installer._remote_api = remote_api
    installer._fstore = fstore
    installer._sstore = sstore
@ -574,7 +573,6 @@ def install(installer):
    otpd.create_instance('OTPD', config.host_name, config.dirman_password,
                         ipautil.realm_to_suffix(config.realm_name))

-    if ipautil.file_exists(cafile):
    CA = cainstance.CAInstance(
        config.realm_name, certs.NSS_DIR,
        dogtag_constants=dogtag_constants)