From 20431ebbb4070f0ccd4fe6dbc3edd9cdf627a234 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Jun 12 2013 10:58:58 +0000
Subject: Do not allow installing CA replicas in CA-less setup.


https://fedorahosted.org/freeipa/ticket/3673
https://fedorahosted.org/freeipa/ticket/3674

---

diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 475fe2b..e32cd83 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -160,6 +160,10 @@ def main():
     config.dir = dir
     config.setup_ca = True
 
+    if ipautil.file_exists(config.dir + "/dscert.p12"):
+        print 'CA cannot be installed in CA-less setup.'
+        sys.exit(1)
+
     portfile = config.dir + "/dogtag_directory_port.txt"
     if not ipautil.file_exists(portfile):
         dogtag_master_ds_port = str(dogtag.Dogtag9Constants.DS_PORT)
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index e93e30b..575b1a8 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -513,6 +513,10 @@ def main():
     config.dir = dir
     config.setup_ca = options.setup_ca
 
+    if config.setup_ca and ipautil.file_exists(config.dir + "/dscert.p12"):
+        print 'CA cannot be installed in CA-less setup.'
+        sys.exit(1)
+
     installutils.verify_fqdn(config.master_host_name, options.no_host_dns)
 
     portfile = config.dir + "/dogtag_directory_port.txt"