From fedee72a5a0e9fbb2b82c4105034857b17f8a5c4 Mon Sep 17 00:00:00 2001 From: Petr Spacek Date: Aug 05 2016 09:49:39 +0000 Subject: Fix ipa-replica-prepare's error message about missing local CA instance ipa-replica-prepare must be run on a replica with CA or all the certs needs to be provided (for CA-less case). The old messages were utterly confusing because they mixed errors about missing certs and missing local CA instance into one text. https://fedorahosted.org/freeipa/ticket/6134 Reviewed-By: Martin Basti Reviewed-By: Ben Lipton --- diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py index 8fed278..4105370 100644 --- a/ipaserver/install/ipa_replica_prepare.py +++ b/ipaserver/install/ipa_replica_prepare.py @@ -236,6 +236,10 @@ class ReplicaPrepare(admintool.AdminTool): except errors.DatabaseError as e: raise admintool.ScriptError(e.desc) + if ca_enabled and not ipautil.file_exists(paths.CA_CS_CFG_PATH): + raise admintool.ScriptError( + "CA is not installed on this server. " + "ipa-replica-prepare must be run on an IPA server with CA.") if not ca_enabled and not options.http_cert_files: raise admintool.ScriptError( "Cannot issue certificates: a CA is not installed. Use the " @@ -347,13 +351,6 @@ class ReplicaPrepare(admintool.AdminTool): "Apache Server SSL certificate and Directory Server SSL " "certificate are not signed by the same CA certificate") - if (not ipautil.file_exists(paths.CA_CS_CFG_PATH) and - options.dirsrv_pin is None): - self.log.info("If you installed IPA with your own certificates " - "using PKCS#12 files you must provide PKCS#12 files for any " - "replicas you create as well.") - raise admintool.ScriptError("The replica must be created on the " - "primary IPA server.") def run(self): options = self.options