Installer should end ASAP with CA is already installed, not doing all checks.
[root@vm-065 ~]#ipa-server-install ... [root@vm-065 ~]# ipa-ca-install replica.file .... Connection from replica to master is OK. Start listening on required ports for remote master check Get credentials to log in to remote master Check SSH connection to remote master Execute check on remote master Check connection from master to remote replica 'vm-065.abc.idm.lab.eng.brq.redhat.com': Directory Service: Unsecure port (389): OK Directory Service: Secure port (636): OK Kerberos KDC: TCP (88): OK Kerberos KDC: UDP (88): WARNING Kerberos Kpasswd: TCP (464): OK Kerberos Kpasswd: UDP (464): WARNING HTTP Server: Unsecure port (80): OK HTTP Server: Secure port (443): OK The following UDP ports could not be verified as open: 88, 464 This can happen if they are already bound to an application and ipa-replica-conncheck cannot attach own UDP responder. .... A CA is already configured on this system.
From source code:
if replica_config is not None: if standalone and api.env.ra_plugin == 'selfsign': sys.exit('A selfsign CA can not be added') if ((not options.promote and not ipautil.file_exists(replica_config.dir + "/cacert.p12"))): print('CA cannot be installed in CA-less setup.') sys.exit(1) if standalone and not options.skip_conncheck: principal = options.principal replica_conn_check( replica_config.master_host_name, host_name, realm_name, True, replica_config.ca_ds_port, options.admin_password, principal=principal) if options.skip_schema_check or options.promote: root_logger.info("Skipping CA DS schema check") else: cainstance.replica_ca_install_check(replica_config) return # <----------- returns here, does not check if CA is installed that follows if standalone: if cainstance.is_ca_installed_locally(): sys.exit("CA is already installed on this host.")
This is addressed with the patch developed for #5397
Fixed in #5397
master:
Metadata Update from @mbasti: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.3
Login to comment on this ticket.