On 3.8.2016 22:56, Ben Lipton wrote: > > On 08/01/2016 11:38 AM, Petr Spacek wrote: >> Hello, >> >> Fix ipa-replica-prepare's error message about missing local CA instance >> >> ipa-replica-prepare must be run on a replica with CA or all the certs >> needs to be provided (for CA-less case). >> >> The old messages were utterly confusing because they mixed errors about >> missing certs and missing local CA instance into one text. >> >> https://fedorahosted.org/freeipa/ticket/6134 >> >> >> > The error message in the patch says "must be ran" instead of "must be run".
Thanks! Fixed patch is attached. -- Petr^2 Spacek
From 22bba42b7ac8ec4a11af0e08609adf03f3aa2332 Mon Sep 17 00:00:00 2001 From: Petr Spacek <pspa...@redhat.com> Date: Mon, 1 Aug 2016 17:32:04 +0200 Subject: [PATCH] Fix ipa-replica-prepare's error message about missing local CA instance ipa-replica-prepare must be run on a replica with CA or all the certs needs to be provided (for CA-less case). The old messages were utterly confusing because they mixed errors about missing certs and missing local CA instance into one text. https://fedorahosted.org/freeipa/ticket/6134 --- ipaserver/install/ipa_replica_prepare.py | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py index fdd32f0c8437a0d8c3947d57089662ea09bb2304..a6f0f1e393707d40c62276d4c355afba82fc83f5 100644 --- a/ipaserver/install/ipa_replica_prepare.py +++ b/ipaserver/install/ipa_replica_prepare.py @@ -236,6 +236,10 @@ class ReplicaPrepare(admintool.AdminTool): except errors.DatabaseError as e: raise admintool.ScriptError(e.desc) + if ca_enabled and not ipautil.file_exists(paths.CA_CS_CFG_PATH): + raise admintool.ScriptError( + "CA is not installed on this server. " + "ipa-replica-prepare must be run on an IPA server with CA.") if not ca_enabled and not options.http_cert_files: raise admintool.ScriptError( "Cannot issue certificates: a CA is not installed. Use the " @@ -347,13 +351,6 @@ class ReplicaPrepare(admintool.AdminTool): "Apache Server SSL certificate and Directory Server SSL " "certificate are not signed by the same CA certificate") - if (not ipautil.file_exists(paths.CA_CS_CFG_PATH) and - options.dirsrv_pin is None): - self.log.info("If you installed IPA with your own certificates " - "using PKCS#12 files you must provide PKCS#12 files for any " - "replicas you create as well.") - raise admintool.ScriptError("The replica must be created on the " - "primary IPA server.") def run(self): options = self.options -- 2.7.4
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
