diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-10-14 11:26:15 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-11-05 15:26:42 +0100 |
commit | 2cf0f0a658ba3151596e3782c76d6273362080cf (patch) | |
tree | 0bbb689b6901a9c506402692fefd850c8e3598df /ipaserver | |
parent | 364d466fd7def3589ddb9e4a9f8d73fc2df80439 (diff) | |
download | freeipa-2cf0f0a658ba3151596e3782c76d6273362080cf.tar.gz freeipa-2cf0f0a658ba3151596e3782c76d6273362080cf.tar.xz freeipa-2cf0f0a658ba3151596e3782c76d6273362080cf.zip |
Fail if certmonger can't see new CA certificate in LDAP in ipa-cacert-manage
This should not normally happen, but if it does, report an error instead of
waiting idefinitely for the certificate to appear.
https://fedorahosted.org/freeipa/ticket/4629
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/ipa_cacert_manage.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py index a521e3965..2a8d95fdb 100644 --- a/ipaserver/install/ipa_cacert_manage.py +++ b/ipaserver/install/ipa_cacert_manage.py @@ -297,7 +297,8 @@ class CACertManage(admintool.AdminTool): raise admintool.ScriptError( "Resubmitting certmonger request '%s' timed out, " "please check the request manually" % self.request_id) - if state != 'MONITORING': + ca_error = certmonger.get_request_value(self.request_id, 'ca-error') + if state != 'MONITORING' or ca_error: raise admintool.ScriptError( "Error resubmitting certmonger request '%s', " "please check the request manually" % self.request_id) |