check for replica's KDC entry on master before requesting PKINIT cert

This prevents replication-based race conditions to break PKINIT certificate requests on replica installation. https://pagure.io/freeipa/issue/6739 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
author: Martin Babinsky <mbabinsk@redhat.com> 2017-03-15 14:03:19 +0100
committer: Martin Basti <mbasti@redhat.com> 2017-03-15 16:39:39 +0100
commit: b45629fc480e61464b402ac2fc52c6f9fc61df0e (patch)
tree: 8f2cd285f1795bf77627baf2b7ac82eb4742a298 /ipaserver/plugins/cert.py
parent: 8f4abf7bc1607fc44f528b8a443b69cb82269e69 (diff)
download: freeipa-b45629fc480e61464b402ac2fc52c6f9fc61df0e.tar.gz
freeipa-b45629fc480e61464b402ac2fc52c6f9fc61df0e.tar.xz
freeipa-b45629fc480e61464b402ac2fc52c6f9fc61df0e.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
index 47c10f343..9f9010760 100644
--- a/ipaserver/plugins/cert.py
+++ b/ipaserver/plugins/cert.py
@@ -229,9 +229,9 @@ def ca_kdc_check(api_instance, hostname):
             raise errors.NotFound()
 
     except errors.NotFound:
-        raise errors.ACIError(info=_(
-                "Host '%(hostname)s' is not an active KDC")
-                 % dict(hostname=hostname))
+        raise errors.ACIError(
+            info=_("Host '%(hostname)s' is not an active KDC")
+            % dict(hostname=hostname))
 
 
 def validate_certificate(value):
author	Martin Babinsky <mbabinsk@redhat.com>	2017-03-15 14:03:19 +0100
committer	Martin Basti <mbasti@redhat.com>	2017-03-15 16:39:39 +0100
commit	b45629fc480e61464b402ac2fc52c6f9fc61df0e (patch)
tree	8f2cd285f1795bf77627baf2b7ac82eb4742a298 /ipaserver/plugins/cert.py
parent	8f4abf7bc1607fc44f528b8a443b69cb82269e69 (diff)
download	freeipa-b45629fc480e61464b402ac2fc52c6f9fc61df0e.tar.gz freeipa-b45629fc480e61464b402ac2fc52c6f9fc61df0e.tar.xz freeipa-b45629fc480e61464b402ac2fc52c6f9fc61df0e.zip