[Freeipa-devel] [PATCH] 0180 Check SSH connection in ipa-replica-conncheck
Rob Crittenden
rcritten at redhat.com
Fri Feb 15 15:38:35 UTC 2013
Petr Viktorin wrote:
> ipa-replica-conncheck ran SSH in quiet mode, probably to suppress a
> message about connecting to an unknown host. This made it hard to debug
> connection errors.
>
> I didn't find a way to separate SSH output from the output of the called
> command, I decided to try an additional SSH connection before calling
> conncheck. SSH is set to verbose and if it fails the errors get printed
> out. Also, the host is added to a temporary known_hosts file.
> The second SSH is called without the -q flag so errors/warnings are not
> lost even if the command fails. The temporary known_hosts file is used
> so the unknown host warning doesn't appear here.
>
> https://fedorahosted.org/freeipa/ticket/3402
The general procedure looks good, I don't think we should hardcode the
path to ssh. ipautil.run() overrides the current environment so we
should be able to safely run just 'ssh'.
We eventually need a cross-platform way of locating system binaries.
The hardcoded path to ipa-replica-conncheck is probably ok since we
provide that binary ourselves.
rob
More information about the Freeipa-devel
mailing list