[Freeipa-devel] [PATCH] 0180 Check SSH connection in ipa-replica-conncheck
Petr Viktorin
pviktori at redhat.com
Fri Feb 15 16:40:45 UTC 2013
On 02/15/2013 04:38 PM, Rob Crittenden wrote:
> Petr Viktorin wrote:
>> ipa-replica-conncheck ran SSH in quiet mode, probably to suppress a
>> message about connecting to an unknown host. This made it hard to debug
>> connection errors.
>>
>> I didn't find a way to separate SSH output from the output of the called
>> command, I decided to try an additional SSH connection before calling
>> conncheck. SSH is set to verbose and if it fails the errors get printed
>> out. Also, the host is added to a temporary known_hosts file.
>> The second SSH is called without the -q flag so errors/warnings are not
>> lost even if the command fails. The temporary known_hosts file is used
>> so the unknown host warning doesn't appear here.
>>
>> https://fedorahosted.org/freeipa/ticket/3402
>
> The general procedure looks good, I don't think we should hardcode the
> path to ssh. ipautil.run() overrides the current environment so we
> should be able to safely run just 'ssh'.
>
> We eventually need a cross-platform way of locating system binaries.
>
> The hardcoded path to ipa-replica-conncheck is probably ok since we
> provide that binary ourselves.
>
> rob
Changed, thanks.
--
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0180-02-Check-SSH-connection-in-ipa-replica-conncheck.patch
Type: text/x-patch
Size: 3226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130215/37891502/attachment.bin>
More information about the Freeipa-devel
mailing list