[Freeipa-devel] [PATCH] 0180 Check SSH connection in ipa-replica-conncheck
Rob Crittenden
rcritten at redhat.com
Fri Feb 15 19:18:32 UTC 2013
Petr Viktorin wrote:
> On 02/15/2013 04:38 PM, Rob Crittenden wrote:
>> Petr Viktorin wrote:
>>> ipa-replica-conncheck ran SSH in quiet mode, probably to suppress a
>>> message about connecting to an unknown host. This made it hard to debug
>>> connection errors.
>>>
>>> I didn't find a way to separate SSH output from the output of the called
>>> command, I decided to try an additional SSH connection before calling
>>> conncheck. SSH is set to verbose and if it fails the errors get printed
>>> out. Also, the host is added to a temporary known_hosts file.
>>> The second SSH is called without the -q flag so errors/warnings are not
>>> lost even if the command fails. The temporary known_hosts file is used
>>> so the unknown host warning doesn't appear here.
>>>
>>> https://fedorahosted.org/freeipa/ticket/3402
>>
>> The general procedure looks good, I don't think we should hardcode the
>> path to ssh. ipautil.run() overrides the current environment so we
>> should be able to safely run just 'ssh'.
>>
>> We eventually need a cross-platform way of locating system binaries.
>>
>> The hardcoded path to ipa-replica-conncheck is probably ok since we
>> provide that binary ourselves.
>>
>> rob
>
> Changed, thanks.
>
Looks and works well. I just have one final question. Should remote_addr
and temp_known_hosts be passed in as args? They are basically globals
but it is obvious where they came from, so not really a NAK, just a
question.
rob
More information about the Freeipa-devel
mailing list