freeipa.git/install/tools/ipa-replica-conncheck, branch platform FreeIPA project conncheck: Fix List of ports to check 2011-09-01T14:12:27+00:00 Simo Sorce ssorce@redhat.com 2011-08-31T18:07:56+00:00 a85dfd64bd18635d1bbe3cfb081d5ea1311c8d59 We need to check all Kerberos ports both TCP and UDP transports. Since we have the PKI proxy configuration all communication with the CA happens on the standard 80/443 ports so we need to check them always. We do not need to leave the old CA ports open. These ports are still used locally but not over the network. 
We need to check all Kerberos ports both TCP and UDP transports.

Since we have the PKI proxy configuration all communication with the CA happens
on the standard 80/443 ports so we need to check them always.
We do not need to leave the old CA ports open. These ports are still used
locally but not over the network.
Add port 9443 to replica port checking 2011-06-15T15:22:10+00:00 Martin Kosek mkosek@redhat.com 2011-06-15T12:13:14+00:00 08d1b6da1a3e35417e3dd5deb877a9bf20dfcc82 Port 9443 (Agent secure port on PKI-CA) was missing. Additionaly, checked port descriptions case consistency fixed. https://fedorahosted.org/freeipa/ticket/1321 
Port 9443 (Agent secure port on PKI-CA) was missing. Additionaly,
checked port descriptions case consistency fixed.

https://fedorahosted.org/freeipa/ticket/1321
Skip know_host check for ipa-replica-conncheck 2011-06-08T15:31:15+00:00 Martin Kosek mkosek@redhat.com 2011-06-08T12:33:31+00:00 ab098ada043d882b9c3503af8e5d9af3977ab84d When IPA replica is installed and the master machine record is not in ~/.ssh/known_hosts, ipa-replica-install will prompt user to answer a question about adding a host to this file. This has, however, a potential to break automatic tests. ipa-replica-conncheck should not require any further user interaction when all mandatory options are filled. https://fedorahosted.org/freeipa/ticket/1305 
When IPA replica is installed and the master machine record is not
in ~/.ssh/known_hosts, ipa-replica-install will prompt user to answer
a question about adding a host to this file.

This has, however, a potential to break automatic tests.
ipa-replica-conncheck should not require any further user interaction
when all mandatory options are filled.

https://fedorahosted.org/freeipa/ticket/1305
Connection check program for replica installation 2011-06-08T07:29:52+00:00 Martin Kosek mkosek@redhat.com 2011-05-22T17:17:07+00:00 241ee334defda108e22855331d5d9a14f261ce16 When connection between a master machine and future replica is not sane, the replica installation may fail unexpectedly with inconvenient error messages. One common problem is misconfigured firewall. This patch adds a program ipa-replica-conncheck which tests the connection using the following procedure: 1) Execute the on-replica check testing the connection to master 2) Open required ports on local machine 3) Ask user to run the on-master part of the check OR run it automatically: a) kinit to master as default admin user with given password b) run the on-master part using ssh 4) When master part is executed, it checks connection back to the replica and prints the check result This program is run by ipa-replica-install as mandatory part. It can, however, be skipped using --skip-conncheck option. ipa-replica-install now requires password for admin user to run the command on remote master. https://fedorahosted.org/freeipa/ticket/1107 
When connection between a master machine and future replica is not
sane, the replica installation may fail unexpectedly with
inconvenient error messages. One common problem is misconfigured
firewall.

This patch adds a program ipa-replica-conncheck which tests the
connection using the following procedure:

1) Execute the on-replica check testing the connection to master
2) Open required ports on local machine
3) Ask user to run the on-master part of the check OR run it
   automatically:
     a) kinit to master as default admin user with given password
     b) run the on-master part using ssh
4) When master part is executed, it checks connection back to
   the replica and prints the check result

This program is run by ipa-replica-install as mandatory part. It
can, however, be skipped using --skip-conncheck option.
ipa-replica-install now requires password for admin user to run
the command on remote master.

https://fedorahosted.org/freeipa/ticket/1107