diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-03-16 10:26:56 +0100 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-03-27 17:05:22 -0400 |
| commit | 159e848d85779e8fb3a9b2ed84490423014bf609 (patch) | |
| tree | 77b0f5e9e87ede56911293a8e4cfec397aa68718 /install | |
| parent | 96c5551aceb01f524302714b40547ae5050f675e (diff) | |
| download | freeipa-159e848d85779e8fb3a9b2ed84490423014bf609.tar.gz freeipa-159e848d85779e8fb3a9b2ed84490423014bf609.tar.xz freeipa-159e848d85779e8fb3a9b2ed84490423014bf609.zip | |
Tolerate UDP port failures in conncheck
UDP port checks in ipa-replica-conncheck are too strict. The entire
conncheck fails when UDP ports cannot be verified as open. However,
UDP protocol is unrealiable by its nature and the port can also not
be checked if there is an application already bound to it. This can
happen for example when ipa-replica-conncheck is run as a part of
ipa-ca-install and the replica services are thus already running.
This patch changes the behavior of UDP port checks. The conncheck
script now rather reports a warning that UDP port cannot be verified
but does not fail the entire test.
https://fedorahosted.org/freeipa/ticket/2514
Diffstat (limited to 'install')
| -rwxr-xr-x | install/tools/ipa-replica-conncheck | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index 23411a351..6ec3be2a9 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -241,18 +241,29 @@ def port_check(host, port_list): if not ip: raise RuntimeError("Port check failed! Unable to resolve host name '%s'" % host) - failed_ports = [] + ports_failed = [] + ports_udp_warning = [] # conncheck could not verify that port is open for port in port_list: if ipautil.host_port_open(host, port.port, port.port_type, socket_timeout=CONNECT_TIMEOUT): result = "OK" else: - failed_ports.append(port) - result = "FAILED" + if port.port_type == socket.SOCK_DGRAM: + ports_udp_warning.append(port) + result = "WARNING" + else: + ports_failed.append(port) + result = "FAILED" print_info(" %s (%d): %s" % (port.description, port.port, result)) - if failed_ports: + if ports_udp_warning: + print "The following UDP ports could not be verified as open: %s" \ + % ", ".join(str(port.port) for port in ports_udp_warning) + print "This can happen if they are already bound to an application" + print "and ipa-replica-conncheck cannot attach own UDP responder." + + if ports_failed: msg_ports = [] - for port in failed_ports: + for port in ports_failed: port_type_text = "TCP" if port.port_type == SOCK_STREAM else "UDP" msg_ports.append('%d (%s)' % (port.port, port_type_text)) raise RuntimeError("Port check failed! Inaccessible port(s): %s" \ |