diff options
author | Petr Viktorin <pviktori@redhat.com> | 2013-02-13 08:25:11 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2013-02-19 17:04:10 -0500 |
commit | 1821fa0aabf12bc5d1de226e6937a7414680da5b (patch) | |
tree | c3c6691261f41bd05d61991408aa528f45dd24ab /install/tools | |
parent | 5b64cde92a84c2e8ad2f99fd139fa5d13598b096 (diff) | |
download | freeipa.git-1821fa0aabf12bc5d1de226e6937a7414680da5b.tar.gz freeipa.git-1821fa0aabf12bc5d1de226e6937a7414680da5b.tar.xz freeipa.git-1821fa0aabf12bc5d1de226e6937a7414680da5b.zip |
Check SSH connection in ipa-replica-conncheck
Since it is not really possible to separate SSH errors from
errors of the called program, add a SSH check before
calling replica-conncheck on the master.
The check also adds the master to a temporary known_hosts file,
so suppressing SSH's warning about unknown host is no longer
necessary. If the "real" connection fails despite the check,
any SSH errors will be included in the output.
https://fedorahosted.org/freeipa/ticket/3402
Diffstat (limited to 'install/tools')
-rwxr-xr-x | install/tools/ipa-replica-conncheck | 43 |
1 files changed, 35 insertions, 8 deletions
diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck index 8c96136d..3b0b1d0e 100755 --- a/install/tools/ipa-replica-conncheck +++ b/install/tools/ipa-replica-conncheck @@ -359,16 +359,43 @@ def main(): if returncode != 0: raise RuntimeError("Could not get ticket for master server: %s" % stderr) - print_info("Execute check on remote master") + print_info("Check SSH connection to remote master") - stderr = '' remote_addr = "%s@%s" % (user, options.master) - (stdout, stderr, returncode) = ipautil.run(['/usr/bin/ssh', - '-q', '-o StrictHostKeychecking=no', - '-o UserKnownHostsFile=/dev/null', remote_addr, - "/usr/sbin/ipa-replica-conncheck " + " ".join(remote_check_opts)], - env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME' : CCACHE_FILE}, - raiseonerr=False) + temp_known_hosts = tempfile.NamedTemporaryFile() + + def run_ssh(command, verbose=False): + """Run given command on remote master over SSH + + Return stdout, stderr, returncode + """ + ssh_command = ['ssh'] + if verbose: + ssh_command.append('-v') + ssh_command += [ + '-o StrictHostKeychecking=no', + '-o UserKnownHostsFile=%s' % temp_known_hosts.name, + remote_addr, command + ] + return ipautil.run( + ssh_command, + env={'KRB5_CONFIG': KRB5_CONFIG, + 'KRB5CCNAME' : CCACHE_FILE}, + raiseonerr=False) + + stdout, stderr, returncode = run_ssh('echo OK', verbose=True) + + if returncode != 0: + print 'Could not SSH into remote host. Error output:' + for line in stderr.splitlines(): + print ' %s' % line + raise RuntimeError('Could not SSH to remote host.') + + print_info("Execute check on remote master") + + stdout, stderr, returncode = run_ssh( + "/usr/sbin/ipa-replica-conncheck " + + " ".join(remote_check_opts)) print_info(stdout) |