mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 08:41:55 -06:00
Check SSH connection in ipa-replica-conncheck
Since it is not really possible to separate SSH errors from errors of the called program, add a SSH check before calling replica-conncheck on the master. The check also adds the master to a temporary known_hosts file, so suppressing SSH's warning about unknown host is no longer necessary. If the "real" connection fails despite the check, any SSH errors will be included in the output. https://fedorahosted.org/freeipa/ticket/3402
This commit is contained in:
parent
5b64cde92a
commit
1821fa0aab
@ -359,16 +359,43 @@ def main():
|
||||
if returncode != 0:
|
||||
raise RuntimeError("Could not get ticket for master server: %s" % stderr)
|
||||
|
||||
print_info("Check SSH connection to remote master")
|
||||
|
||||
remote_addr = "%s@%s" % (user, options.master)
|
||||
temp_known_hosts = tempfile.NamedTemporaryFile()
|
||||
|
||||
def run_ssh(command, verbose=False):
|
||||
"""Run given command on remote master over SSH
|
||||
|
||||
Return stdout, stderr, returncode
|
||||
"""
|
||||
ssh_command = ['ssh']
|
||||
if verbose:
|
||||
ssh_command.append('-v')
|
||||
ssh_command += [
|
||||
'-o StrictHostKeychecking=no',
|
||||
'-o UserKnownHostsFile=%s' % temp_known_hosts.name,
|
||||
remote_addr, command
|
||||
]
|
||||
return ipautil.run(
|
||||
ssh_command,
|
||||
env={'KRB5_CONFIG': KRB5_CONFIG,
|
||||
'KRB5CCNAME' : CCACHE_FILE},
|
||||
raiseonerr=False)
|
||||
|
||||
stdout, stderr, returncode = run_ssh('echo OK', verbose=True)
|
||||
|
||||
if returncode != 0:
|
||||
print 'Could not SSH into remote host. Error output:'
|
||||
for line in stderr.splitlines():
|
||||
print ' %s' % line
|
||||
raise RuntimeError('Could not SSH to remote host.')
|
||||
|
||||
print_info("Execute check on remote master")
|
||||
|
||||
stderr = ''
|
||||
remote_addr = "%s@%s" % (user, options.master)
|
||||
(stdout, stderr, returncode) = ipautil.run(['/usr/bin/ssh',
|
||||
'-q', '-o StrictHostKeychecking=no',
|
||||
'-o UserKnownHostsFile=/dev/null', remote_addr,
|
||||
"/usr/sbin/ipa-replica-conncheck " + " ".join(remote_check_opts)],
|
||||
env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME' : CCACHE_FILE},
|
||||
raiseonerr=False)
|
||||
stdout, stderr, returncode = run_ssh(
|
||||
"/usr/sbin/ipa-replica-conncheck " +
|
||||
" ".join(remote_check_opts))
|
||||
|
||||
print_info(stdout)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user