From 1821fa0aabf12bc5d1de226e6937a7414680da5b Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Wed, 13 Feb 2013 08:25:11 -0500
Subject: [PATCH] Check SSH connection in ipa-replica-conncheck

Since it is not really possible to separate SSH errors from
errors of the called program, add a SSH check before
calling replica-conncheck on the master.

The check also adds the master to a temporary known_hosts file,
so suppressing SSH's warning about unknown host is no longer
necessary. If the "real" connection fails despite the check,
any SSH errors will be included in the output.

https://fedorahosted.org/freeipa/ticket/3402
---
 install/tools/ipa-replica-conncheck | 43 +++++++++++++++++++++++------
 1 file changed, 35 insertions(+), 8 deletions(-)

diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
index 8c96136d1..3b0b1d0e4 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -359,16 +359,43 @@ def main():
             if returncode != 0:
                 raise RuntimeError("Could not get ticket for master server: %s" % stderr)
 
+            print_info("Check SSH connection to remote master")
+
+            remote_addr = "%s@%s" % (user, options.master)
+            temp_known_hosts = tempfile.NamedTemporaryFile()
+
+            def run_ssh(command, verbose=False):
+                """Run given command on remote master over SSH
+
+                Return stdout, stderr, returncode
+                """
+                ssh_command = ['ssh']
+                if verbose:
+                    ssh_command.append('-v')
+                ssh_command += [
+                    '-o StrictHostKeychecking=no',
+                    '-o UserKnownHostsFile=%s' % temp_known_hosts.name,
+                    remote_addr, command
+                ]
+                return ipautil.run(
+                    ssh_command,
+                    env={'KRB5_CONFIG': KRB5_CONFIG,
+                         'KRB5CCNAME' : CCACHE_FILE},
+                    raiseonerr=False)
+
+            stdout, stderr, returncode = run_ssh('echo OK', verbose=True)
+
+            if returncode != 0:
+                print 'Could not SSH into remote host. Error output:'
+                for line in stderr.splitlines():
+                    print '    %s' % line
+                raise RuntimeError('Could not SSH to remote host.')
+
             print_info("Execute check on remote master")
 
-            stderr = ''
-            remote_addr = "%s@%s" % (user, options.master)
-            (stdout, stderr, returncode) = ipautil.run(['/usr/bin/ssh',
-                '-q', '-o StrictHostKeychecking=no',
-                '-o UserKnownHostsFile=/dev/null', remote_addr,
-                "/usr/sbin/ipa-replica-conncheck " + " ".join(remote_check_opts)],
-                env={'KRB5_CONFIG':KRB5_CONFIG, 'KRB5CCNAME' : CCACHE_FILE},
-                raiseonerr=False)
+            stdout, stderr, returncode = run_ssh(
+                "/usr/sbin/ipa-replica-conncheck " +
+                    " ".join(remote_check_opts))
 
             print_info(stdout)