mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
241ee334de
When connection between a master machine and future replica is not
sane, the replica installation may fail unexpectedly with
inconvenient error messages. One common problem is misconfigured
firewall.
This patch adds a program ipa-replica-conncheck which tests the
connection using the following procedure:
1) Execute the on-replica check testing the connection to master
2) Open required ports on local machine
3) Ask user to run the on-master part of the check OR run it
automatically:
a) kinit to master as default admin user with given password
b) run the on-master part using ssh
4) When master part is executed, it checks connection back to
the replica and prints the check result
This program is run by ipa-replica-install as mandatory part. It
can, however, be skipped using --skip-conncheck option.
ipa-replica-install now requires password for admin user to run
the command on remote master.
https://fedorahosted.org/freeipa/ticket/1107
This is a set of libraries common to IPA clients and servers though mostly
geared currently towards command-line tools.
A brief overview:
config.py - identify the IPA server domain and realm. It uses dnsclient to
try to detect this information first and will fall back to
/etc/ipa/default.conf if that fails.
dnsclient.py - find IPA information via DNS
ipautil.py - helper functions
entity.py - entity is the main data type. User and Group extend this class
(but don't add anything currently).
ipavalidate.py - basic data validation routines