Petr Viktorin wrote:
On 02/15/2013 04:38 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
ipa-replica-conncheck ran SSH in quiet mode, probably to suppress a
message about connecting to an unknown host. This made it hard to debug
connection errors.
I didn't find a way to separate SSH output from the output of the called
command, I decided to try an additional SSH connection before calling
conncheck. SSH is set to verbose and if it fails the errors get printed
out. Also, the host is added to a temporary known_hosts file.
The second SSH is called without the -q flag so errors/warnings are not
lost even if the command fails. The temporary known_hosts file is used
so the unknown host warning doesn't appear here.
https://fedorahosted.org/freeipa/ticket/3402
The general procedure looks good, I don't think we should hardcode the
path to ssh. ipautil.run() overrides the current environment so we
should be able to safely run just 'ssh'.
We eventually need a cross-platform way of locating system binaries.
The hardcoded path to ipa-replica-conncheck is probably ok since we
provide that binary ourselves.
rob
Changed, thanks.
Looks and works well. I just have one final question. Should remote_addr
and temp_known_hosts be passed in as args? They are basically globals
but it is obvious where they came from, so not really a NAK, just a
question.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
