[Freeipa-devel] [PATCH] 068 Connection check program for replica installation
Martin Kosek
mkosek at redhat.com
Wed Jun 8 07:47:00 UTC 2011
On Tue, 2011-06-07 at 14:42 -0400, Rob Crittenden wrote:
> Rob Crittenden wrote:
> > Martin Kosek wrote:
> >> On Sat, 2011-05-28 at 10:13 +0200, Martin Kosek wrote:
> >>> On Sat, 2011-05-28 at 00:10 -0400, Rob Crittenden wrote:
> >>>> Martin Kosek wrote:
> >>>>> On Mon, 2011-05-23 at 16:41 -0400, Rob Crittenden wrote:
> >>>>>> Martin Kosek wrote:
> >>>>>>> This is a first version of connection checking program for replica
> >>>>>>> installation. See patch for program purpose description. Currently,
> >>>>>>> there is no man pages for the program.
> >>>>>>>
> >>>>>>> Note to Simo and Rob: I use password for logging as admin. Btw
> >>>>>>> would it
> >>>>>>> be safe to have an admin keytab in the replica file? Replica file
> >>>>>>> contents are lying freely in /tmp after the replica installation.
> >>>>>>>
> >>>>>>> Martin
> >>>>>>
> >>>>>> nack, you aren't including the new binary in the spec.
> >>>>>
> >>>>> Oh, thanks for this one.
> >>>>>
> >>>>>>
> >>>>>> You should also:
> >>>>>>
> >>>>>> - set KRB5CCNAME to a temporary ccache and remove that when the
> >>>>>> install
> >>>>>> exists (successful or not)
> >>>>>
> >>>>> Done.
> >>>>>
> >>>>>> - remove the temporary krb5.conf you create
> >>>>>
> >>>>> Done.
> >>>>>
> >>>>>> - be a bit more explicit what we are doing, at least more than "Run
> >>>>>> connection check to master".
> >>>>>
> >>>>> Actually, I am if you run the new script separately. I removed
> >>>>> "--quiet"
> >>>>> parameter passed to the script in ipa-replica-install so that it is
> >>>>> more
> >>>>> verbose. Plus, I improved texts sent to the user.
> >>>>>
> >>>>>> - yes, we should remove the replica file contents
> >>>>>
> >>>>> I enhanced ipa-replica-install to do that.
> >>>>>
> >>>>> Martin
> >>>>>
> >>>>
> >>>> Works great until the very end:
> >>>> ...
> >>>> ...
> >>>>
> >>>> Execute check on remote master
> >>>> Check connection from master to remote replica 'slinky.greyoak.com':
> >>>> Directory Service: unsecure port (389): FAILED
> >>>> Directory Service: secure port (636): FAILED
> >>>> Kerberos (88): OK
> >>>>
> >>>> Remote master check failed with following error message(s):
> >>>> Could not chdir to home directory /home/admin: No such file or
> >>>> directory
> >>>> Port check failed! Unaccessible port(s): 389, 636
> >>>>
> >>>> Connection check failed with following error: None
> >>>>
> >>>> rob
> >>>
> >>> Right, I introduced this wrong error message in the last patch. I fixed
> >>> this one and also one typo. Updated patch attached.
> >>>
> >>> Martin
> >>
> >> I created a man page for the new program. Please feel free to
> >> fix/propose a fix for any language errors that may be there.
> >>
> >> Missing records in Makefile.am for both man page and the new program
> >> have been added.
> >>
> >> Martin
> >
> > ack
> >
> > rob
>
> Oh, I forgot. Before you push can you clean up the trailing whitespace?
>
> rob
Pushed to master, whitespaces cleaned. I sent a heads up to QE team. It
is true that this patch can break replica installation test.
Martin
More information about the Freeipa-devel
mailing list