[Freeipa-devel] [PATCH] 146 ipa-client-install hangs if the discovered server is
Rob Crittenden
rcritten at redhat.com
Wed Oct 12 21:59:24 UTC 2011
Martin Kosek wrote:
> On Wed, 2011-10-12 at 09:31 -0400, Simo Sorce wrote:
>> On Wed, 2011-10-12 at 15:03 +0200, Martin Kosek wrote:
>>> On Wed, 2011-10-12 at 08:52 -0400, Rob Crittenden wrote:
>>>> Martin Kosek wrote:
>>>>> For starters I added a 15 second timeout and 2 tries. These numbers are
>>>>> arbitrary, I am open to suggestions.
>>>>>
>>>>> Martin
>>>>>
>>>>> ---
>>>>> Add a timeout to the wget call to cover a case when autodiscovered
>>>>> server does not response to our attempt to download ca.crt. Let
>>>>> user specify a different IPA server in that case.
>>>>>
>>>>> https://fedorahosted.org/freeipa/ticket/1960
>>>>
>>>> There is a wget call in ipa-client-install as well, should a timeout be
>>>> added there?
>>>>
>>>> rob
>>>>
>>>
>>> This wget is for the very same ca.crt that was already (successfully)
>>> retrieved when the server was being checked by ipadiscovery. Thus I
>>> don't think it is necessary.
>>
>> Shouldn't it be eliminated then ?
>> OR do we really need to dload the cert twice? Or did I misunderstand
>> your reply ?
>>
>> Simo.
>
> You understood correctly. We always try to download ca.crt during
> ipacheckldap() call. We clean up all temporary files downloaded during
> server verification in the end.
>
> When the user finally confirms and we start the actual client
> installation, then we download ca.crt to /etc/ipa/. I think that the
> current procedure is OK compared to additional code we would have to add
> to pass the ca.crt from ipacheckldap() and cover all possible cases.
> Please, open an enhancement ticket if you think otherwise.
>
> Martin
>
ACK, works fine.
pushed to master and ipa-2-1
More information about the Freeipa-devel
mailing list