<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 08/07/2013 09:57 PM, Nathaniel
McCallum wrote:<br>
</div>
<blockquote cite="mid:1375905430.13222.11.camel@localhost"
type="cite">
<pre wrap="">In the interest of getting ticket 3777 moving, I have created the
attached patch. It is *NOT* tested as I don't have a replica setup at
the moment and won't have time until after Flock. If someone else has a
replica setup and has a few minutes to burn, you are welcome to test the
patch.
Nathaniel
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Freeipa-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-devel">https://www.redhat.com/mailman/listinfo/freeipa-devel</a></pre>
</blockquote>
<br>
The replica installation fails with:<br>
<br>
Connection from replica to master is OK.<br>
Start listening on required ports for remote master check<br>
Get credentials to log in to remote master<br>
Check SSH connection to remote master<br>
Traceback (most recent call last):<br>
File "/usr/sbin/ipa-replica-conncheck", line 418, in
<module><br>
sys.exit(main())<br>
File "/usr/sbin/ipa-replica-conncheck", line 392, in main<br>
stdout, stderr, returncode = ssh('echo OK', verbose=True)<br>
File "/usr/sbin/ipa-replica-conncheck", line 70, in __call__<br>
return ipautil.run(cmd, env=env, raiseonerr=False)<br>
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line
303, in run<br>
close_fds=True, env=env, cwd=cwd)<br>
File "/usr/lib64/python2.7/subprocess.py", line 711, in __init__<br>
errread, errwrite)<br>
File "/usr/lib64/python2.7/subprocess.py", line 1308, in
_execute_child<br>
raise child_exception<br>
TypeError: execve() arg 3 must be a mapping object<br>
Connection check failed!<br>
Please fix your network settings according to error messages above.<br>
If the check results are not valid it can be skipped with
--skip-conncheck parameter.<br>
<br>
The culprit here is the comma after the definition of env:<br>
<br>
+ env = {'KRB5_CONFIG': KRB5_CONFIG, 'KRB5CCNAME':
CCACHE_FILE},<br>
+ return ipautil.run(cmd, env=env, raiseonerr=False)<br>
<br>
With that fixed the patch works as expected.<br>
<br>
I have addtitional minor comments:<br>
<br>
+class SshExec(object):<br>
+ def __init__(self, user, addr):<br>
+ self.user = user<br>
+ self.addr = addr<br>
+ self.cmd = <br>
+<br>
[...]<br>
<br>
The refactored way of calling commands using SSH is nice, so why
keep it<br>
hidden in ipa-replica-connecheck? I'd rather see this as part of
ipapython.ipautil.<br>
<br>
Also,<br>
<br>
+ def __call__(self, command, verbose=False):<br>
+ # Bail if ssh is not installed<br>
+ if self.cmd is None:<br>
+ print "WARNING: ssh not installed, skipping ssh test"<br>
<br>
The following message needs to be changed for allowing more generic
use-case.<br>
<br>
+ print "WARNING: ssh not installed, skipping"<br>
<br>
Should be sufficient.<br>
<br>
<pre class="moz-signature" cols="72">--
Tomas Babej
Associate Software Engeneer | Red Hat | Identity Management
RHCE | Brno Site | IRC: tbabej | freeipa.org</pre>
</body>
</html>