Hello, I am working on ticket #1107 and I am looking for some ideas hot to deal with it.
The problem is that when we are installing a replica and have firewall on, the installation may fail or (even worse) hang. There question is how to deal with this situation since we cannot test if the ports are not blocked locally. It must be done from the remote master. I discussed this with Rob and I see two solutions here: 1) Don't complicate this and limit our user handholding (my favorite) - just tell him what ports he should open before proceeding with the installation. If he doesn't, the installation will fail later. The problem is when the installation hangs - its hard to detect. This is the easy way. 2) Implement and register a mod_wsgi application on a master server and let it test remotely if the ports on the replica are open. We would have to open and listen them in ipa-replica-install as we cannot tell if port is not-yet-opened or firewalled just from the network error code. If the application would report a firewalled port, we would throw an error in the ipa-replica-install. However, as Rob pointed out, it would open a possible security hole as we would basically behave as port scanner. Any opinions, suggestions, ideas on this? Thanks, Martin _______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel