On 10/04/2012 10:04 PM, Ade Lee wrote:
Attached is a patch to handle the ipa-replica-conncheck issue.  It
should be applied on top of your patch.

Essentially, the fix is as follows:
A. If the DS_PORT = 7389, then we pass --check-ca in the
ipa-replica-conncheck to be executed on the master.
a1. If the master is ipa 2.x, this will prompt a check for port 7389.
a2. If the master is ipa 3, this will default to dogtag_ds_port of 7389.

B. Else if DS_PORT = 389, then we pass nothing to the
ipa-replica-conncheck to be executed on the master.  This is because we
will be checking 389 in any case for the IPA DS check.

Ade

The code works, I got past the connection check, and now I'm getting the same internal server error with a clone from IPA 2.2 as with a clone from "3.0 upgraded from 2.2" (unknown object class "request").

However, since with this patch IPA will depend on Dogtag 10, install_constants.DS_PORT will always be 389, so case A will never happen. I think the two if-blocks that add the --check-ca can be dropped entirely.

Assuming that even a clone from an old instance will use the single DB,
conncheck's --dogtag-master-ds-port option is redundant: iff the server supports it, it uses port 389 which doesn't need re-checking.


0001-Allow-ipa-replica-conncheck-to-work-with-2.2-instanc.patch


 From a9cd4cb15e6c230e5690f3fa919fda9c5728ee10 Mon Sep 17 00:00:00 2001
From: Ade Lee<a...@redhat.com>
Date: Thu, 4 Oct 2012 15:55:29 -0400
Subject: [PATCH] Allow ipa-replica-conncheck to work with 2.2 instances

---
  install/tools/ipa-replica-conncheck | 15 +++++++--------
  1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/install/tools/ipa-replica-conncheck 
b/install/tools/ipa-replica-conncheck
index 
c9fb816be43d873a6ca79396e77270fd0d10aa12..498ef49e84e1dc8325b6fc2d850c8bffb9297e69
 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -282,7 +282,11 @@ def main():

      required_ports = BASE_PORTS
      if options.check_ca:
-        ca_port = CheckedPort(int(options.dogtag_master_ds_port), SOCK_STREAM,
+        port_val = 7389
+        if options.dogtag_master_ds_port:
+            port_val = int(options.dogtag_master_ds_port)
+
+        ca_port = CheckedPort(port_val, SOCK_STREAM,
                                "PKI-CA: Directory Service port")
          required_ports.extend([ca_port])

@@ -359,11 +363,8 @@ def main():
                  raise RuntimeError("Could not get ticket for master server: 
%s" % stderr)

              remote_check_opts = ['--replica %s' % options.hostname]
-            if options.check_ca:
+            if options.check_ca and dogtag.install_constants.DS_PORT == 7389:
                  remote_check_opts.append('--check-ca')
-                remote_check_opts.extend(["--dogtag-master-ds-port",
-                    str(dogtag.install_constants.DS_PORT)])
-

              print_info("Execute check on remote master")

@@ -387,10 +388,8 @@ def main():
              print_info("Please run the following command on remote master:")

              remote_check_opts = ['--replica %s' % options.hostname]
-            if options.check_ca:
+            if options.check_ca and dogtag.install_constants.DS_PORT == 7389:
                  remote_check_opts.append('--check-ca')
-                remote_check_opts.extend(["--dogtag-master-ds-port",
-                    str(dogtag.install_constants.DS_PORT)])

              print_info("/usr/sbin/ipa-replica-conncheck " + " 
".join(remote_check_opts))
              time.sleep(3600)
-- 1.7.12



--
PetrĀ³

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to