On 10/02/2012 03:55 PM, Rob Crittenden wrote:
Tomas Babej wrote:
Hi,

When executing ipa-replica-manage connect to an unknown or irrelevant
master, we now print a sensible error message informing the user
about this possiblity as well.

https://fedorahosted.org/freeipa/ticket/3105

Tomas

I put a whole bunch of code into a try/except and this may be catching errors in unexpected ways.

I'm not entirely sure right now what we should do, but looking at the code in the try:

repl1.conn.getEntry(master1_dn, ldap.SCOPE_BASE)
repl1.conn.getEntry(master2_dn, ldap.SCOPE_BASE)

We take in replica1 and replica1 as arguments (the default for replica1 is the current host).

If either of these raise a NotFound it means there there is no master of that name. Does that mean that the master was deleted? Well, clearly not.

A lot has changed since I did this, I may have been relying on a side-effect, or just hadn't tested well-enough.

I wonder if we need that message at all. Is "foo" is not an IPA server good enough? It still might be confusing if someone didn't know that "foo" was deleted and it was still running. We could probably verify that it is at least an IPA server by doing similar checking in the client, it all depends on how far we want to take it.

rob

I modified the patch. Now if the NotFound error is encountered, we try to investigate whether we're trying to connect to an IPA server at all. Please see if you have any suggestions.

Tomas


>From 8bcd599a4fb2bb33f0592170df4a0f6b76d8aa2f Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Tue, 2 Oct 2012 09:15:33 -0400
Subject: [PATCH] IPA Server check in ipa-replica-manage

When executing ipa-replica-manage connect to an master that raises
NotFound error we now check if the master is at least IPA server.
If so, we inform the user that it is probably foreign or previously
deleted master. If not, we inform the user that the master is not
an IPA server at all.

https://fedorahosted.org/freeipa/ticket/3105
---
 install/tools/ipa-replica-manage | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 897d117681d3e1559d5710366101b50540b705c8..19c9fea3092be0da4c9fed2640183a1939141a59 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -33,6 +33,7 @@ from ipalib import api, errors, util
 from ipapython.ipa_log_manager import *
 from ipapython.dn import DN
 from ipapython.config import IPAOptionParser
+from ipaclient import ipadiscovery
 
 CACERT = "/etc/ipa/ca.crt"
 
@@ -709,7 +710,19 @@ def add_link(realm, replica1, replica2, dirman_passwd, options):
             repl2.conn.getEntry(master2_dn, ldap.SCOPE_BASE)
 
         except errors.NotFound:
-            sys.exit("You cannot connect to a previously deleted master")
+            ds = ipadiscovery.IPADiscovery()
+            ret = ds.search(server=replica2)
+
+            if ret == -4:  # not an IPA Server
+                sys.exit("Connection unsuccessful: %s is not an IPA Server." %
+                    replica2)
+            elif ret == 0:  # success
+                sys.exit("Connection unsuccessful: %s is an IPA Server, "
+                    "but it might be unknown, foreign or previously deleted "
+                    "one." % replica2)
+            else:
+                sys.exit("Connection unsuccessful.")
+
         repl1.setup_gssapi_replication(replica2, DN(('cn', 'Directory Manager')), dirman_passwd)
     print "Connected '%s' to '%s'" % (replica1, replica2)
 
-- 
1.7.11.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to