Issue #6522: ipa-replica-conncheck should check for open ports on all IPs resolved from hostname - freeipa

freeipa

#6522 ipa-replica-conncheck should check for open ports on all IPs resolved from hostname

Closed: Fixed None Opened 8 years ago by tkrizek.

If hostname is provided to ipa-replica-conncheck, the conncheck will resolve this hostname to an IP address and then check if ports are open. However, if the hostname resolves to multiple IPs, it is sufficient to have each port open on at least one of the IP adresses.

This can result in a weird behavior when some subset of ports are reachable on IPv4 and some other subset of ports are reachable only on IPv6.

I propose that if a hostname is provided to conncheck, ALL ports MUST be reachable on ALL IPs that are resolved from that hostname.

pspacek commented 8 years ago

I certainly support this. We have --skip-conncheck option in installers for super-special cases (I cannot think of any).

mbasti commented 8 years ago

master:

a24cd01 ipautil: check for open ports on all resolved IPs

Metadata Update from @tkrizek:
- Issue assigned to tkrizek
- Issue set to the milestone: FreeIPA 4.5

8 years ago

Metadata

Assignee

tkrizek

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.5

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

https://github.com/freeipa/freeipa/pull/284

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

tester

None

changelog

None

design

http://www.freeipa.org/page/V4/Replica_Conncheck

rhbz

todo

freeipa

Source Code

#6522 ipa-replica-conncheck should check for open ports on all IPs resolved from hostname Closed: Fixed None Opened 8 years ago by tkrizek.

Metadata

#6522 ipa-replica-conncheck should check for open ports on all IPs resolved from hostname

Closed: Fixed None Opened 8 years ago by tkrizek.