Index: umc/python/setup/util.py =================================================================== --- umc/python/setup/util.py (revision 81101) +++ umc/python/setup/util.py (working copy) @@ -58,7 +58,6 @@ from univention.management.console.log import MODULE from univention.management.console.modules import UMC_Error from univention.lib.admember import lookup_adds_dc, check_connection, check_ad_account, do_time_sync, connectionFailed, failedADConnect, notDomainAdminInAD -from univention.lib.umc import Client, ConnectionError, HTTPError # FIXME: this triggers imports from univention-lib during build time test execution. # This in effect imports univention-ldap which is not an explicit dependency for @@ -1091,15 +1090,27 @@ if not fqdn_master: return False - try: - client = Client(fqdn_master, username, password) - result = client.umc_command('udm/license/info').result - except (HTTPError, ConnectionError) as exc: - raise UMC_Error(str(exc)) + # The to be joined server doesn't trust the self signed certificate yet. + # That means umc_command fails with an ssl error. + # Using univention-ssh to use umc_command on the master gets around that. + remote_python_command = ''' + "'from univention.lib.umc import Client; client = Client(\\"{fqdn_master}\\", \\"{username}\\", \\"{password}\\"); result = client.umc_command(\\"udm/license/info\\").result; print(bool(result.get(\\"keyID\\")));'" +'''.format(fqdn_master=fqdn_master, username=username, password=password) + with _temporary_password_file(password) as password_file: + try: + license_status = subprocess.check_output([ + 'univention-ssh', + password_file, + '%s@%s' % (username, fqdn_master), + 'python', + '-c', + remote_python_command + ]) + except subprocess.CalledProcessError: + raise UMC_Error("Can't check license on master") + return license_status == 'True\n' - return bool(result.get('keyID')) - def check_credentials_ad(nameserver, address, username, password): try: ad_domain_info = lookup_adds_dc(address, ucr={'nameserver1': nameserver})