[Freeipa-devel] [PATCH] 799 The IP address provided to ipa-server-install must be local
Rob Crittenden
rcritten at redhat.com
Tue Jun 14 14:10:15 UTC 2011
Martin Kosek wrote:
> On Tue, 2011-06-14 at 08:56 -0400, Rob Crittenden wrote:
>> Martin Kosek wrote:
>>> On Mon, 2011-06-13 at 16:41 -0400, Rob Crittenden wrote:
>>>> Compare the configured interfaces with the supplied IP address and
>>>> optional netmask to determine if the interface is available.
>>>>
>>>> Note the subtle change when comparing addresses. We have two object
>>>> types, IPNetwork and IPAddress. We should only compare addresses when we
>>>> don't have an IPNetwork otherwise we can end up comparing an address to
>>>> an object with a netmask and get a bad result.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/1175
>>>
>>> NACK.
>>>
>>> 1) This breaks ipa-replica-prepare:
>>>
>>> # ipa-replica-prepare vm-046.idm.lab.bos.redhat.com
>>> --ip-address=10.16.78.46
>>> Usage: ipa-replica-prepare [options] FQDN (e.g. replica.example.com)
>>>
>>> ipa-replica-prepare: error: option --ip-address: invalid IP address
>>> 10.16.78.46: No network interface matches the provided IP address and
>>> netmask
>>>
>>> Actually, this is not your fault, we just don't use IP address checking
>>> in IPAOptionParser correctly. --ip-address option in ipa-replica-prepare
>>> has type "ipnet" which is validated by the CheckedIPAddress. As
>>> match_local defaults to True, your new exception is raised.
>>
>> Ok, but is 10.16.78.46 a configured network interface?
>
> It is an IP address of new replica, i.e. its not a local network
> interface address. As I written, the problem is in a type of
> --ip-address option in ipa-replica-prepare. You can check Honza's mail
> for implementation hint.
Ah, prepare. I tested with an existing replica file...
Well, I wonder if an easier fix would be to set match_local=False by
default and specifically ask to match_local when we want.
>
> Martin
>
>>
>>>
>>> I think we need 2 new option types for IPAOptionParser such as "iplocal"
>>> and "ipnetlocal" which would be used for --ip-address option in
>>> ipa-server-install or ipa-dns-install and which would use
>>> match_local=True. Current types "ip" and "ipnet" should use
>>> match_local=False.
>>>
>>> 2) CheckedIPAddress functionality (i.e. this fix) is neither in ipa-2-0
>>> stable branch nor in RHEL 6.1. But this should be OK since it is
>>> targeted for RHEL 6.2.
>>
>> Right, I wasn't planning on pushing this to 2.0.
>>
>> rob
>
>
More information about the Freeipa-devel
mailing list