[Freeipa-devel] [PATCH] 799 The IP address provided to ipa-server-install must be local
Rob Crittenden
rcritten at redhat.com
Wed Jun 15 18:29:59 UTC 2011
Rob Crittenden wrote:
> Martin Kosek wrote:
>> On Tue, 2011-06-14 at 08:56 -0400, Rob Crittenden wrote:
>>> Martin Kosek wrote:
>>>> On Mon, 2011-06-13 at 16:41 -0400, Rob Crittenden wrote:
>>>>> Compare the configured interfaces with the supplied IP address and
>>>>> optional netmask to determine if the interface is available.
>>>>>
>>>>> Note the subtle change when comparing addresses. We have two object
>>>>> types, IPNetwork and IPAddress. We should only compare addresses
>>>>> when we
>>>>> don't have an IPNetwork otherwise we can end up comparing an
>>>>> address to
>>>>> an object with a netmask and get a bad result.
>>>>>
>>>>> https://fedorahosted.org/freeipa/ticket/1175
>>>>
>>>> NACK.
>>>>
>>>> 1) This breaks ipa-replica-prepare:
>>>>
>>>> # ipa-replica-prepare vm-046.idm.lab.bos.redhat.com
>>>> --ip-address=10.16.78.46
>>>> Usage: ipa-replica-prepare [options] FQDN (e.g. replica.example.com)
>>>>
>>>> ipa-replica-prepare: error: option --ip-address: invalid IP address
>>>> 10.16.78.46: No network interface matches the provided IP address and
>>>> netmask
>>>>
>>>> Actually, this is not your fault, we just don't use IP address checking
>>>> in IPAOptionParser correctly. --ip-address option in
>>>> ipa-replica-prepare
>>>> has type "ipnet" which is validated by the CheckedIPAddress. As
>>>> match_local defaults to True, your new exception is raised.
>>>
>>> Ok, but is 10.16.78.46 a configured network interface?
>>
>> It is an IP address of new replica, i.e. its not a local network
>> interface address. As I written, the problem is in a type of
>> --ip-address option in ipa-replica-prepare. You can check Honza's mail
>> for implementation hint.
>
> Ah, prepare. I tested with an existing replica file...
>
> Well, I wonder if an easier fix would be to set match_local=False by
> default and specifically ask to match_local when we want.
Updated patch attached.
rob
>
>>
>> Martin
>>
>>>
>>>>
>>>> I think we need 2 new option types for IPAOptionParser such as
>>>> "iplocal"
>>>> and "ipnetlocal" which would be used for --ip-address option in
>>>> ipa-server-install or ipa-dns-install and which would use
>>>> match_local=True. Current types "ip" and "ipnet" should use
>>>> match_local=False.
>>>>
>>>> 2) CheckedIPAddress functionality (i.e. this fix) is neither in ipa-2-0
>>>> stable branch nor in RHEL 6.1. But this should be OK since it is
>>>> targeted for RHEL 6.2.
>>>
>>> Right, I wasn't planning on pushing this to 2.0.
>>>
>>> rob
>>
>>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-799-2-local.patch
Type: text/x-diff
Size: 2278 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110615/eaf6d599/attachment.bin>
More information about the Freeipa-devel
mailing list