[Freeipa-devel] [PATCH] 799 The IP address provided to ipa-server-install must be local
Jan Cholasta
jcholast at redhat.com
Thu Jun 16 09:13:50 UTC 2011
On 15.6.2011 20:29, Rob Crittenden wrote:
> Rob Crittenden wrote:
>> Martin Kosek wrote:
>>> On Tue, 2011-06-14 at 08:56 -0400, Rob Crittenden wrote:
>>>> Martin Kosek wrote:
>>>>> On Mon, 2011-06-13 at 16:41 -0400, Rob Crittenden wrote:
>>>>>> Compare the configured interfaces with the supplied IP address and
>>>>>> optional netmask to determine if the interface is available.
>>>>>>
>>>>>> Note the subtle change when comparing addresses. We have two object
>>>>>> types, IPNetwork and IPAddress. We should only compare addresses
>>>>>> when we
>>>>>> don't have an IPNetwork otherwise we can end up comparing an
>>>>>> address to
>>>>>> an object with a netmask and get a bad result.
>>>>>>
>>>>>> https://fedorahosted.org/freeipa/ticket/1175
>>>>>
>>>>> NACK.
>>>>>
>>>>> 1) This breaks ipa-replica-prepare:
>>>>>
>>>>> # ipa-replica-prepare vm-046.idm.lab.bos.redhat.com
>>>>> --ip-address=10.16.78.46
>>>>> Usage: ipa-replica-prepare [options] FQDN (e.g. replica.example.com)
>>>>>
>>>>> ipa-replica-prepare: error: option --ip-address: invalid IP address
>>>>> 10.16.78.46: No network interface matches the provided IP address and
>>>>> netmask
>>>>>
>>>>> Actually, this is not your fault, we just don't use IP address
>>>>> checking
>>>>> in IPAOptionParser correctly. --ip-address option in
>>>>> ipa-replica-prepare
>>>>> has type "ipnet" which is validated by the CheckedIPAddress. As
>>>>> match_local defaults to True, your new exception is raised.
>>>>
>>>> Ok, but is 10.16.78.46 a configured network interface?
>>>
>>> It is an IP address of new replica, i.e. its not a local network
>>> interface address. As I written, the problem is in a type of
>>> --ip-address option in ipa-replica-prepare. You can check Honza's mail
>>> for implementation hint.
>>
>> Ah, prepare. I tested with an existing replica file...
>>
>> Well, I wonder if an easier fix would be to set match_local=False by
>> default and specifically ask to match_local when we want.
>
> Updated patch attached.
parse_ip_address and verify_ip_address still have match_local=True as
default - it probably should be changed for the sake of consistency.
The check for local IP address in parse_ip_address should be removed,
it's not needed anymore, because you check it in CheckedIPAddress.
>
> rob
>
>>
>>>
>>> Martin
>>>
>>>>
>>>>>
>>>>> I think we need 2 new option types for IPAOptionParser such as
>>>>> "iplocal"
>>>>> and "ipnetlocal" which would be used for --ip-address option in
>>>>> ipa-server-install or ipa-dns-install and which would use
>>>>> match_local=True. Current types "ip" and "ipnet" should use
>>>>> match_local=False.
>>>>>
>>>>> 2) CheckedIPAddress functionality (i.e. this fix) is neither in
>>>>> ipa-2-0
>>>>> stable branch nor in RHEL 6.1. But this should be OK since it is
>>>>> targeted for RHEL 6.2.
>>>>
>>>> Right, I wasn't planning on pushing this to 2.0.
>>>>
>>>> rob
>>>
>>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list