[Freeipa-devel] [PATCH] 799 The IP address provided to ipa-server-install must be local
Martin Kosek
mkosek at redhat.com
Thu Jun 16 16:18:05 UTC 2011
On Thu, 2011-06-16 at 09:07 -0400, Rob Crittenden wrote:
> > I think this is still not right. When you let match_local default to
> > False, --ip-address option in ipa-server-install is checked with
> > match_local=False and thus the check required by BZ isn't made.
>
> Yes but it is checked again later. Try it, enforcement happens.
Yes.
>
> > Please check my patch 083 I sent this morning. It makes sure that IP
> > address validation with CheckedIPAddress is run with correct parameters
> > (i.e. match_local, parse_netmask). You may want to build your patch on
> > top of this one.
> >
> > Should we be so strict and raise an exception when the IP address does
> > not match any local interface? Maybe a warning would be enough.
> > ipa-server-install will fail anyway few steps later in a scenario
> > described in BZ.
>
> We should fail as soon as possible. By doing this before installation
> starts they don't have to uninstall.
>
> rob
In fact, if we apply your patch on top of my patch 083 it works just
fine and --ip-address is checked against network interfaces in option
parsing phase.
So ACK from me if it is applied on top of my patch 083 (not reviewed
yet).
Martin
More information about the Freeipa-devel
mailing list