[Freeipa-devel] [PATCH] 799 The IP address provided to ipa-server-install must be local
Rob Crittenden
rcritten at redhat.com
Tue Jun 21 17:14:17 UTC 2011
Martin Kosek wrote:
> On Thu, 2011-06-16 at 09:07 -0400, Rob Crittenden wrote:
>>> I think this is still not right. When you let match_local default to
>>> False, --ip-address option in ipa-server-install is checked with
>>> match_local=False and thus the check required by BZ isn't made.
>>
>> Yes but it is checked again later. Try it, enforcement happens.
>
> Yes.
>
>>
>>> Please check my patch 083 I sent this morning. It makes sure that IP
>>> address validation with CheckedIPAddress is run with correct parameters
>>> (i.e. match_local, parse_netmask). You may want to build your patch on
>>> top of this one.
>>>
>>> Should we be so strict and raise an exception when the IP address does
>>> not match any local interface? Maybe a warning would be enough.
>>> ipa-server-install will fail anyway few steps later in a scenario
>>> described in BZ.
>>
>> We should fail as soon as possible. By doing this before installation
>> starts they don't have to uninstall.
>>
>> rob
>
> In fact, if we apply your patch on top of my patch 083 it works just
> fine and --ip-address is checked against network interfaces in option
> parsing phase.
>
> So ACK from me if it is applied on top of my patch 083 (not reviewed
> yet).
>
> Martin
>
pushed to master
More information about the Freeipa-devel
mailing list