[Freeipa-devel] [PATCH] 888 always verify hostname
Martin Kosek
mkosek at redhat.com
Fri Oct 7 09:25:27 UTC 2011
On Thu, 2011-10-06 at 22:59 -0400, Rob Crittenden wrote:
> When installing with DNS we skip a few hostname checks on the assumption
> that the DNS we are installing will cover things. We still need to
> verify /etc/hosts and we do this with gethostbyname_ex() which returns
> the primary name and all other names of the host. If the primary name
> doesn't match (e.g. the shortname is defined first in /etc/hosts) or it
> isn't resolvable at all then we error out.
>
> This also prevents a chicken-and-egg error as several services need to
> start before DNS is available so the hostname must be defined.
>
> rob
I see several problems with the patch. At first, it needs a rebase, I
reworked the exceptions raised in verify_fqdn in #1899.
Then, this patch would break several things:
1) Now, when we install a server with --setup-dns and the host is not
resolvable, we add a record to /etc/hosts ourselves, so that the user is
not obliged to hack /etc/hosts:
# ipa-server-install --setup-dns
...
Server host name [vm-050.idm.lab.bos.redhat.com]:
Warning: skipping DNS resolution of host vm-050.idm.lab.bos.redhat.com
The domain name has been calculated based on the host name.
Please confirm the domain name [idm.lab.bos.redhat.com]:
Unable to resolve IP address for host name
Please provide the IP address to be used for this host name: 10.16.78.50
Adding [10.16.78.50 vm-050.idm.lab.bos.redhat.com] to your /etc/hosts file <<<<<<
The IPA Master Server will be configured with
Hostname: vm-050.idm.lab.bos.redhat.com
IP address: 10.16.78.50
Domain name: idm.lab.bos.redhat.com
2) This will break ipa-replica-prepare. We cannot assume that only local
host names are passed to to verify_fqdn since it is also used to for new
replica hostname check in ipa-replica-prepare:
# ipa-replica-prepare vm-103.idm.lab.bos.redhat.com
Directory Manager (existing master) password:
The host name vm-103.idm.lab.bos.redhat.com is not resolvable. It must
appear in at least /etc/hosts.
Add the --ip-address argument to create a DNS entry.
We must be very cautious in this function, there was already a BZ from
RHEV-M guys which could be now broken:
https://bugzilla.redhat.com/show_bug.cgi?id=729357
Martin
More information about the Freeipa-devel
mailing list