URL: https://github.com/freeipa/freeipa/pull/4455 Author: rcritten Title: #4455: Set lookup_family_order = ipv6_first on IPv6-only clients Action: opened
PR body: """ Look at the IPs configured on the interface that the client connects to IPA with. If this interface has only IPv6 addresses configured the set the option lookup_family_order to ipv6_first. This will prefer IPv6 DNS names and will allow an IPv6-only client to be able to connect to a mixed IPv4/IPv6 IPA installation. https://pagure.io/freeipa/issue/8243 Signed-off-by: Rob Crittenden <rcrit...@redhat.com> **NOTE:** I'm being conservative here and not using ipv6_only. This is an attempt to ensure that things will continue to work if the underlying network changes int he future. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/4455/head:pr4455 git checkout pr4455
From e2bf2e55d55c3192778b1a1509783fde29d0c01d Mon Sep 17 00:00:00 2001 From: Rob Crittenden <rcrit...@redhat.com> Date: Wed, 25 Mar 2020 17:45:26 -0400 Subject: [PATCH] Set lookup_family_order = ipv6_first on IPv6-only clients Look at the IPs configured on the interface that the client connects to IPA with. If this interface has only IPv6 addresses configured the set the option lookup_family_order to ipv6_first. This will prefer IPv6 DNS names and will allow an IPv6-only client to be able to connect to a mixed IPv4/IPv6 IPA installation. https://pagure.io/freeipa/issue/8243 Signed-off-by: Rob Crittenden <rcrit...@redhat.com> --- ipaclient/install/client.py | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index 34b2d1a6e7..006cde0adf 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -956,6 +956,24 @@ def configure_sssd_conf( nss_service.set_option('memcache_timeout', 600) sssdconfig.save_service(nss_service) + family_order = None + try: + iface = get_server_connection_interface(cli_server[0]) + except RuntimeError as e: + logger.error("Cannot determine interface used to connect to " + "IPA. %s", e) + else: + try: + connect_ips = get_local_ipaddresses(iface) + except CalledProcessError as e: + logger.error("Cannot determine IP(s) used to connect to " + "IPA. %s", e) + else: + if all([ip.version == 6 for ip in connect_ips]): + family_order = 'ipv6_first' + if family_order: + domain.set_option('lookup_family_order', family_order) + domain.set_option('ipa_domain', cli_domain) domain.set_option('ipa_hostname', client_hostname) if cli_domain.lower() != cli_realm.lower():
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
