When installing with DNS we skip a few hostname checks on the assumption that the DNS we are installing will cover things. We still need to verify /etc/hosts and we do this with gethostbyname_ex() which returns the primary name and all other names of the host. If the primary name doesn't match (e.g. the shortname is defined first in /etc/hosts) or it isn't resolvable at all then we error out.

This also prevents a chicken-and-egg error as several services need to start before DNS is available so the hostname must be defined.

>From 61eca7977029bb9794d03b1498292d7f3569ddce Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Thu, 6 Oct 2011 17:11:58 -0400
Subject: [PATCH] Require hostname be resolveable and sane, even with

When installing with DNS we skip a bunch of checks because we assume
the DNS server itself will handle things. We still need to double-check
that /etc/hosts is sane (and configured).

 ipaserver/install/installutils.py |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index ac1e3f4..828c84f 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -142,6 +142,13 @@ def verify_fqdn(host_name, no_host_dns=False, system_name_check=True):
             print "Warning: The host name '%s' does not match the system host name '%s'." % (host_name, system_host_name)
             print "         Some services may not work properly."
+    try:
+        ex_name = socket.gethostbyname_ex(host_name)
+        if host_name != ex_name[0]:
+            raise RuntimeError("The host name %s does not match the primary host name %s" % (host_name, ex_name[0]))
+    except socket.gaierror:
+            raise RuntimeError("The host name %s is not resolvable. It must appear in at least /etc/hosts." % host_name)
     if no_host_dns:
         print "Warning: skipping DNS resolution of host", host_name

Freeipa-devel mailing list

Reply via email to