When installing with DNS we skip a few hostname checks on the assumption
that the DNS we are installing will cover things. We still need to
verify /etc/hosts and we do this with gethostbyname_ex() which returns
the primary name and all other names of the host. If the primary name
doesn't match (e.g. the shortname is defined first in /etc/hosts) or it
isn't resolvable at all then we error out.
This also prevents a chicken-and-egg error as several services need to
start before DNS is available so the hostname must be defined.
>From 61eca7977029bb9794d03b1498292d7f3569ddce Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Thu, 6 Oct 2011 17:11:58 -0400
Subject: [PATCH] Require hostname be resolveable and sane, even with
When installing with DNS we skip a bunch of checks because we assume
the DNS server itself will handle things. We still need to double-check
that /etc/hosts is sane (and configured).
ipaserver/install/installutils.py | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index ac1e3f4..828c84f 100644
@@ -142,6 +142,13 @@ def verify_fqdn(host_name, no_host_dns=False, system_name_check=True):
print "Warning: The host name '%s' does not match the system host name '%s'." % (host_name, system_host_name)
print " Some services may not work properly."
+ ex_name = socket.gethostbyname_ex(host_name)
+ if host_name != ex_name:
+ raise RuntimeError("The host name %s does not match the primary host name %s" % (host_name, ex_name))
+ except socket.gaierror:
+ raise RuntimeError("The host name %s is not resolvable. It must appear in at least /etc/hosts." % host_name)
print "Warning: skipping DNS resolution of host", host_name
Freeipa-devel mailing list