Martin Kosek wrote:
On Fri, 2011-10-07 at 08:58 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Thu, 2011-10-06 at 22:59 -0400, Rob Crittenden wrote:
When installing with DNS we skip a few hostname checks on the assumption
that the DNS we are installing will cover things. We still need to
verify /etc/hosts and we do this with gethostbyname_ex() which returns
the primary name and all other names of the host. If the primary name
doesn't match (e.g. the shortname is defined first in /etc/hosts) or it
isn't resolvable at all then we error out.

This also prevents a chicken-and-egg error as several services need to
start before DNS is available so the hostname must be defined.


I see several problems with the patch. At first, it needs a rebase, I
reworked the exceptions raised in verify_fqdn in #1899.

Then, this patch would break several things:

1) Now, when we install a server with --setup-dns and the host is not
resolvable, we add a record to /etc/hosts ourselves, so that the user is
not obliged to hack /etc/hosts:

# ipa-server-install --setup-dns
Server host name []:

Warning: skipping DNS resolution of host
The domain name has been calculated based on the host name.

Please confirm the domain name []:

Unable to resolve IP address for host name
Please provide the IP address to be used for this host name:
Adding [] to your /etc/hosts file<<<<<<
The IPA Master Server will be configured with
IP address:
Domain name:

Yes but the entry is added /etc/hosts at the very END of installation,
apparently too late for some things. We can alternately add this prior
to configuring anything else.

But we add the entry to /etc/hosts right in the beginning. After the
line marked with<<<<<<  is printed. I double-checked it right now.

Ok, this is totally freaky then. See ticket

2) This will break ipa-replica-prepare. We cannot assume that only local
host names are passed to to verify_fqdn since it is also used to for new
replica hostname check in ipa-replica-prepare:

# ipa-replica-prepare
Directory Manager (existing master) password:

The host name is not resolvable. It must
appear in at least /etc/hosts.
Add the --ip-address argument to create a DNS entry.

We must be very cautious in this function, there was already a BZ from
RHEV-M guys which could be now broken:


Ok, perhaps it just needs to be pulled directly into ipa-server-install.
We do need some mechanism to check /etc/hosts to be sure that there
isn't an existing bad host entry.


Please check the patch I sent. I do one part in verify_fqdn and one part
in ipa-server-install when user gives us an address.


Freeipa-devel mailing list

Reply via email to