Martin Kosek wrote:
On Fri, 2011-10-07 at 08:58 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Thu, 2011-10-06 at 22:59 -0400, Rob Crittenden wrote:
When installing with DNS we skip a few hostname checks on the assumption
that the DNS we are installing will cover things. We still need to
verify /etc/hosts and we do this with gethostbyname_ex() which returns
the primary name and all other names of the host. If the primary name
doesn't match (e.g. the shortname is defined first in /etc/hosts) or it
isn't resolvable at all then we error out.
This also prevents a chicken-and-egg error as several services need to
start before DNS is available so the hostname must be defined.
I see several problems with the patch. At first, it needs a rebase, I
reworked the exceptions raised in verify_fqdn in #1899.
Then, this patch would break several things:
1) Now, when we install a server with --setup-dns and the host is not
resolvable, we add a record to /etc/hosts ourselves, so that the user is
not obliged to hack /etc/hosts:
# ipa-server-install --setup-dns
Server host name [vm-050.idm.lab.bos.redhat.com]:
Warning: skipping DNS resolution of host vm-050.idm.lab.bos.redhat.com
The domain name has been calculated based on the host name.
Please confirm the domain name [idm.lab.bos.redhat.com]:
Unable to resolve IP address for host name
Please provide the IP address to be used for this host name: 10.16.78.50
Adding [10.16.78.50 vm-050.idm.lab.bos.redhat.com] to your /etc/hosts file<<<<<<
The IPA Master Server will be configured with
IP address: 10.16.78.50
Domain name: idm.lab.bos.redhat.com
Yes but the entry is added /etc/hosts at the very END of installation,
apparently too late for some things. We can alternately add this prior
to configuring anything else.
But we add the entry to /etc/hosts right in the beginning. After the
line marked with<<<<<< is printed. I double-checked it right now.
Ok, this is totally freaky then. See ticket
2) This will break ipa-replica-prepare. We cannot assume that only local
host names are passed to to verify_fqdn since it is also used to for new
replica hostname check in ipa-replica-prepare:
# ipa-replica-prepare vm-103.idm.lab.bos.redhat.com
Directory Manager (existing master) password:
The host name vm-103.idm.lab.bos.redhat.com is not resolvable. It must
appear in at least /etc/hosts.
Add the --ip-address argument to create a DNS entry.
We must be very cautious in this function, there was already a BZ from
RHEV-M guys which could be now broken:
Ok, perhaps it just needs to be pulled directly into ipa-server-install.
We do need some mechanism to check /etc/hosts to be sure that there
isn't an existing bad host entry.
Please check the patch I sent. I do one part in verify_fqdn and one part
in ipa-server-install when user gives us an address.
Freeipa-devel mailing list