This patch replaces Rob's patch 791. --- When a new reverse zone was created in ipa-replica-prepare (this may happen when a new replica is from different subnet), the master DNS address was corrupted by invalid A/AAAA record. This caused problems for example in installing replica.
https://fedorahosted.org/freeipa/ticket/1223
>From 0434292b18c7bc5acf20715e49a13625289c6e76 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Fri, 27 May 2011 17:05:45 +0200 Subject: [PATCH] Fix reverse zone creation in ipa-replica-prepare When a new reverse zone was created in ipa-replica-prepare (this may happen when a new replica is from different subnet), the master DNS address was corrupted by invalid A/AAAA record. This caused problems for example in installing replica. https://fedorahosted.org/freeipa/ticket/1223 --- install/tools/ipa-dns-install | 32 +++++++------------------------- install/tools/ipa-replica-install | 17 +---------------- install/tools/ipa-replica-prepare | 4 +++- install/tools/ipa-server-install | 29 +++++++---------------------- ipaserver/install/bindinstance.py | 7 ++++--- ipaserver/install/installutils.py | 15 +++++++++++++++ 6 files changed, 37 insertions(+), 67 deletions(-) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index aac85bf230d006455c5f4289ec9f5fd997261d52..a763297678907effd0497517d6d1607ac1e5a2f3 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -62,31 +62,6 @@ def parse_options(): return safe_options, options -def resolve_host(host_name): - ip = None - try: - addrinfos = socket.getaddrinfo(host_name, None, - socket.AF_UNSPEC, socket.SOCK_DGRAM) - except: - print "Unable to lookup the IP address of the provided host" - return None - - for ai in addrinfos: - ip = ai[4][0] - if ip == "127.0.0.1" or ip == "::1": - print "The hostname resolves to the localhost address (127.0.0.1/::1)" - print "Please change your /etc/hosts file so that the hostname." - print "resolves to the ip address of your network interface." - print "" - print "Please fix your /etc/hosts file and restart the setup program." - print "" - sys.exit("Aborting installation.") - - if addrinfos: - ip = addrinfos[0][4][0] - - return ip - def main(): safe_options, options = parse_options() @@ -211,6 +186,13 @@ except KeyboardInterrupt: print "Installation cancelled." except RuntimeError, e: print str(e) +except HostnameLocalhost: + print "The hostname resolves to the localhost address (127.0.0.1/::1)" + print "Please change your /etc/hosts file so that the hostname" + print "resolves to the ip address of your network interface." + print "The KDC service does not listen on localhost" + print "" + print "Please fix your /etc/hosts file and restart the setup program" except Exception, e: message = "Unexpected error - see ipaserver-install.log for details:\n %s" % str(e) print message diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 49df7fef9aceb3dbf8dd1dfdd91dd03132798484..293a0a06c8e4ff608d8327135ea1b4e008ab4d33 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -30,6 +30,7 @@ from ipapython import ipautil from ipaserver.install import dsinstance, installutils, krbinstance, service from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs from ipaserver.install.replication import check_replication_plugin +from ipaserver.install.installutils import HostnameLocalhost, resolve_host from ipaserver.plugins.ldap2 import ldap2 from ipapython import version from ipalib import api, errors, util @@ -38,9 +39,6 @@ from ipapython import sysrestore CACERT="/etc/ipa/ca.crt" -class HostnameLocalhost(Exception): - pass - class ReplicaConfig: def __init__(self): self.realm_name = "" @@ -131,19 +129,6 @@ def get_host_name(no_host_dns): return hostname -def resolve_host(host_name): - try: - addrinfos = socket.getaddrinfo(host_name, None, - socket.AF_UNSPEC, socket.SOCK_STREAM) - for ai in addrinfos: - ip = ai[4][0] - if ip == "127.0.0.1" or ip == "::1": - raise HostnameLocalhost - - return addrinfos[0][4][0] - except: - return None - def set_owner(config, dir): pw = pwd.getpwnam(dsinstance.DS_USER) os.chown(dir, pw.pw_uid, pw.pw_gid) diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index e9122351f5236bef4e82a15d1ab47c896ff03554..a41ca5121cd451093af3ee7c9d7282e300df53ca 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -30,6 +30,7 @@ from ipapython import ipautil from ipaserver.install import bindinstance, dsinstance, installutils, certs from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_rr, add_ptr_rr from ipaserver.install.replication import check_replication_plugin, enable_replication_version_checking +from ipaserver.install.installutils import resolve_host from ipaserver.plugins.ldap2 import ldap2 from ipapython import version from ipalib import api, errors, util @@ -427,7 +428,8 @@ def main(): zone = add_zone(domain, nsaddr=options.ip_address) add_rr(zone, name, "A", options.ip_address) - add_reverse_zone(options.ip_address) + ns_ip_address = resolve_host(api.env.host) + add_reverse_zone(options.ip_address, ns_ip_address) add_ptr_rr(options.ip_address, replica_fqdn) try: diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 00b133464f43b4a246f9204cd1a27face066eada..3ad623e6186e264c06d19b9c444ee4d1acc56f96 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -28,7 +28,6 @@ import sys import os -import socket import errno import logging import grp @@ -303,27 +302,6 @@ def read_host_name(host_default,no_host_dns=False): break return host_name -def resolve_host(host_name): - ip = None - try: - addrinfos = socket.getaddrinfo(host_name, None, - socket.AF_UNSPEC, socket.SOCK_DGRAM) - for ai in addrinfos: - ip = ai[4][0] - if ip == "127.0.0.1" or ip == "::1": - print "The hostname resolves to the localhost address (127.0.0.1/::1)" - print "Please change your /etc/hosts file so that the hostname" - print "resolves to the ip address of your network interface." - print "The KDC service does not listen on localhost" - print "" - print "Please fix your /etc/hosts file and restart the setup program" - return None - - ip = addrinfos[0][4][0] - except: - print "Unable to lookup the IP address of the provided host" - return ip - def read_domain_name(domain_name, unattended): print "The domain name has been calculated based on the host name." print "" @@ -987,6 +965,13 @@ try: sys.exit(main()) except SystemExit, e: sys.exit(e) + except HostnameLocalhost: + print "The hostname resolves to the localhost address (127.0.0.1/::1)" + print "Please change your /etc/hosts file so that the hostname" + print "resolves to the ip address of your network interface." + print "The KDC service does not listen on localhost" + print "" + print "Please fix your /etc/hosts file and restart the setup program" except Exception, e: if uninstalling: message = "Unexpected error - see ipaserver-uninstall.log for details:\n %s" % str(e) diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 3208688926a462f48b03d67d046c4e8b8c30cb4e..fa27451703d39b7d9607066fb1901fd58c1c9ee9 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -138,7 +138,7 @@ def add_zone(name, zonemgr=None, dns_backup=None, nsaddr=None, update_policy=Non add_rr(name, "@", "NS", api.env.host+'.', dns_backup, force=True) return name -def add_reverse_zone(ip_address, update_policy=None, dns_backup=None): +def add_reverse_zone(ip_address, ns_ip_address, update_policy=None, dns_backup=None): zone, name = get_reverse_zone(ip_address) if not update_policy: update_policy = "grant %s krb5-subdomain %s. PTR;" % (api.env.realm, zone) @@ -146,7 +146,7 @@ def add_reverse_zone(ip_address, update_policy=None, dns_backup=None): api.Command.dnszone_add(unicode(zone), idnssoamname=unicode(api.env.host+"."), idnsallowdynupdate=True, - ip_address=unicode(ip_address), + ip_address=unicode(ns_ip_address), idnsupdatepolicy=unicode(update_policy)) except (errors.DuplicateEntry, errors.EmptyModlist): pass @@ -394,7 +394,8 @@ class BindInstance(service.Service): add_ptr_rr(self.ip_address, self.fqdn) def __setup_reverse_zone(self): - add_reverse_zone(self.ip_address, dns_backup=self.dns_backup) + add_reverse_zone(self.ip_address, self.ip_address, + dns_backup=self.dns_backup) def __setup_principal(self): dns_principal = "DNS/" + self.fqdn + "@" + self.realm diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 3868c4d04706bc472c9a296dcc1bb55a4cc52169..554e9b1cbe94af12fbf39d65c6d202994ed5d2fd 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -33,6 +33,9 @@ import time from ipapython import ipautil from ipapython import dnsclient +class HostnameLocalhost(Exception): + pass + def get_fqdn(): fqdn = "" try: @@ -421,3 +424,15 @@ def wait_for_open_ports(host, ports, timeout=0): else: raise e +def resolve_host(host_name): + try: + addrinfos = socket.getaddrinfo(host_name, None, + socket.AF_UNSPEC, socket.SOCK_STREAM) + for ai in addrinfos: + ip = ai[4][0] + if ip == "127.0.0.1" or ip == "::1": + raise HostnameLocalhost("The hostname resolves to the localhost address") + + return addrinfos[0][4][0] + except: + return None -- 1.7.5.1
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel