https://fedorahosted.org/freeipa/ticket/5794
It requires my patch 441.2 Patches attached.
From e398581d1a681b8ef126c86951e35a5e0cb0e4d7 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 19 Apr 2016 18:36:32 +0200 Subject: [PATCH 1/5] Always set hostname This prevents cases when hostname on system is set inconsistently (transient and static hostname differs) and may cause IPA errors. This commit ensures that all hostnames are set properly. https://fedorahosted.org/freeipa/ticket/5794 --- client/ipa-client-install | 4 ++-- ipaplatform/base/paths.py | 2 +- ipaplatform/base/tasks.py | 12 ++++++++-- ipaplatform/redhat/tasks.py | 47 ++++++++++++++----------------------- ipapython/ipautil.py | 12 ---------- ipaserver/install/server/install.py | 23 +++++------------- 6 files changed, 36 insertions(+), 64 deletions(-) diff --git a/client/ipa-client-install b/client/ipa-client-install index c38843f85639a9118cd1a471709992690643d79a..05789439391d0b4c2b2871348fdcbff1b114f526 100755 --- a/client/ipa-client-install +++ b/client/ipa-client-install @@ -713,12 +713,12 @@ def uninstall(options, env): root_logger.warning( "Failed to disable automatic startup of the SSSD daemon: %s", e) + tasks.restore_hostname(fstore, statestore) + if fstore.has_files(): root_logger.info("Restoring client configuration files") - tasks.restore_network_configuration(fstore, statestore) fstore.restore_all_files() - ipautil.restore_hostname(statestore) unconfigure_nisdomain() nscd = services.knownservices.nscd diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 585a5d26ed32a5f60cdb5d28de05b6468d03baa6..62d9e703d191c7b06fe37c917c7d99f2da76cc05 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -25,7 +25,7 @@ This base platform module exports default filesystem paths. class BasePathNamespace(object): BASH = "/bin/bash" BIN_FALSE = "/bin/false" - BIN_HOSTNAME = "/bin/hostname" + BIN_HOSTNAMECTL = "/bin/hostnamectl" LS = "/bin/ls" SH = "/bin/sh" SYSTEMCTL = "/bin/systemctl" diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index f5fb2b155020c213769830dd48ccc3b36bbd9e64..7c30088631e31be3b0722894dc49839b72805f32 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -48,7 +48,7 @@ class BaseTaskNamespace(object): def backup_and_replace_hostname(self, fstore, statestore, hostname): """ Backs up the current hostname in the statestore (so that it can be - restored by the restore_network_configuration platform task). + restored by the restore_hostname platform task). Makes sure that new hostname (passed via hostname argument) is set as a new pemanent hostname for this host. @@ -106,7 +106,7 @@ class BaseTaskNamespace(object): return - def restore_network_configuration(self, fstore, statestore): + def restore_hostname(self, fstore, statestore): """ Restores the original hostname as backed up in the backup_and_replace_hostname platform task. @@ -237,6 +237,14 @@ class BaseTaskNamespace(object): """ return parse_version(version) + def set_hostname(self, hostname): + """ + Set hostname for the system + + No return value expected, raise CalledProcessError when error occurred + """ + return + def configure_httpd_service_ipa_conf(self): """Configure httpd service to work with IPA""" raise NotImplementedError() diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index 896f5d924abf84ced2863bcc4244a5a8495bc6fb..fe7527706116f40c979c95afcfd23d155af62ddc 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -26,11 +26,11 @@ system tasks. from __future__ import print_function import os -import stat import socket -import sys import base64 import shutil +import traceback + from cffi import FFI from ctypes.util import find_library from functools import total_ordering @@ -331,38 +331,31 @@ class RedHatTaskNamespace(BaseTaskNamespace): def backup_and_replace_hostname(self, fstore, statestore, hostname): old_hostname = socket.gethostname() try: - ipautil.run([paths.BIN_HOSTNAME, hostname]) + self.set_hostname(hostname) except ipautil.CalledProcessError as e: print(("Failed to set this machine hostname to " "%s (%s)." % (hostname, str(e))), file=sys.stderr) filepath = paths.ETC_HOSTNAME if os.path.exists(filepath): - # read old hostname - with open(filepath, 'r') as f: - for line in f.readlines(): - line = line.strip() - if not line or line.startswith('#'): - # skip comment or empty line - continue - old_hostname = line - break fstore.backup_file(filepath) - with open(filepath, 'w') as f: - f.write("%s\n" % hostname) - os.chmod(filepath, - stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) - os.chown(filepath, 0, 0) - self.restore_context(filepath) - # store old hostname statestore.backup_state('network', 'hostname', old_hostname) - def restore_network_configuration(self, fstore, statestore): + def restore_hostname(self, fstore, statestore): old_filepath = paths.SYSCONFIG_NETWORK old_hostname = statestore.get_state('network', 'hostname') - hostname_was_configured = False + + if old_hostname is not None: + try: + self.set_hostname(old_hostname) + except ipautil.CalledProcessError as e: + root_logger.debug(traceback.format_exc()) + root_logger.error( + "Failed to restore this machine hostname to %s (%s).", + old_hostname, e + ) if fstore.has_file(old_filepath): # This is Fedora >=18 instance that was upgraded from previous @@ -372,20 +365,11 @@ class RedHatTaskNamespace(BaseTaskNamespace): fstore.restore_file(old_filepath, old_filepath_restore) print("Deprecated configuration file '%s' was restored to '%s'" \ % (old_filepath, old_filepath_restore)) - hostname_was_configured = True filepath = paths.ETC_HOSTNAME if fstore.has_file(filepath): fstore.restore_file(filepath) - hostname_was_configured = True - if not hostname_was_configured and old_hostname: - # hostname was not configured before but was set by IPA. Delete - # /etc/hostname to restore previous configuration - try: - os.remove(filepath) - except OSError: - pass def set_selinux_booleans(self, required_settings, backup_func=None): def get_setsebool_args(changes): @@ -488,4 +472,7 @@ class RedHatTaskNamespace(BaseTaskNamespace): except OSError: pass + def set_hostname(self, hostname): + ipautil.run([paths.BIN_HOSTNAMECTL, 'set-hostname', hostname]) + tasks = RedHatTaskNamespace() diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index e595d80ca3b971ad2f0031972e9e58b5adff8e54..eef4d80200ee1b08d487904b52cd51c4919e5ca7 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -1475,18 +1475,6 @@ def dn_attribute_property(private_name): return property(getter, setter) -def restore_hostname(statestore): - """ - Restore hostname of a machine, if it was set before - """ - old_hostname = statestore.restore_state('network','hostname') - system_hostname = socket.gethostname() - if old_hostname is not None and old_hostname != system_hostname: - try: - run([paths.BIN_HOSTNAME, old_hostname]) - except CalledProcessError as e: - print("Failed to set this machine hostname back to %s: %s" % (old_hostname, str(e)), file=sys.stderr) - def posixify(string): """ Convert a string to a more strict alpha-numeric representation. diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index f01022c4c3a056513db47f70727aa48157a8c6f2..3c4a662dfbca188558a835236483a160f6ccc654 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -573,16 +573,6 @@ def install_check(installer): host_name = host_name.lower() root_logger.debug("will use host_name: %s\n" % host_name) - system_hostname = get_fqdn() - if host_name != system_hostname: - print(file=sys.stderr) - print(("Warning: hostname %s does not match system " - "hostname %s." % (host_name, system_hostname)), file=sys.stderr) - print(("System hostname will be updated during the " - "installation process"), file=sys.stderr) - print("to prevent service failures.", file=sys.stderr) - print(file=sys.stderr) - if not options.domain_name: domain_name = read_domain_name(host_name[host_name.find(".")+1:], not installer.interactive) @@ -827,10 +817,11 @@ def install(installer): print("Please wait until the prompt is returned.") print("") - system_hostname = get_fqdn() - if host_name != system_hostname: - # configure /etc/sysconfig/network to contain the custom hostname - tasks.backup_and_replace_hostname(fstore, sstore, host_name) + # configure /etc/sysconfig/network to contain the custom hostname + tasks.backup_and_replace_hostname(fstore, sstore, host_name) + + # set hostname (we need both transient and static) + tasks.set_hostname(host_name) if installer._update_hosts_file: update_hosts_file(ip_addresses, host_name, fstore) @@ -1212,7 +1203,7 @@ def uninstall(installer): custodiainstance.CustodiaInstance().uninstall() memcacheinstance.MemcacheInstance().uninstall() otpdinstance.OtpdInstance().uninstall() - tasks.restore_network_configuration(fstore, sstore) + tasks.restore_hostname(fstore, sstore) fstore.restore_all_files() try: os.remove(paths.ROOT_IPA_CACHE) @@ -1234,8 +1225,6 @@ def uninstall(installer): services.knownservices.ipa.disable() - ipautil.restore_hostname(sstore) - # remove upgrade state file sysupgrade.remove_upgrade_file() -- 2.5.5
From 7edeb0dba29c5c5d916ec85e6c40e71ca4a67afe Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 19 Apr 2016 18:44:59 +0200 Subject: [PATCH 2/5] Remove deprecated hostname restoration from Fedora18 This is not needed on new Fedora, because restore will not be effective. https://fedorahosted.org/freeipa/ticket/5794 --- client/ipa-client-install | 3 +-- ipaplatform/base/paths.py | 2 -- ipaplatform/redhat/tasks.py | 10 ---------- 3 files changed, 1 insertion(+), 14 deletions(-) diff --git a/client/ipa-client-install b/client/ipa-client-install index 05789439391d0b4c2b2871348fdcbff1b114f526..7f69027dae1828dac8780b3e9d9156c325deb85a 100755 --- a/client/ipa-client-install +++ b/client/ipa-client-install @@ -2502,9 +2502,8 @@ def install(options, env, fstore, statestore): cli_realm, paths.KRB5_KEYTAB)) if options.hostname and not options.on_master: - # configure /etc/sysconfig/network to contain the hostname we set. # skip this step when run by ipa-server-install as it always configures - # hostname if different from system hostname + # hostname tasks.backup_and_replace_hostname(fstore, statestore, options.hostname) ntp_srv_servers = [] diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 62d9e703d191c7b06fe37c917c7d99f2da76cc05..ca7eb6cf47b4442fa538a47c74846e13c25e02e8 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -118,8 +118,6 @@ class BasePathNamespace(object): SYSCONFIG_HTTPD = "/etc/sysconfig/httpd" SYSCONFIG_KRB5KDC_DIR = "/etc/sysconfig/krb5kdc" SYSCONFIG_NAMED = "/etc/sysconfig/named" - SYSCONFIG_NETWORK = "/etc/sysconfig/network" - SYSCONFIG_NETWORK_IPABKP = "/etc/sysconfig/network.ipabkp" SYSCONFIG_NFS = "/etc/sysconfig/nfs" SYSCONFIG_NTPD = "/etc/sysconfig/ntpd" SYSCONFIG_ODS = "/etc/sysconfig/ods" diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index fe7527706116f40c979c95afcfd23d155af62ddc..f7aafd015021477c16e9d78e0e841051369c5b11 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -344,7 +344,6 @@ class RedHatTaskNamespace(BaseTaskNamespace): statestore.backup_state('network', 'hostname', old_hostname) def restore_hostname(self, fstore, statestore): - old_filepath = paths.SYSCONFIG_NETWORK old_hostname = statestore.get_state('network', 'hostname') if old_hostname is not None: @@ -357,15 +356,6 @@ class RedHatTaskNamespace(BaseTaskNamespace): old_hostname, e ) - if fstore.has_file(old_filepath): - # This is Fedora >=18 instance that was upgraded from previous - # Fedora version which held network configuration - # in /etc/sysconfig/network - old_filepath_restore = paths.SYSCONFIG_NETWORK_IPABKP - fstore.restore_file(old_filepath, old_filepath_restore) - print("Deprecated configuration file '%s' was restored to '%s'" \ - % (old_filepath, old_filepath_restore)) - filepath = paths.ETC_HOSTNAME if fstore.has_file(filepath): fstore.restore_file(filepath) -- 2.5.5
From 152fa431476506c4fffcf7541e0c5cf9051c37fe Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 19 Apr 2016 18:46:15 +0200 Subject: [PATCH 3/5] Remove unused hostname variables https://fedorahosted.org/freeipa/ticket/5794 --- ipaserver/install/server/install.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index 3c4a662dfbca188558a835236483a160f6ccc654..5f5937b7341a9a0d1cd98537c99e4a614f528d41 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -152,8 +152,6 @@ def write_cache(options): def read_host_name(host_default, no_host_dns=False): - host_name = "" - print("Enter the fully qualified domain name of the computer") print("on which you're setting up server software. Using the form") print("<hostname>.<domainname>") @@ -555,7 +553,6 @@ def install_check(installer): # utilities just use the hostname as returned by getaddrinfo to set # up some of the standard entries - host_default = "" if options.host_name: host_default = options.host_name else: -- 2.5.5
From 59b61389703ce494644f88b98aa5e3596b3a2cc9 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 19 Apr 2016 18:47:25 +0200 Subject: [PATCH 4/5] Log errors from backup_and_replace hostname to logger Without logging errors to logger is hard to debug issue from logfile. https://fedorahosted.org/freeipa/ticket/5794 --- ipaplatform/redhat/tasks.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index f7aafd015021477c16e9d78e0e841051369c5b11..c2d65a0761747c5a3617b286b9829b2520e46e3a 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -333,8 +333,11 @@ class RedHatTaskNamespace(BaseTaskNamespace): try: self.set_hostname(hostname) except ipautil.CalledProcessError as e: - print(("Failed to set this machine hostname to " - "%s (%s)." % (hostname, str(e))), file=sys.stderr) + root_logger.debug(traceback.format_exc()) + root_logger.error( + "Failed to set this machine hostname to %s (%s).", + old_hostname, e + ) filepath = paths.ETC_HOSTNAME if os.path.exists(filepath): -- 2.5.5
From d67f183cf77f31940ab4722b91fc61617f6812d5 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 19 Apr 2016 18:52:21 +0200 Subject: [PATCH 5/5] Tasks: raise NotImplementedError for not implemented methods Is safer to raise error than trying to find what is wrong with method that is not correctly overriden The new method set_hostname has been added which should be overriden on other platforms. https://fedorahosted.org/freeipa/ticket/5794 --- ipaplatform/base/tasks.py | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index 7c30088631e31be3b0722894dc49839b72805f32..c6860ce47ad3d043f1561a690c401537f5e2fdb7 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -43,7 +43,7 @@ class BaseTaskNamespace(object): No return value expected. """ - return + raise NotImplementedError() def backup_and_replace_hostname(self, fstore, statestore, hostname): """ @@ -56,7 +56,7 @@ class BaseTaskNamespace(object): No return value expected. """ - return + raise NotImplementedError() def reload_systemwide_ca_store(self): """ @@ -65,7 +65,7 @@ class BaseTaskNamespace(object): Returns True if the operation succeeded, False otherwise. """ - return True + raise NotImplementedError() def insert_ca_certs_into_systemwide_ca_store(self, ca_certs): """ @@ -75,7 +75,7 @@ class BaseTaskNamespace(object): Returns True if the operation succeeded, False otherwise. """ - return True + raise NotImplementedError() def remove_ca_certs_from_systemwide_ca_store(self): """ @@ -85,7 +85,7 @@ class BaseTaskNamespace(object): Returns True if the operation succeeded, False otherwise. """ - return True + raise NotImplementedError() def get_svc_list_file(self): """ @@ -104,7 +104,7 @@ class BaseTaskNamespace(object): restorecon and rerunning the installation. """ - return + raise NotImplementedError() def restore_hostname(self, fstore, statestore): """ @@ -112,7 +112,7 @@ class BaseTaskNamespace(object): backup_and_replace_hostname platform task. """ - return + raise NotImplementedError() def restore_pre_ipa_client_configuration(self, fstore, statestore, was_sssd_installed, @@ -124,14 +124,14 @@ class BaseTaskNamespace(object): modify_pam_to_use_krb5 """ - return + raise NotImplementedError() def set_nisdomain(self, nisdomain): """ Sets the NIS domain name to 'nisdomain'. """ - return + raise NotImplementedError() def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore): """ @@ -141,14 +141,14 @@ class BaseTaskNamespace(object): Otherwise, configure pam and nsswitch to leverage pure LDAP. """ - return + raise NotImplementedError() def modify_pam_to_use_krb5(self, statestore): """ Configure pam stack to allow kerberos authentication. """ - return + raise NotImplementedError() def backup_auth_configuration(self, path): """ @@ -156,14 +156,14 @@ class BaseTaskNamespace(object): :param path: store the backup here. This will be passed to restore_auth_configuration as well. """ - return + raise NotImplementedError() def restore_auth_configuration(self, path): """ Restore backup of access control configuration. :param path: restore the backup from here. """ - return + raise NotImplementedError() def set_selinux_booleans(self, required_settings, backup_func=None): """Set the specified SELinux booleans @@ -182,7 +182,7 @@ class BaseTaskNamespace(object): an ipapython.errors.SetseboolError is raised. """ - return + raise NotImplementedError() def create_system_user(self, name, group, homedir, shell, uid=None, gid=None, comment=None, create_homedir=False): """Create a system user with a corresponding group""" @@ -243,7 +243,7 @@ class BaseTaskNamespace(object): No return value expected, raise CalledProcessError when error occurred """ - return + raise NotImplementedError() def configure_httpd_service_ipa_conf(self): """Configure httpd service to work with IPA""" -- 2.5.5
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
