On 20.04.2016 17:49, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/5794 It requires my patch 441.2 Patches attached.
Rebased patches attached, 441 has been pushed Martin^2
From b3424c3453b62c2f02cb1b0fb4e9263853b6318b Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 19 Apr 2016 18:36:32 +0200 Subject: [PATCH 1/5] Always set hostname This prevents cases when hostname on system is set inconsistently (transient and static hostname differs) and may cause IPA errors. This commit ensures that all hostnames are set properly. https://fedorahosted.org/freeipa/ticket/5794 --- client/ipa-client-install | 4 ++-- ipaplatform/base/paths.py | 2 +- ipaplatform/base/tasks.py | 12 ++++++++-- ipaplatform/redhat/tasks.py | 47 ++++++++++++++----------------------- ipapython/ipautil.py | 12 ---------- ipaserver/install/server/install.py | 23 +++++------------- 6 files changed, 36 insertions(+), 64 deletions(-) diff --git a/client/ipa-client-install b/client/ipa-client-install index 0e6e65c4ad4ce01fe1257eee4bb2633a70c3de4e..e56890463b2fd9d4e05a0d24bf5a796fa83ab3d7 100755 --- a/client/ipa-client-install +++ b/client/ipa-client-install @@ -713,12 +713,12 @@ def uninstall(options, env): root_logger.warning( "Failed to disable automatic startup of the SSSD daemon: %s", e) + tasks.restore_hostname(fstore, statestore) + if fstore.has_files(): root_logger.info("Restoring client configuration files") - tasks.restore_network_configuration(fstore, statestore) fstore.restore_all_files() - ipautil.restore_hostname(statestore) unconfigure_nisdomain() nscd = services.knownservices.nscd diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 585a5d26ed32a5f60cdb5d28de05b6468d03baa6..62d9e703d191c7b06fe37c917c7d99f2da76cc05 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -25,7 +25,7 @@ This base platform module exports default filesystem paths. class BasePathNamespace(object): BASH = "/bin/bash" BIN_FALSE = "/bin/false" - BIN_HOSTNAME = "/bin/hostname" + BIN_HOSTNAMECTL = "/bin/hostnamectl" LS = "/bin/ls" SH = "/bin/sh" SYSTEMCTL = "/bin/systemctl" diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index f5fb2b155020c213769830dd48ccc3b36bbd9e64..7c30088631e31be3b0722894dc49839b72805f32 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -48,7 +48,7 @@ class BaseTaskNamespace(object): def backup_and_replace_hostname(self, fstore, statestore, hostname): """ Backs up the current hostname in the statestore (so that it can be - restored by the restore_network_configuration platform task). + restored by the restore_hostname platform task). Makes sure that new hostname (passed via hostname argument) is set as a new pemanent hostname for this host. @@ -106,7 +106,7 @@ class BaseTaskNamespace(object): return - def restore_network_configuration(self, fstore, statestore): + def restore_hostname(self, fstore, statestore): """ Restores the original hostname as backed up in the backup_and_replace_hostname platform task. @@ -237,6 +237,14 @@ class BaseTaskNamespace(object): """ return parse_version(version) + def set_hostname(self, hostname): + """ + Set hostname for the system + + No return value expected, raise CalledProcessError when error occurred + """ + return + def configure_httpd_service_ipa_conf(self): """Configure httpd service to work with IPA""" raise NotImplementedError() diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index 4be9a146e8fa1e78a454d92cba05484e7817f56d..2a110c9947942609dc38373d116a2e812f1ed539 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -26,10 +26,10 @@ system tasks. from __future__ import print_function import os -import stat import socket -import sys import base64 +import traceback + from cffi import FFI from ctypes.util import find_library from functools import total_ordering @@ -330,38 +330,31 @@ class RedHatTaskNamespace(BaseTaskNamespace): def backup_and_replace_hostname(self, fstore, statestore, hostname): old_hostname = socket.gethostname() try: - ipautil.run([paths.BIN_HOSTNAME, hostname]) + self.set_hostname(hostname) except ipautil.CalledProcessError as e: print(("Failed to set this machine hostname to " "%s (%s)." % (hostname, str(e))), file=sys.stderr) filepath = paths.ETC_HOSTNAME if os.path.exists(filepath): - # read old hostname - with open(filepath, 'r') as f: - for line in f.readlines(): - line = line.strip() - if not line or line.startswith('#'): - # skip comment or empty line - continue - old_hostname = line - break fstore.backup_file(filepath) - with open(filepath, 'w') as f: - f.write("%s\n" % hostname) - os.chmod(filepath, - stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) - os.chown(filepath, 0, 0) - self.restore_context(filepath) - # store old hostname statestore.backup_state('network', 'hostname', old_hostname) - def restore_network_configuration(self, fstore, statestore): + def restore_hostname(self, fstore, statestore): old_filepath = paths.SYSCONFIG_NETWORK old_hostname = statestore.get_state('network', 'hostname') - hostname_was_configured = False + + if old_hostname is not None: + try: + self.set_hostname(old_hostname) + except ipautil.CalledProcessError as e: + root_logger.debug(traceback.format_exc()) + root_logger.error( + "Failed to restore this machine hostname to %s (%s).", + old_hostname, e + ) if fstore.has_file(old_filepath): # This is Fedora >=18 instance that was upgraded from previous @@ -371,20 +364,11 @@ class RedHatTaskNamespace(BaseTaskNamespace): fstore.restore_file(old_filepath, old_filepath_restore) print("Deprecated configuration file '%s' was restored to '%s'" \ % (old_filepath, old_filepath_restore)) - hostname_was_configured = True filepath = paths.ETC_HOSTNAME if fstore.has_file(filepath): fstore.restore_file(filepath) - hostname_was_configured = True - if not hostname_was_configured and old_hostname: - # hostname was not configured before but was set by IPA. Delete - # /etc/hostname to restore previous configuration - try: - os.remove(filepath) - except OSError: - pass def set_selinux_booleans(self, required_settings, backup_func=None): def get_setsebool_args(changes): @@ -490,4 +474,7 @@ class RedHatTaskNamespace(BaseTaskNamespace): paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF, e ) + def set_hostname(self, hostname): + ipautil.run([paths.BIN_HOSTNAMECTL, 'set-hostname', hostname]) + tasks = RedHatTaskNamespace() diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index e595d80ca3b971ad2f0031972e9e58b5adff8e54..eef4d80200ee1b08d487904b52cd51c4919e5ca7 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -1475,18 +1475,6 @@ def dn_attribute_property(private_name): return property(getter, setter) -def restore_hostname(statestore): - """ - Restore hostname of a machine, if it was set before - """ - old_hostname = statestore.restore_state('network','hostname') - system_hostname = socket.gethostname() - if old_hostname is not None and old_hostname != system_hostname: - try: - run([paths.BIN_HOSTNAME, old_hostname]) - except CalledProcessError as e: - print("Failed to set this machine hostname back to %s: %s" % (old_hostname, str(e)), file=sys.stderr) - def posixify(string): """ Convert a string to a more strict alpha-numeric representation. diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index f01022c4c3a056513db47f70727aa48157a8c6f2..3c4a662dfbca188558a835236483a160f6ccc654 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -573,16 +573,6 @@ def install_check(installer): host_name = host_name.lower() root_logger.debug("will use host_name: %s\n" % host_name) - system_hostname = get_fqdn() - if host_name != system_hostname: - print(file=sys.stderr) - print(("Warning: hostname %s does not match system " - "hostname %s." % (host_name, system_hostname)), file=sys.stderr) - print(("System hostname will be updated during the " - "installation process"), file=sys.stderr) - print("to prevent service failures.", file=sys.stderr) - print(file=sys.stderr) - if not options.domain_name: domain_name = read_domain_name(host_name[host_name.find(".")+1:], not installer.interactive) @@ -827,10 +817,11 @@ def install(installer): print("Please wait until the prompt is returned.") print("") - system_hostname = get_fqdn() - if host_name != system_hostname: - # configure /etc/sysconfig/network to contain the custom hostname - tasks.backup_and_replace_hostname(fstore, sstore, host_name) + # configure /etc/sysconfig/network to contain the custom hostname + tasks.backup_and_replace_hostname(fstore, sstore, host_name) + + # set hostname (we need both transient and static) + tasks.set_hostname(host_name) if installer._update_hosts_file: update_hosts_file(ip_addresses, host_name, fstore) @@ -1212,7 +1203,7 @@ def uninstall(installer): custodiainstance.CustodiaInstance().uninstall() memcacheinstance.MemcacheInstance().uninstall() otpdinstance.OtpdInstance().uninstall() - tasks.restore_network_configuration(fstore, sstore) + tasks.restore_hostname(fstore, sstore) fstore.restore_all_files() try: os.remove(paths.ROOT_IPA_CACHE) @@ -1234,8 +1225,6 @@ def uninstall(installer): services.knownservices.ipa.disable() - ipautil.restore_hostname(sstore) - # remove upgrade state file sysupgrade.remove_upgrade_file() -- 2.5.5
From 5c38c58194cc1fd43949ab29d4dc8671a4830832 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 19 Apr 2016 18:44:59 +0200 Subject: [PATCH 2/5] Remove deprecated hostname restoration from Fedora18 This is not needed on new Fedora, because restore will not be effective. https://fedorahosted.org/freeipa/ticket/5794 --- client/ipa-client-install | 3 +-- ipaplatform/base/paths.py | 2 -- ipaplatform/redhat/tasks.py | 10 ---------- 3 files changed, 1 insertion(+), 14 deletions(-) diff --git a/client/ipa-client-install b/client/ipa-client-install index e56890463b2fd9d4e05a0d24bf5a796fa83ab3d7..cff3fbfcdee8690c9466ea339a362edfb151a11a 100755 --- a/client/ipa-client-install +++ b/client/ipa-client-install @@ -2502,9 +2502,8 @@ def install(options, env, fstore, statestore): cli_realm, paths.KRB5_KEYTAB)) if options.hostname and not options.on_master: - # configure /etc/sysconfig/network to contain the hostname we set. # skip this step when run by ipa-server-install as it always configures - # hostname if different from system hostname + # hostname tasks.backup_and_replace_hostname(fstore, statestore, options.hostname) ntp_srv_servers = [] diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 62d9e703d191c7b06fe37c917c7d99f2da76cc05..ca7eb6cf47b4442fa538a47c74846e13c25e02e8 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -118,8 +118,6 @@ class BasePathNamespace(object): SYSCONFIG_HTTPD = "/etc/sysconfig/httpd" SYSCONFIG_KRB5KDC_DIR = "/etc/sysconfig/krb5kdc" SYSCONFIG_NAMED = "/etc/sysconfig/named" - SYSCONFIG_NETWORK = "/etc/sysconfig/network" - SYSCONFIG_NETWORK_IPABKP = "/etc/sysconfig/network.ipabkp" SYSCONFIG_NFS = "/etc/sysconfig/nfs" SYSCONFIG_NTPD = "/etc/sysconfig/ntpd" SYSCONFIG_ODS = "/etc/sysconfig/ods" diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index 2a110c9947942609dc38373d116a2e812f1ed539..bc7a9e389ef157338424c6682b415b5a4dea3278 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -343,7 +343,6 @@ class RedHatTaskNamespace(BaseTaskNamespace): statestore.backup_state('network', 'hostname', old_hostname) def restore_hostname(self, fstore, statestore): - old_filepath = paths.SYSCONFIG_NETWORK old_hostname = statestore.get_state('network', 'hostname') if old_hostname is not None: @@ -356,15 +355,6 @@ class RedHatTaskNamespace(BaseTaskNamespace): old_hostname, e ) - if fstore.has_file(old_filepath): - # This is Fedora >=18 instance that was upgraded from previous - # Fedora version which held network configuration - # in /etc/sysconfig/network - old_filepath_restore = paths.SYSCONFIG_NETWORK_IPABKP - fstore.restore_file(old_filepath, old_filepath_restore) - print("Deprecated configuration file '%s' was restored to '%s'" \ - % (old_filepath, old_filepath_restore)) - filepath = paths.ETC_HOSTNAME if fstore.has_file(filepath): fstore.restore_file(filepath) -- 2.5.5
From b9312049db74d7f40c2f5d6dfaf3c714b40b083f Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 19 Apr 2016 18:46:15 +0200 Subject: [PATCH 3/5] Remove unused hostname variables https://fedorahosted.org/freeipa/ticket/5794 --- ipaserver/install/server/install.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index 3c4a662dfbca188558a835236483a160f6ccc654..5f5937b7341a9a0d1cd98537c99e4a614f528d41 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -152,8 +152,6 @@ def write_cache(options): def read_host_name(host_default, no_host_dns=False): - host_name = "" - print("Enter the fully qualified domain name of the computer") print("on which you're setting up server software. Using the form") print("<hostname>.<domainname>") @@ -555,7 +553,6 @@ def install_check(installer): # utilities just use the hostname as returned by getaddrinfo to set # up some of the standard entries - host_default = "" if options.host_name: host_default = options.host_name else: -- 2.5.5
From 31cbb32d6ae2edbc10f6df1081b6886e91748450 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 19 Apr 2016 18:47:25 +0200 Subject: [PATCH 4/5] Log errors from backup_and_replace hostname to logger Without logging errors to logger is hard to debug issue from logfile. https://fedorahosted.org/freeipa/ticket/5794 --- ipaplatform/redhat/tasks.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index bc7a9e389ef157338424c6682b415b5a4dea3278..ace29bd1c8bd471e4e2ddb20de34cc1c485b6743 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -332,8 +332,11 @@ class RedHatTaskNamespace(BaseTaskNamespace): try: self.set_hostname(hostname) except ipautil.CalledProcessError as e: - print(("Failed to set this machine hostname to " - "%s (%s)." % (hostname, str(e))), file=sys.stderr) + root_logger.debug(traceback.format_exc()) + root_logger.error( + "Failed to set this machine hostname to %s (%s).", + old_hostname, e + ) filepath = paths.ETC_HOSTNAME if os.path.exists(filepath): -- 2.5.5
From d9c5c8cc6895cbc060caee6833e71feb714bf60d Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Tue, 19 Apr 2016 18:52:21 +0200 Subject: [PATCH 5/5] Tasks: raise NotImplementedError for not implemented methods Is safer to raise error than trying to find what is wrong with method that is not correctly overriden The new method set_hostname has been added which should be overriden on other platforms. https://fedorahosted.org/freeipa/ticket/5794 --- ipaplatform/base/tasks.py | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index 7c30088631e31be3b0722894dc49839b72805f32..c6860ce47ad3d043f1561a690c401537f5e2fdb7 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -43,7 +43,7 @@ class BaseTaskNamespace(object): No return value expected. """ - return + raise NotImplementedError() def backup_and_replace_hostname(self, fstore, statestore, hostname): """ @@ -56,7 +56,7 @@ class BaseTaskNamespace(object): No return value expected. """ - return + raise NotImplementedError() def reload_systemwide_ca_store(self): """ @@ -65,7 +65,7 @@ class BaseTaskNamespace(object): Returns True if the operation succeeded, False otherwise. """ - return True + raise NotImplementedError() def insert_ca_certs_into_systemwide_ca_store(self, ca_certs): """ @@ -75,7 +75,7 @@ class BaseTaskNamespace(object): Returns True if the operation succeeded, False otherwise. """ - return True + raise NotImplementedError() def remove_ca_certs_from_systemwide_ca_store(self): """ @@ -85,7 +85,7 @@ class BaseTaskNamespace(object): Returns True if the operation succeeded, False otherwise. """ - return True + raise NotImplementedError() def get_svc_list_file(self): """ @@ -104,7 +104,7 @@ class BaseTaskNamespace(object): restorecon and rerunning the installation. """ - return + raise NotImplementedError() def restore_hostname(self, fstore, statestore): """ @@ -112,7 +112,7 @@ class BaseTaskNamespace(object): backup_and_replace_hostname platform task. """ - return + raise NotImplementedError() def restore_pre_ipa_client_configuration(self, fstore, statestore, was_sssd_installed, @@ -124,14 +124,14 @@ class BaseTaskNamespace(object): modify_pam_to_use_krb5 """ - return + raise NotImplementedError() def set_nisdomain(self, nisdomain): """ Sets the NIS domain name to 'nisdomain'. """ - return + raise NotImplementedError() def modify_nsswitch_pam_stack(self, sssd, mkhomedir, statestore): """ @@ -141,14 +141,14 @@ class BaseTaskNamespace(object): Otherwise, configure pam and nsswitch to leverage pure LDAP. """ - return + raise NotImplementedError() def modify_pam_to_use_krb5(self, statestore): """ Configure pam stack to allow kerberos authentication. """ - return + raise NotImplementedError() def backup_auth_configuration(self, path): """ @@ -156,14 +156,14 @@ class BaseTaskNamespace(object): :param path: store the backup here. This will be passed to restore_auth_configuration as well. """ - return + raise NotImplementedError() def restore_auth_configuration(self, path): """ Restore backup of access control configuration. :param path: restore the backup from here. """ - return + raise NotImplementedError() def set_selinux_booleans(self, required_settings, backup_func=None): """Set the specified SELinux booleans @@ -182,7 +182,7 @@ class BaseTaskNamespace(object): an ipapython.errors.SetseboolError is raised. """ - return + raise NotImplementedError() def create_system_user(self, name, group, homedir, shell, uid=None, gid=None, comment=None, create_homedir=False): """Create a system user with a corresponding group""" @@ -243,7 +243,7 @@ class BaseTaskNamespace(object): No return value expected, raise CalledProcessError when error occurred """ - return + raise NotImplementedError() def configure_httpd_service_ipa_conf(self): """Configure httpd service to work with IPA""" -- 2.5.5
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
