[Freeipa-devel] [freeipa PR#545][synchronized] install_check: require IPv6 stack to be enabled
URL: https://github.com/freeipa/freeipa/pull/545 Author: tomaskrizek Title: #545: install_check: require IPv6 stack to be enabled Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/545/head:pr545 git checkout pr545 From c6da7b96e8a150d46a2975fc8cca407252b743f7 Mon Sep 17 00:00:00 2001 From: Tomas Krizek Date: Tue, 7 Mar 2017 13:54:41 +0100 Subject: [PATCH] server install: require IPv6 stack to be enabled Add checks to install and replica install to verify IPv6 stack is enabled. IPv6 is required by some IPA parts (AD, conncheck, ...). https://pagure.io/freeipa/issue/6608 --- ipaplatform/base/paths.py | 1 + ipaplatform/base/tasks.py | 5 + ipaplatform/redhat/tasks.py| 14 ++ ipaserver/install/server/install.py| 1 + ipaserver/install/server/replicainstall.py | 1 + 5 files changed, 22 insertions(+) diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index e4d4f2e..7f737d4 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -354,5 +354,6 @@ class BasePathNamespace(object): EXTERNAL_SCHEMA_DIR = '/usr/share/ipa/schema.d' GSSPROXY_CONF = '/etc/gssproxy/10-ipa.conf' KRB5CC_HTTPD = '/tmp/krb5cc-httpd' +IF_INET6 = '/proc/net/if_inet6' path_namespace = BasePathNamespace diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index 5806e75..9f91fef 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -103,6 +103,11 @@ def check_selinux_status(self): raise NotImplementedError() +def check_ipv6_stack_enabled(self): +"""Check whether IPv6 kernel module is loaded""" + +raise NotImplementedError() + def restore_hostname(self, fstore, statestore): """ Restores the original hostname as backed up in the diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index 8f9b39b..67cb021 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -141,6 +141,20 @@ def check_selinux_status(self, restorecon=paths.RESTORECON): 'Install the policycoreutils package and start ' 'the installation again.' % restorecon) +def check_ipv6_stack_enabled(self): +"""Checks whether IPv6 kernel module is loaded. + +Function checks if /proc/net/if_inet6 is present. If IPv6 stack is +enabled, it exists and contains the interfaces configuration. + +:raises: RuntimeError when IPv6 stack is disabled +""" +if not os.path.exists(paths.IF_INET6): +raise RuntimeError( +"IPv6 kernel module has to be enabled. If you do not wish to " +"use IPv6, please disable it on the interfaces in " +"sysctl.conf and enable the IPv6 kernel module.") + def restore_pre_ipa_client_configuration(self, fstore, statestore, was_sssd_installed, was_sssd_configured): diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index 1e6aad9..f17461b 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -305,6 +305,7 @@ def install_check(installer): external_ca_file = installer._external_ca_file http_ca_cert = installer._ca_cert +tasks.check_ipv6_stack_enabled() tasks.check_selinux_status() if options.master_password: diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 3757700..d7f0307 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -567,6 +567,7 @@ def check_remote_version(client, local_version): def common_check(no_ntp): +tasks.check_ipv6_stack_enabled() tasks.check_selinux_status() if is_ipa_configured(): -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [freeipa PR#545][synchronized] install_check: require IPv6 stack to be enabled
URL: https://github.com/freeipa/freeipa/pull/545 Author: tomaskrizek Title: #545: install_check: require IPv6 stack to be enabled Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/545/head:pr545 git checkout pr545 From 82068f1a2164c3c544ee21cb25b6a6c1f4856c03 Mon Sep 17 00:00:00 2001 From: Tomas Krizek Date: Tue, 7 Mar 2017 13:54:41 +0100 Subject: [PATCH] install_check: require IPv6 stack to be enabled Add checks to install and replica install to verify IPv6 stack is enabled. IPv6 is required by some IPA parts (AD, conncheck, ...). https://pagure.io/freeipa/issue/6608 --- ipaplatform/base/paths.py | 1 + ipaplatform/base/tasks.py | 5 + ipaplatform/redhat/tasks.py| 14 ++ ipaserver/install/server/install.py| 1 + ipaserver/install/server/replicainstall.py | 1 + 5 files changed, 22 insertions(+) diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index e4d4f2e..7f737d4 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -354,5 +354,6 @@ class BasePathNamespace(object): EXTERNAL_SCHEMA_DIR = '/usr/share/ipa/schema.d' GSSPROXY_CONF = '/etc/gssproxy/10-ipa.conf' KRB5CC_HTTPD = '/tmp/krb5cc-httpd' +IF_INET6 = '/proc/net/if_inet6' path_namespace = BasePathNamespace diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index 5806e75..9f91fef 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -103,6 +103,11 @@ def check_selinux_status(self): raise NotImplementedError() +def check_ipv6_stack_enabled(self): +"""Check whether IPv6 kernel module is loaded""" + +raise NotImplementedError() + def restore_hostname(self, fstore, statestore): """ Restores the original hostname as backed up in the diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index 8f9b39b..67cb021 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -141,6 +141,20 @@ def check_selinux_status(self, restorecon=paths.RESTORECON): 'Install the policycoreutils package and start ' 'the installation again.' % restorecon) +def check_ipv6_stack_enabled(self): +"""Checks whether IPv6 kernel module is loaded. + +Function checks if /proc/net/if_inet6 is present. If IPv6 stack is +enabled, it exists and contains the interfaces configuration. + +:raises: RuntimeError when IPv6 stack is disabled +""" +if not os.path.exists(paths.IF_INET6): +raise RuntimeError( +"IPv6 kernel module has to be enabled. If you do not wish to " +"use IPv6, please disable it on the interfaces in " +"sysctl.conf and enable the IPv6 kernel module.") + def restore_pre_ipa_client_configuration(self, fstore, statestore, was_sssd_installed, was_sssd_configured): diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index 1e6aad9..f17461b 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -305,6 +305,7 @@ def install_check(installer): external_ca_file = installer._external_ca_file http_ca_cert = installer._ca_cert +tasks.check_ipv6_stack_enabled() tasks.check_selinux_status() if options.master_password: diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 3757700..d7f0307 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -567,6 +567,7 @@ def check_remote_version(client, local_version): def common_check(no_ntp): +tasks.check_ipv6_stack_enabled() tasks.check_selinux_status() if is_ipa_configured(): -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code