On Fri, 2011-10-07 at 08:58 -0400, Rob Crittenden wrote: > Martin Kosek wrote: > > On Thu, 2011-10-06 at 22:59 -0400, Rob Crittenden wrote: > >> When installing with DNS we skip a few hostname checks on the assumption > >> that the DNS we are installing will cover things. We still need to > >> verify /etc/hosts and we do this with gethostbyname_ex() which returns > >> the primary name and all other names of the host. If the primary name > >> doesn't match (e.g. the shortname is defined first in /etc/hosts) or it > >> isn't resolvable at all then we error out. > >> > >> This also prevents a chicken-and-egg error as several services need to > >> start before DNS is available so the hostname must be defined. > >> > >> rob > > > > I see several problems with the patch. At first, it needs a rebase, I > > reworked the exceptions raised in verify_fqdn in #1899. > > > > Then, this patch would break several things: > > > > 1) Now, when we install a server with --setup-dns and the host is not > > resolvable, we add a record to /etc/hosts ourselves, so that the user is > > not obliged to hack /etc/hosts: > > > > # ipa-server-install --setup-dns > > ... > > Server host name [vm-050.idm.lab.bos.redhat.com]: > > > > Warning: skipping DNS resolution of host vm-050.idm.lab.bos.redhat.com > > The domain name has been calculated based on the host name. > > > > Please confirm the domain name [idm.lab.bos.redhat.com]: > > > > Unable to resolve IP address for host name > > Please provide the IP address to be used for this host name: 10.16.78.50 > > Adding [10.16.78.50 vm-050.idm.lab.bos.redhat.com] to your /etc/hosts > > file<<<<<< > > The IPA Master Server will be configured with > > Hostname: vm-050.idm.lab.bos.redhat.com > > IP address: 10.16.78.50 > > Domain name: idm.lab.bos.redhat.com > > Yes but the entry is added /etc/hosts at the very END of installation, > apparently too late for some things. We can alternately add this prior > to configuring anything else.
But we add the entry to /etc/hosts right in the beginning. After the line marked with <<<<<< is printed. I double-checked it right now. > > > > > > > 2) This will break ipa-replica-prepare. We cannot assume that only local > > host names are passed to to verify_fqdn since it is also used to for new > > replica hostname check in ipa-replica-prepare: > > > > # ipa-replica-prepare vm-103.idm.lab.bos.redhat.com > > Directory Manager (existing master) password: > > > > The host name vm-103.idm.lab.bos.redhat.com is not resolvable. It must > > appear in at least /etc/hosts. > > Add the --ip-address argument to create a DNS entry. > > > > We must be very cautious in this function, there was already a BZ from > > RHEV-M guys which could be now broken: > > > > https://bugzilla.redhat.com/show_bug.cgi?id=729357 > > > > Martin > > > > Ok, perhaps it just needs to be pulled directly into ipa-server-install. > We do need some mechanism to check /etc/hosts to be sure that there > isn't an existing bad host entry. > > rob Please check the patch I sent. I do one part in verify_fqdn and one part in ipa-server-install when user gives us an address. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
