diff options
-rw-r--r-- | ipaserver/install/bindinstance.py | 7 | ||||
-rw-r--r-- | ipaserver/install/installutils.py | 20 | ||||
-rw-r--r-- | ipaserver/install/krbinstance.py | 3 |
3 files changed, 29 insertions, 1 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 613af5c91..c5ff76726 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -523,6 +523,9 @@ class BindInstance(service.Service): if installutils.record_in_hosts(self.ip_address, self.fqdn) is None: installutils.add_record_to_hosts(self.ip_address, self.fqdn) + # Make sure generate-rndc-key.sh runs before named restart + self.step("generating rndc key file", self.__generate_rndc_key) + if self.first_instance: self.step("adding DNS container", self.__setup_dns_container) @@ -820,6 +823,10 @@ class BindInstance(service.Service): except IOError as e: root_logger.error('Could not write to resolv.conf: %s', e) + def __generate_rndc_key(self): + installutils.check_entropy() + ipautil.run(['/usr/libexec/generate-rndc-key.sh']) + def add_master_dns_records(self, fqdn, ip_address, realm_name, domain_name, reverse_zone, ntp=False, ca_configured=None): self.fqdn = fqdn diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index daf81e890..7f15d3769 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -41,7 +41,7 @@ from ipalib.util import validate_hostname from ipapython import config from ipalib import errors from ipapython.dn import DN -from ipaserver.install import certs +from ipaserver.install import certs, service from ipapython import services as ipaservices # Used to determine install status @@ -846,3 +846,21 @@ def stopped_service(service, instance_name=""): finally: root_logger.debug('Starting %s%s.', service, log_instance_name) ipaservices.knownservices[service].start(instance_name) + +def check_entropy(): + ''' + Checks if the system has enough entropy, if not, displays warning message + ''' + try: + with open('/proc/sys/kernel/random/entropy_avail', 'r') as efname: + if int(efname.read()) < 200: + emsg = 'WARNING: Your system is running out of entropy, ' \ + 'you may experience long delays' + service.print_msg(emsg) + root_logger.debug(emsg) + except IOError as e: + root_logger.debug("Could not open /proc/sys/kernel/random/entropy_avail: %s" % \ + e) + except ValueError as e: + root_logger.debug("Invalid value in /proc/sys/kernel/random/entropy_avail %s" % \ + e) diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index caa70a447..1cfaf3732 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -326,6 +326,9 @@ class KrbInstance(service.Service): os.chmod(path, chmod) def __init_ipa_kdb(self): + # kdb5_util may take a very long time when entropy is low + installutils.check_entropy() + #populate the directory with the realm structure args = ["kdb5_util", "create", "-s", "-r", self.realm, |