From 95f3ec5d7053a54a393daf1f7d9a93be9d8a64fe Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Wed, 4 Jan 2012 20:04:21 +0100 Subject: Let replicas install without DNS Let ipa-replica-prepare and ipa-replica-install work without proper DNS records as records in /etc/hosts are sufficient for DS replication. 1) ipa-replica-prepare now just checks if the replica hostname is resolvable (DNS records are not required). It is now able to prepare a replica file even when the replica IP address is present in /etc/hosts only. 2) ipa-replica-install is now able to proceed when the hostname is not resolvable. It uses an IP address passed in a new option --ip-address to create a record in /etc/hosts in the same way as ipa-server-install does. https://fedorahosted.org/freeipa/ticket/2139 --- install/tools/ipa-replica-install | 9 +++++ install/tools/ipa-replica-prepare | 6 ---- install/tools/ipa-server-install | 58 +-------------------------------- install/tools/man/ipa-replica-install.1 | 3 ++ install/tools/man/ipa-server-install.1 | 2 +- 5 files changed, 14 insertions(+), 64 deletions(-) (limited to 'install/tools') diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index ece60e16d..34c787b19 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -52,6 +52,9 @@ def parse_options(): basic_group = OptionGroup(parser, "basic options") basic_group.add_option("--setup-ca", dest="setup_ca", action="store_true", default=False, help="configure a dogtag CA") + basic_group.add_option("--ip-address", dest="ip_address", + type="ip", ip_local=True, + help="Replica server IP Address") basic_group.add_option("-p", "--password", dest="password", sensitive=True, help="Directory Manager (existing master) password") basic_group.add_option("-w", "--admin-password", dest="admin_password", sensitive=True, @@ -284,6 +287,9 @@ def main(): global sstore sstore = sysrestore.StateFile('/var/lib/ipa/sysrestore') + global fstore + fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') + # check the bind is installed if options.setup_dns: check_bind() @@ -334,6 +340,9 @@ def main(): if not options.skip_conncheck: replica_conn_check(config.master_host_name, config.host_name, config.realm_name, options.setup_ca, options.admin_password) + # check replica host IP resolution + ip = installutils.get_server_ip_address(config.host_name, fstore, True, options) + # Create the management framework config file # Note: We must do this before bootstraping and finalizing ipalib.api old_umask = os.umask(022) # must be readable for httpd diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index 269fe5f46..c54aa62b8 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -298,12 +298,6 @@ def main(): check_ipa_configuration(api.env.realm) - if not options.ip_address: - try: - api.Command['dns_resolve'](replica_fqdn.decode('utf-8')) - except errors.NotFound: - sys.exit("Neither an A nor AAAA record for host '%s' does not exist in DNS.\nUse the --ip-address option to add DNS entries for the replica." % replica_fqdn) - if api.env.host == replica_fqdn: print "You can't create a replica on itself" sys.exit(1) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 7a2e2aa1d..b91343850 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -730,65 +730,9 @@ def main(): domain_name = domain_name.lower() - # Check we have a public IP that is associated with the hostname - try: - hostaddr = resolve_host(host_name) - except HostnameLocalhost: - print >> sys.stderr, "The hostname resolves to the localhost address (127.0.0.1/::1)" - print >> sys.stderr, "Please change your /etc/hosts file so that the hostname" - print >> sys.stderr, "resolves to the ip address of your network interface." - print >> sys.stderr, "The KDC service does not listen on localhost" - print >> sys.stderr, "" - print >> sys.stderr, "Please fix your /etc/hosts file and restart the setup program" - sys.exit(1) - - ip_add_to_hosts = False - if hostaddr is not None: - ip = CheckedIPAddress(hostaddr, match_local=True) - else: - # hostname is not resolvable - ip = options.ip_address - ip_add_to_hosts = True - - if ip is None: - print "Unable to resolve IP address for host name" - if options.unattended: - sys.exit(1) - - if options.ip_address: - if options.ip_address != ip and not options.setup_dns: - print >>sys.stderr, "Error: the hostname resolves to an IP address that is different" - print >>sys.stderr, "from the one provided on the command line. Please fix your DNS" - print >>sys.stderr, "or /etc/hosts file and restart the installation." - return 1 - - ip = options.ip_address - - if ip is None: - ip = read_ip_address(host_name, fstore) - root_logger.debug("read ip_address: %s\n" % str(ip)) - + ip = get_server_ip_address(host_name, fstore, options.unattended, options) ip_address = str(ip) - # check /etc/hosts sanity, add a record when needed - hosts_record = record_in_hosts(ip_address) - - if hosts_record is None: - if ip_add_to_hosts: - print "Adding ["+ip_address+" "+host_name+"] to your /etc/hosts file" - fstore.backup_file("/etc/hosts") - add_record_to_hosts(ip_address, host_name) - else: - primary_host = hosts_record[1][0] - if primary_host != host_name: - print >>sys.stderr, "Error: there is already a record in /etc/hosts for IP address %s:" \ - % ip_address - print >>sys.stderr, hosts_record[0], " ".join(hosts_record[1]) - print >>sys.stderr, "Chosen hostname %s does not match configured canonical hostname %s" \ - % (host_name, primary_host) - print >>sys.stderr, "Please fix your /etc/hosts file and restart the installation." - return 1 - if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, ip): sys.exit(1) diff --git a/install/tools/man/ipa-replica-install.1 b/install/tools/man/ipa-replica-install.1 index c82b4a6b0..f8fa148d0 100644 --- a/install/tools/man/ipa-replica-install.1 +++ b/install/tools/man/ipa-replica-install.1 @@ -32,6 +32,9 @@ The replica_file is created using the ipa\-replica\-prepare utility. Install and configure a CA on this replica. If a CA is not configured then certificate operations will be forwarded to a master with a CA installed. .TP +\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR +The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail. If the server hostname is not resolvable, a record for the hostname and IP_ADDRESS is added to /etc/hosts. +.TP \fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR Directory Manager (existing master) password .TP diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index 920c13450..6f1e59e75 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -46,7 +46,7 @@ The password for the IPA admin user The fully\-qualified DNS name of this server. If the hostname does not match system hostname, the system hostname will be updated accordingly to prevent service failures. .TP \fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR -The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail. +The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail. If the server hostname is not resolvable, a record for the hostname and IP_ADDRESS is added to /etc/hosts. .TP \fB\-N\fR, \fB\-\-no\-ntp\fR Do not configure NTP -- cgit