diff options
| author | Petr Spacek <pspacek@redhat.com> | 2016-06-28 13:53:58 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-06-29 14:19:59 +0200 |
| commit | 7be50ea7150b36adf9051fc1003dd36f61d68451 (patch) | |
| tree | 0320353c35fe050b7defbe56069e8c87a240d4a6 /ipaserver | |
| parent | 1802f7a2258c793d11c7a9c2a4786cea42b9b058 (diff) | |
| download | freeipa-7be50ea7150b36adf9051fc1003dd36f61d68451.tar.gz freeipa-7be50ea7150b36adf9051fc1003dd36f61d68451.tar.xz freeipa-7be50ea7150b36adf9051fc1003dd36f61d68451.zip | |
Use NSS for name->resolution in IPA installer
This fixes scenarios where IPA server is not able to resolve own name
and option --ip-address was not specified by the user.
This partially reverts changes from commit
dc405005f537cf278fd6ddfe6b87060bd13d9a67
https://fedorahosted.org/freeipa/ticket/5962
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/bindinstance.py | 4 | ||||
| -rw-r--r-- | ipaserver/install/installutils.py | 43 |
2 files changed, 42 insertions, 5 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 2bc753883..6b266edaa 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -870,9 +870,7 @@ class BindInstance(service.Service): if fqdn == self.fqdn: continue - addrs = dnsutil.resolve_ip_addresses(fqdn) - # hack, will go away with locations - addrs = [str(addr) for addr in addrs] + addrs = installutils.resolve_ip_addresses_nss(fqdn) root_logger.debug("Adding DNS records for master %s" % fqdn) self.__add_master_records(fqdn, addrs) diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index b1ad19c85..a15571f92 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -445,6 +445,46 @@ def create_keytab(path, principal): kadmin("ktadd -k " + path + " " + principal) +def resolve_ip_addresses_nss(fqdn): + """Get list of IP addresses for given host (using NSS/getaddrinfo). + :returns: + list of IP addresses as CheckedIPAddress objects + """ + # make sure the name is fully qualified + # so search path from resolv.conf does not apply + fqdn = str(dnsutil.DNSName(fqdn).make_absolute()) + try: + addrinfos = socket.getaddrinfo(fqdn, None, + socket.AF_UNSPEC, socket.SOCK_STREAM) + except socket.error as ex: + if ex.errno == socket.EAI_NODATA or ex.errno == socket.EAI_NONAME: + root_logger.debug('Name %s does not have any address: %s', + fqdn, ex) + return set() + else: + raise + + # accept whatever we got from NSS + ip_addresses = set() + for ai in addrinfos: + try: + ip = ipautil.CheckedIPAddress(ai[4][0], + parse_netmask=False, + # these are unreliable, disable them + allow_network=True, + allow_loopback=True, + allow_broadcast=True, + allow_multicast=True) + except ValueError as ex: + # getaddinfo may return link-local address other similar oddities + # which are not accepted by CheckedIPAddress - skip these + root_logger.warning('Name %s resolved to an unacceptable IP ' + 'address %s: %s', fqdn, ai[4][0], ex) + else: + ip_addresses.add(ip) + root_logger.debug('Name %s resolved to %s', fqdn, ip_addresses) + return ip_addresses + def get_host_name(no_host_dns): """ Get the current FQDN from the socket and verify that it is valid. @@ -459,8 +499,7 @@ def get_host_name(no_host_dns): return hostname def get_server_ip_address(host_name, unattended, setup_dns, ip_addresses): - # Check we have a public IP that is associated with the hostname - hostaddr = dnsutil.resolve_ip_addresses(host_name) + hostaddr = resolve_ip_addresses_nss(host_name) if hostaddr.intersection( {ipautil.CheckedIPAddress(ip, allow_loopback=True) for ip in ['127.0.0.1', '::1']}): |