server install: require IPv6 stack to be enabled

Add checks to install and replica install to verify IPv6 stack
is enabled. IPv6 is required by some IPA parts (AD, conncheck, ...).

https://pagure.io/freeipa/issue/6608

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

5 files changed, 22 insertions, 0 deletions

diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index de4ea23d3..f74dfa1ad 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -353,5 +353,6 @@ class BasePathNamespace(object):
     EXTERNAL_SCHEMA_DIR = '/usr/share/ipa/schema.d'
     GSSPROXY_CONF = '/etc/gssproxy/10-ipa.conf'
     KRB5CC_HTTPD = '/tmp/krb5cc-httpd'
+    IF_INET6 = '/proc/net/if_inet6'
 
 path_namespace = BasePathNamespace
diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
index 5806e7504..9f91fef2b 100644
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -103,6 +103,11 @@ class BaseTaskNamespace(object):
 
         raise NotImplementedError()
 
+    def check_ipv6_stack_enabled(self):
+        """Check whether IPv6 kernel module is loaded"""
+
+        raise NotImplementedError()
+
     def restore_hostname(self, fstore, statestore):
         """
         Restores the original hostname as backed up in the
diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 8f9b39bf8..67cb02196 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -141,6 +141,20 @@ class RedHatTaskNamespace(BaseTaskNamespace):
                                'Install the policycoreutils package and start '
                                'the installation again.' % restorecon)
 
+    def check_ipv6_stack_enabled(self):
+        """Checks whether IPv6 kernel module is loaded.
+
+        Function checks if /proc/net/if_inet6 is present. If IPv6 stack is
+        enabled, it exists and contains the interfaces configuration.
+
+        :raises: RuntimeError when IPv6 stack is disabled
+        """
+        if not os.path.exists(paths.IF_INET6):
+            raise RuntimeError(
+                "IPv6 kernel module has to be enabled. If you do not wish to "
+                "use IPv6, please disable it on the interfaces in "
+                "sysctl.conf and enable the IPv6 kernel module.")
+
     def restore_pre_ipa_client_configuration(self, fstore, statestore,
                                              was_sssd_installed,
                                              was_sssd_configured):
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 1e67a1660..8b77fbb76 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -305,6 +305,7 @@ def install_check(installer):
     external_ca_file = installer._external_ca_file
     http_ca_cert = installer._ca_cert
 
+    tasks.check_ipv6_stack_enabled()
     tasks.check_selinux_status()
 
     if options.master_password:
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 3757700e1..d7f0307e1 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -567,6 +567,7 @@ def check_remote_version(client, local_version):
 
 
 def common_check(no_ntp):
+    tasks.check_ipv6_stack_enabled()
     tasks.check_selinux_status()
 
     if is_ipa_configured():