From ecb450308d0a49afffb31dda1e405ad40552e70e Mon Sep 17 00:00:00 2001 From: Tomas Krizek Date: Tue, 7 Mar 2017 13:54:41 +0100 Subject: server install: require IPv6 stack to be enabled Add checks to install and replica install to verify IPv6 stack is enabled. IPv6 is required by some IPA parts (AD, conncheck, ...). https://pagure.io/freeipa/issue/6608 Reviewed-By: Martin Basti Reviewed-By: Alexander Bokovoy --- ipaplatform/base/paths.py | 1 + ipaplatform/base/tasks.py | 5 +++++ ipaplatform/redhat/tasks.py | 14 ++++++++++++++ ipaserver/install/server/install.py | 1 + ipaserver/install/server/replicainstall.py | 1 + 5 files changed, 22 insertions(+) diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index de4ea23d3..f74dfa1ad 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -353,5 +353,6 @@ class BasePathNamespace(object): EXTERNAL_SCHEMA_DIR = '/usr/share/ipa/schema.d' GSSPROXY_CONF = '/etc/gssproxy/10-ipa.conf' KRB5CC_HTTPD = '/tmp/krb5cc-httpd' + IF_INET6 = '/proc/net/if_inet6' path_namespace = BasePathNamespace diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index 5806e7504..9f91fef2b 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -103,6 +103,11 @@ class BaseTaskNamespace(object): raise NotImplementedError() + def check_ipv6_stack_enabled(self): + """Check whether IPv6 kernel module is loaded""" + + raise NotImplementedError() + def restore_hostname(self, fstore, statestore): """ Restores the original hostname as backed up in the diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index 8f9b39bf8..67cb02196 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -141,6 +141,20 @@ class RedHatTaskNamespace(BaseTaskNamespace): 'Install the policycoreutils package and start ' 'the installation again.' % restorecon) + def check_ipv6_stack_enabled(self): + """Checks whether IPv6 kernel module is loaded. + + Function checks if /proc/net/if_inet6 is present. If IPv6 stack is + enabled, it exists and contains the interfaces configuration. + + :raises: RuntimeError when IPv6 stack is disabled + """ + if not os.path.exists(paths.IF_INET6): + raise RuntimeError( + "IPv6 kernel module has to be enabled. If you do not wish to " + "use IPv6, please disable it on the interfaces in " + "sysctl.conf and enable the IPv6 kernel module.") + def restore_pre_ipa_client_configuration(self, fstore, statestore, was_sssd_installed, was_sssd_configured): diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index 1e67a1660..8b77fbb76 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -305,6 +305,7 @@ def install_check(installer): external_ca_file = installer._external_ca_file http_ca_cert = installer._ca_cert + tasks.check_ipv6_stack_enabled() tasks.check_selinux_status() if options.master_password: diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 3757700e1..d7f0307e1 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -567,6 +567,7 @@ def check_remote_version(client, local_version): def common_check(no_ntp): + tasks.check_ipv6_stack_enabled() tasks.check_selinux_status() if is_ipa_configured(): -- cgit