|
|
483b06 |
From a04defc43419906675107e483f0f2f3153685c8d Mon Sep 17 00:00:00 2001
|
|
|
483b06 |
From: Martin Basti <mbasti@redhat.com>
|
|
|
483b06 |
Date: Wed, 31 May 2017 15:50:05 +0200
|
|
|
483b06 |
Subject: [PATCH] Only warn when specified server IP addresses don't match intf
|
|
|
483b06 |
|
|
|
483b06 |
In containers local addresses differ from public addresses and we need
|
|
|
483b06 |
a way to provide only public address to installers.
|
|
|
483b06 |
|
|
|
483b06 |
https://pagure.io/freeipa/issue/2715
|
|
|
483b06 |
https://pagure.io/freeipa/issue/4317
|
|
|
483b06 |
|
|
|
483b06 |
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
|
|
|
483b06 |
---
|
|
|
483b06 |
ipaclient/install/client.py | 4 +-
|
|
|
483b06 |
ipalib/install/hostname.py | 2 +-
|
|
|
483b06 |
ipalib/util.py | 14 +++++++
|
|
|
483b06 |
ipapython/ipautil.py | 62 ++++++++++++++++--------------
|
|
|
483b06 |
ipaserver/install/dns.py | 1 +
|
|
|
483b06 |
ipaserver/install/installutils.py | 4 +-
|
|
|
483b06 |
ipaserver/install/server/install.py | 2 +
|
|
|
483b06 |
ipaserver/install/server/replicainstall.py | 2 +
|
|
|
483b06 |
8 files changed, 59 insertions(+), 32 deletions(-)
|
|
|
483b06 |
|
|
|
483b06 |
diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
|
|
|
483b06 |
index 6f10f5258747881b9af8c6b70b499f9ff7d577ff..41dae3004d1f4836e79c2048ae0a12f722595ca0 100644
|
|
|
483b06 |
--- a/ipaclient/install/client.py
|
|
|
483b06 |
+++ b/ipaclient/install/client.py
|
|
|
483b06 |
@@ -41,6 +41,7 @@ from ipalib.util import (
|
|
|
483b06 |
broadcast_ip_address_warning,
|
|
|
483b06 |
network_ip_address_warning,
|
|
|
483b06 |
normalize_hostname,
|
|
|
483b06 |
+ no_matching_interface_for_ip_address_warning,
|
|
|
483b06 |
verify_host_resolvable,
|
|
|
483b06 |
)
|
|
|
483b06 |
from ipaplatform import services
|
|
|
483b06 |
@@ -1300,6 +1301,7 @@ def update_dns(server, hostname, options):
|
|
|
483b06 |
|
|
|
483b06 |
network_ip_address_warning(update_ips)
|
|
|
483b06 |
broadcast_ip_address_warning(update_ips)
|
|
|
483b06 |
+ no_matching_interface_for_ip_address_warning(update_ips)
|
|
|
483b06 |
|
|
|
483b06 |
update_txt = "debug\n"
|
|
|
483b06 |
update_txt += ipautil.template_str(DELETE_TEMPLATE_A,
|
|
|
483b06 |
@@ -1445,7 +1447,7 @@ def check_ip_addresses(options):
|
|
|
483b06 |
if options.ip_addresses:
|
|
|
483b06 |
for ip in options.ip_addresses:
|
|
|
483b06 |
try:
|
|
|
483b06 |
- ipautil.CheckedIPAddress(ip, match_local=True)
|
|
|
483b06 |
+ ipautil.CheckedIPAddress(ip)
|
|
|
483b06 |
except ValueError as e:
|
|
|
483b06 |
root_logger.error(e)
|
|
|
483b06 |
return False
|
|
|
483b06 |
diff --git a/ipalib/install/hostname.py b/ipalib/install/hostname.py
|
|
|
483b06 |
index 74c569d972df9975d677762b5769b2bf84dfddf0..5422ba6390ce13aa40f34938ed777d8821e8231b 100644
|
|
|
483b06 |
--- a/ipalib/install/hostname.py
|
|
|
483b06 |
+++ b/ipalib/install/hostname.py
|
|
|
483b06 |
@@ -34,7 +34,7 @@ class HostNameInstallInterface(service.ServiceInstallInterface):
|
|
|
483b06 |
def ip_addresses(self, values):
|
|
|
483b06 |
for value in values:
|
|
|
483b06 |
try:
|
|
|
483b06 |
- CheckedIPAddress(value, match_local=True)
|
|
|
483b06 |
+ CheckedIPAddress(value)
|
|
|
483b06 |
except Exception as e:
|
|
|
483b06 |
raise ValueError("invalid IP address {0}: {1}".format(
|
|
|
483b06 |
value, e))
|
|
|
483b06 |
diff --git a/ipalib/util.py b/ipalib/util.py
|
|
|
483b06 |
index 713fc107e9374eefe7805bc4e1abc40b6d150c32..1bd8495a49b010e7a3ac926dad516ab5f8219b39 100644
|
|
|
483b06 |
--- a/ipalib/util.py
|
|
|
483b06 |
+++ b/ipalib/util.py
|
|
|
483b06 |
@@ -1128,3 +1128,17 @@ def broadcast_ip_address_warning(addr_list):
|
|
|
483b06 |
# print
|
|
|
483b06 |
print("WARNING: IP address {} might be broadcast address".format(
|
|
|
483b06 |
ip), file=sys.stderr)
|
|
|
483b06 |
+
|
|
|
483b06 |
+
|
|
|
483b06 |
+def no_matching_interface_for_ip_address_warning(addr_list):
|
|
|
483b06 |
+ for ip in addr_list:
|
|
|
483b06 |
+ if not ip.get_matching_interface():
|
|
|
483b06 |
+ root_logger.warning(
|
|
|
483b06 |
+ "No network interface matches the IP address %s", ip)
|
|
|
483b06 |
+ # fixme: once when loggers will be fixed, we can remove this
|
|
|
483b06 |
+ # print
|
|
|
483b06 |
+ print(
|
|
|
483b06 |
+ "WARNING: No network interface matches the IP address "
|
|
|
483b06 |
+ "{}".format(ip),
|
|
|
483b06 |
+ file=sys.stderr
|
|
|
483b06 |
+ )
|
|
|
483b06 |
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
|
|
|
483b06 |
index 317fc225b722ad3ce2f4b9d92822b4f19d49adb9..a277ed87473f3c591f34fcc00e1159f3bbfe3e9b 100644
|
|
|
483b06 |
--- a/ipapython/ipautil.py
|
|
|
483b06 |
+++ b/ipapython/ipautil.py
|
|
|
483b06 |
@@ -161,34 +161,7 @@ class CheckedIPAddress(UnsafeIPAddress):
|
|
|
483b06 |
raise ValueError("cannot use multicast IP address {}".format(addr))
|
|
|
483b06 |
|
|
|
483b06 |
if match_local:
|
|
|
483b06 |
- if self.version == 4:
|
|
|
483b06 |
- family = netifaces.AF_INET
|
|
|
483b06 |
- elif self.version == 6:
|
|
|
483b06 |
- family = netifaces.AF_INET6
|
|
|
483b06 |
- else:
|
|
|
483b06 |
- raise ValueError(
|
|
|
483b06 |
- "Unsupported address family ({})".format(self.version)
|
|
|
483b06 |
- )
|
|
|
483b06 |
-
|
|
|
483b06 |
- iface = None
|
|
|
483b06 |
- for interface in netifaces.interfaces():
|
|
|
483b06 |
- for ifdata in netifaces.ifaddresses(interface).get(family, []):
|
|
|
483b06 |
-
|
|
|
483b06 |
- # link-local addresses contain '%suffix' that causes parse
|
|
|
483b06 |
- # errors in IPNetwork
|
|
|
483b06 |
- ifaddr = ifdata['addr'].split(u'%', 1)[0]
|
|
|
483b06 |
-
|
|
|
483b06 |
- ifnet = netaddr.IPNetwork('{addr}/{netmask}'.format(
|
|
|
483b06 |
- addr=ifaddr,
|
|
|
483b06 |
- netmask=ifdata['netmask']
|
|
|
483b06 |
- ))
|
|
|
483b06 |
- if ifnet == self._net or (
|
|
|
483b06 |
- self._net is None and ifnet.ip == self):
|
|
|
483b06 |
- self._net = ifnet
|
|
|
483b06 |
- iface = interface
|
|
|
483b06 |
- break
|
|
|
483b06 |
-
|
|
|
483b06 |
- if iface is None:
|
|
|
483b06 |
+ if not self.get_matching_interface():
|
|
|
483b06 |
raise ValueError('no network interface matches the IP address '
|
|
|
483b06 |
'and netmask {}'.format(addr))
|
|
|
483b06 |
|
|
|
483b06 |
@@ -218,6 +191,39 @@ class CheckedIPAddress(UnsafeIPAddress):
|
|
|
483b06 |
def is_broadcast_addr(self):
|
|
|
483b06 |
return self.version == 4 and self == self._net.broadcast
|
|
|
483b06 |
|
|
|
483b06 |
+ def get_matching_interface(self):
|
|
|
483b06 |
+ """Find matching local interface for address
|
|
|
483b06 |
+ :return: Interface name or None if no interface has this address
|
|
|
483b06 |
+ """
|
|
|
483b06 |
+ if self.version == 4:
|
|
|
483b06 |
+ family = netifaces.AF_INET
|
|
|
483b06 |
+ elif self.version == 6:
|
|
|
483b06 |
+ family = netifaces.AF_INET6
|
|
|
483b06 |
+ else:
|
|
|
483b06 |
+ raise ValueError(
|
|
|
483b06 |
+ "Unsupported address family ({})".format(self.version)
|
|
|
483b06 |
+ )
|
|
|
483b06 |
+
|
|
|
483b06 |
+ iface = None
|
|
|
483b06 |
+ for interface in netifaces.interfaces():
|
|
|
483b06 |
+ for ifdata in netifaces.ifaddresses(interface).get(family, []):
|
|
|
483b06 |
+
|
|
|
483b06 |
+ # link-local addresses contain '%suffix' that causes parse
|
|
|
483b06 |
+ # errors in IPNetwork
|
|
|
483b06 |
+ ifaddr = ifdata['addr'].split(u'%', 1)[0]
|
|
|
483b06 |
+
|
|
|
483b06 |
+ ifnet = netaddr.IPNetwork('{addr}/{netmask}'.format(
|
|
|
483b06 |
+ addr=ifaddr,
|
|
|
483b06 |
+ netmask=ifdata['netmask']
|
|
|
483b06 |
+ ))
|
|
|
483b06 |
+ if ifnet == self._net or (
|
|
|
483b06 |
+ self._net is None and ifnet.ip == self):
|
|
|
483b06 |
+ self._net = ifnet
|
|
|
483b06 |
+ iface = interface
|
|
|
483b06 |
+ break
|
|
|
483b06 |
+
|
|
|
483b06 |
+ return iface
|
|
|
483b06 |
+
|
|
|
483b06 |
|
|
|
483b06 |
def valid_ip(addr):
|
|
|
483b06 |
return netaddr.valid_ipv4(addr) or netaddr.valid_ipv6(addr)
|
|
|
483b06 |
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
|
|
|
483b06 |
index 0dddf2a6427f3f939171d755bfe2b1f05cfafa67..090b79493652566a433da248fa7fd9e33dd2cb72 100644
|
|
|
483b06 |
--- a/ipaserver/install/dns.py
|
|
|
483b06 |
+++ b/ipaserver/install/dns.py
|
|
|
483b06 |
@@ -266,6 +266,7 @@ def install_check(standalone, api, replica, options, hostname):
|
|
|
483b06 |
|
|
|
483b06 |
util.network_ip_address_warning(ip_addresses)
|
|
|
483b06 |
util.broadcast_ip_address_warning(ip_addresses)
|
|
|
483b06 |
+ util.no_matching_interface_for_ip_address_warning(ip_addresses)
|
|
|
483b06 |
|
|
|
483b06 |
if not options.forward_policy:
|
|
|
483b06 |
# user did not specify policy, derive it: default is 'first' but
|
|
|
483b06 |
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
|
|
|
483b06 |
index d2283af20485fd5d66bfd3cc49059d08d1802575..3521d555914714351160213df60ed9167ac6e370 100644
|
|
|
483b06 |
--- a/ipaserver/install/installutils.py
|
|
|
483b06 |
+++ b/ipaserver/install/installutils.py
|
|
|
483b06 |
@@ -276,7 +276,7 @@ def read_ip_addresses():
|
|
|
483b06 |
if not ip:
|
|
|
483b06 |
break
|
|
|
483b06 |
try:
|
|
|
483b06 |
- ip_parsed = ipautil.CheckedIPAddress(ip, match_local=True)
|
|
|
483b06 |
+ ip_parsed = ipautil.CheckedIPAddress(ip)
|
|
|
483b06 |
except Exception as e:
|
|
|
483b06 |
print("Error: Invalid IP Address %s: %s" % (ip, e))
|
|
|
483b06 |
continue
|
|
|
483b06 |
@@ -585,7 +585,7 @@ def get_server_ip_address(host_name, unattended, setup_dns, ip_addresses):
|
|
|
483b06 |
if len(hostaddr):
|
|
|
483b06 |
for ha in hostaddr:
|
|
|
483b06 |
try:
|
|
|
483b06 |
- ips.append(ipautil.CheckedIPAddress(ha, match_local=True))
|
|
|
483b06 |
+ ips.append(ipautil.CheckedIPAddress(ha, match_local=False))
|
|
|
483b06 |
except ValueError as e:
|
|
|
483b06 |
root_logger.warning("Invalid IP address %s for %s: %s", ha, host_name, unicode(e))
|
|
|
483b06 |
|
|
|
483b06 |
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
|
|
|
483b06 |
index 9dcf903f4582740f007c049fae3ec247ddf52aef..7eb291e07c00e0407ce534c3d4088e6f6378260f 100644
|
|
|
483b06 |
--- a/ipaserver/install/server/install.py
|
|
|
483b06 |
+++ b/ipaserver/install/server/install.py
|
|
|
483b06 |
@@ -29,6 +29,7 @@ from ipalib.util import (
|
|
|
483b06 |
validate_domain_name,
|
|
|
483b06 |
network_ip_address_warning,
|
|
|
483b06 |
broadcast_ip_address_warning,
|
|
|
483b06 |
+ no_matching_interface_for_ip_address_warning,
|
|
|
483b06 |
)
|
|
|
483b06 |
import ipaclient.install.ntpconf
|
|
|
483b06 |
from ipaserver.install import (
|
|
|
483b06 |
@@ -617,6 +618,7 @@ def install_check(installer):
|
|
|
483b06 |
# check addresses here, dns module is doing own check
|
|
|
483b06 |
network_ip_address_warning(ip_addresses)
|
|
|
483b06 |
broadcast_ip_address_warning(ip_addresses)
|
|
|
483b06 |
+ no_matching_interface_for_ip_address_warning(ip_addresses)
|
|
|
483b06 |
|
|
|
483b06 |
if options.setup_adtrust:
|
|
|
483b06 |
adtrust.install_check(False, options, api)
|
|
|
483b06 |
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
|
|
|
483b06 |
index 20eaf98397101b49c751c325afc0591e0babcc18..6620f0222f9d38112ce0d0fd72381e5673921cba 100644
|
|
|
483b06 |
--- a/ipaserver/install/server/replicainstall.py
|
|
|
483b06 |
+++ b/ipaserver/install/server/replicainstall.py
|
|
|
483b06 |
@@ -35,6 +35,7 @@ from ipalib.config import Env
|
|
|
483b06 |
from ipalib.util import (
|
|
|
483b06 |
network_ip_address_warning,
|
|
|
483b06 |
broadcast_ip_address_warning,
|
|
|
483b06 |
+ no_matching_interface_for_ip_address_warning,
|
|
|
483b06 |
)
|
|
|
483b06 |
from ipaclient.install.client import configure_krb5_conf, purge_host_keytab
|
|
|
483b06 |
from ipaserver.install import (
|
|
|
483b06 |
@@ -1285,6 +1286,7 @@ def promote_check(installer):
|
|
|
483b06 |
# check addresses here, dns module is doing own check
|
|
|
483b06 |
network_ip_address_warning(config.ips)
|
|
|
483b06 |
broadcast_ip_address_warning(config.ips)
|
|
|
483b06 |
+ no_matching_interface_for_ip_address_warning(config.ips)
|
|
|
483b06 |
|
|
|
483b06 |
if options.setup_adtrust:
|
|
|
483b06 |
adtrust.install_check(False, options, remote_api)
|
|
|
483b06 |
--
|
|
|
483b06 |
2.9.4
|
|
|
483b06 |
|