|
|
590d18 |
From b6c7247319575a376ac9a480ae6ceda39a2bd968 Mon Sep 17 00:00:00 2001
|
|
|
590d18 |
From: Martin Basti <mbasti@redhat.com>
|
|
|
590d18 |
Date: Tue, 1 Sep 2015 19:05:01 +0200
|
|
|
590d18 |
Subject: [PATCH] Installer: do not modify /etc/hosts before user agreement
|
|
|
590d18 |
|
|
|
590d18 |
https://fedorahosted.org/freeipa/ticket/4561
|
|
|
590d18 |
|
|
|
590d18 |
As side effect this also fixes:
|
|
|
590d18 |
https://fedorahosted.org/freeipa/ticket/5266
|
|
|
590d18 |
|
|
|
590d18 |
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
590d18 |
---
|
|
|
590d18 |
ipaserver/install/dns.py | 9 ++++++--
|
|
|
590d18 |
ipaserver/install/installutils.py | 36 +++++++++++++++++++-----------
|
|
|
590d18 |
ipaserver/install/server/install.py | 14 ++++++++++--
|
|
|
590d18 |
ipaserver/install/server/replicainstall.py | 12 +++++++++-
|
|
|
590d18 |
4 files changed, 53 insertions(+), 18 deletions(-)
|
|
|
590d18 |
|
|
|
590d18 |
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
|
|
|
590d18 |
index 538e99fbe01a34cee627f1cebd938be19777c134..099e35dc331722607c8ca02cdbc7a0e66f8c4754 100644
|
|
|
590d18 |
--- a/ipaserver/install/dns.py
|
|
|
590d18 |
+++ b/ipaserver/install/dns.py
|
|
|
590d18 |
@@ -19,6 +19,7 @@ from ipapython.ipaldap import AUTOBIND_ENABLED
|
|
|
590d18 |
from ipapython.ipautil import user_input
|
|
|
590d18 |
from ipaserver.install.installutils import get_server_ip_address
|
|
|
590d18 |
from ipaserver.install.installutils import read_dns_forwarders
|
|
|
590d18 |
+from ipaserver.install.installutils import update_hosts_file
|
|
|
590d18 |
from ipaserver.install import bindinstance
|
|
|
590d18 |
from ipaserver.install import dnskeysyncinstance
|
|
|
590d18 |
from ipaserver.install import ntpinstance
|
|
|
590d18 |
@@ -225,8 +226,8 @@ def install_check(standalone, replica, options, hostname):
|
|
|
590d18 |
"the original kasp.db file." %
|
|
|
590d18 |
", ".join([str(zone) for zone in dnssec_zones]))
|
|
|
590d18 |
|
|
|
590d18 |
- ip_addresses = get_server_ip_address(
|
|
|
590d18 |
- hostname, fstore, options.unattended, True, options.ip_addresses)
|
|
|
590d18 |
+ ip_addresses = get_server_ip_address(hostname, options.unattended,
|
|
|
590d18 |
+ True, options.ip_addresses)
|
|
|
590d18 |
|
|
|
590d18 |
if options.no_forwarders:
|
|
|
590d18 |
dns_forwarders = ()
|
|
|
590d18 |
@@ -277,6 +278,10 @@ def install(standalone, replica, options):
|
|
|
590d18 |
|
|
|
590d18 |
conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled()
|
|
|
590d18 |
|
|
|
590d18 |
+ if standalone:
|
|
|
590d18 |
+ # otherwise this is done by server/replica installer
|
|
|
590d18 |
+ update_hosts_file(ip_addresses, api.env.host, fstore)
|
|
|
590d18 |
+
|
|
|
590d18 |
bind = bindinstance.BindInstance(fstore, ldapi=True,
|
|
|
590d18 |
autobind=AUTOBIND_ENABLED)
|
|
|
590d18 |
bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain,
|
|
|
590d18 |
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
|
|
|
590d18 |
index 02e8526317dbab909ed48a1823000922ce6e6b7a..81a025597c97b41377c35a6714bf1d3001c868cc 100644
|
|
|
590d18 |
--- a/ipaserver/install/installutils.py
|
|
|
590d18 |
+++ b/ipaserver/install/installutils.py
|
|
|
590d18 |
@@ -264,7 +264,8 @@ def read_ip_address(host_name, fstore):
|
|
|
590d18 |
|
|
|
590d18 |
return ip_parsed
|
|
|
590d18 |
|
|
|
590d18 |
-def read_ip_addresses(host_name, fstore):
|
|
|
590d18 |
+
|
|
|
590d18 |
+def read_ip_addresses():
|
|
|
590d18 |
ips = []
|
|
|
590d18 |
print "Enter the IP address to use, or press Enter to finish."
|
|
|
590d18 |
while True:
|
|
|
590d18 |
@@ -470,7 +471,7 @@ def get_host_name(no_host_dns):
|
|
|
590d18 |
verify_fqdn(hostname, no_host_dns)
|
|
|
590d18 |
return hostname
|
|
|
590d18 |
|
|
|
590d18 |
-def get_server_ip_address(host_name, fstore, unattended, setup_dns, ip_addresses):
|
|
|
590d18 |
+def get_server_ip_address(host_name, unattended, setup_dns, ip_addresses):
|
|
|
590d18 |
# Check we have a public IP that is associated with the hostname
|
|
|
590d18 |
try:
|
|
|
590d18 |
hostaddr = resolve_host(host_name)
|
|
|
590d18 |
@@ -483,8 +484,6 @@ def get_server_ip_address(host_name, fstore, unattended, setup_dns, ip_addresses
|
|
|
590d18 |
print >> sys.stderr, "Please fix your /etc/hosts file and restart the setup program"
|
|
|
590d18 |
sys.exit(1)
|
|
|
590d18 |
|
|
|
590d18 |
- ip_add_to_hosts = False
|
|
|
590d18 |
-
|
|
|
590d18 |
ips = []
|
|
|
590d18 |
if len(hostaddr):
|
|
|
590d18 |
for ha in hostaddr:
|
|
|
590d18 |
@@ -495,7 +494,7 @@ def get_server_ip_address(host_name, fstore, unattended, setup_dns, ip_addresses
|
|
|
590d18 |
|
|
|
590d18 |
if not ips and not ip_addresses:
|
|
|
590d18 |
if not unattended:
|
|
|
590d18 |
- ip_addresses = read_ip_addresses(host_name, fstore)
|
|
|
590d18 |
+ ip_addresses = read_ip_addresses()
|
|
|
590d18 |
|
|
|
590d18 |
if ip_addresses:
|
|
|
590d18 |
if setup_dns:
|
|
|
590d18 |
@@ -511,22 +510,16 @@ def get_server_ip_address(host_name, fstore, unattended, setup_dns, ip_addresses
|
|
|
590d18 |
print >>sys.stderr, "Provided but not resolved address(es): %s" % \
|
|
|
590d18 |
", ".join(str(ip) for ip in (set(ip_addresses) - set(ips)))
|
|
|
590d18 |
sys.exit(1)
|
|
|
590d18 |
- ip_add_to_hosts = True
|
|
|
590d18 |
|
|
|
590d18 |
if not ips:
|
|
|
590d18 |
print >> sys.stderr, "No usable IP address provided nor resolved."
|
|
|
590d18 |
sys.exit(1)
|
|
|
590d18 |
|
|
|
590d18 |
for ip_address in ips:
|
|
|
590d18 |
- # check /etc/hosts sanity, add a record when needed
|
|
|
590d18 |
+ # check /etc/hosts sanity
|
|
|
590d18 |
hosts_record = record_in_hosts(str(ip_address))
|
|
|
590d18 |
|
|
|
590d18 |
- if hosts_record is None:
|
|
|
590d18 |
- if ip_add_to_hosts or setup_dns:
|
|
|
590d18 |
- print "Adding ["+str(ip_address)+" "+host_name+"] to your /etc/hosts file"
|
|
|
590d18 |
- fstore.backup_file(paths.HOSTS)
|
|
|
590d18 |
- add_record_to_hosts(str(ip_address), host_name)
|
|
|
590d18 |
- else:
|
|
|
590d18 |
+ if hosts_record is not None:
|
|
|
590d18 |
primary_host = hosts_record[1][0]
|
|
|
590d18 |
if primary_host != host_name:
|
|
|
590d18 |
print >>sys.stderr, "Error: there is already a record in /etc/hosts for IP address %s:" \
|
|
|
590d18 |
@@ -539,6 +532,23 @@ def get_server_ip_address(host_name, fstore, unattended, setup_dns, ip_addresses
|
|
|
590d18 |
|
|
|
590d18 |
return ips
|
|
|
590d18 |
|
|
|
590d18 |
+
|
|
|
590d18 |
+def update_hosts_file(ip_addresses, host_name, fstore):
|
|
|
590d18 |
+ """
|
|
|
590d18 |
+ Update hosts with specified addresses
|
|
|
590d18 |
+ :param ip_addresses: list of IP addresses
|
|
|
590d18 |
+ :return:
|
|
|
590d18 |
+ """
|
|
|
590d18 |
+ if not fstore.has_file(paths.HOSTS):
|
|
|
590d18 |
+ fstore.backup_file(paths.HOSTS)
|
|
|
590d18 |
+ for ip_address in ip_addresses:
|
|
|
590d18 |
+ if record_in_hosts(str(ip_address)):
|
|
|
590d18 |
+ continue
|
|
|
590d18 |
+ print "Adding [{address!s} {name}] to your /etc/hosts file".format(
|
|
|
590d18 |
+ address=ip_address, name=host_name)
|
|
|
590d18 |
+ add_record_to_hosts(str(ip_address), host_name)
|
|
|
590d18 |
+
|
|
|
590d18 |
+
|
|
|
590d18 |
def expand_replica_info(filename, password):
|
|
|
590d18 |
"""
|
|
|
590d18 |
Decrypt and expand a replica installation file into a temporary
|
|
|
590d18 |
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
|
|
|
590d18 |
index ff517513473a458a84f63c5c1308a8cc0b8699f8..9d7036a7786a35e6aa2429254d62c8afb30970db 100644
|
|
|
590d18 |
--- a/ipaserver/install/server/install.py
|
|
|
590d18 |
+++ b/ipaserver/install/server/install.py
|
|
|
590d18 |
@@ -32,7 +32,8 @@ from ipaserver.install import (
|
|
|
590d18 |
otpdinstance, replication, service, sysupgrade)
|
|
|
590d18 |
from ipaserver.install.installutils import (
|
|
|
590d18 |
IPA_MODULES, BadHostError, get_fqdn, get_server_ip_address,
|
|
|
590d18 |
- is_ipa_configured, load_pkcs12, read_password, verify_fqdn)
|
|
|
590d18 |
+ is_ipa_configured, load_pkcs12, read_password, verify_fqdn,
|
|
|
590d18 |
+ update_hosts_file)
|
|
|
590d18 |
from ipaserver.plugins.ldap2 import ldap2
|
|
|
590d18 |
try:
|
|
|
590d18 |
from ipaserver.install import adtrustinstance
|
|
|
590d18 |
@@ -607,10 +608,15 @@ def install_check(installer):
|
|
|
590d18 |
dns.install_check(False, False, options, host_name)
|
|
|
590d18 |
ip_addresses = dns.ip_addresses
|
|
|
590d18 |
else:
|
|
|
590d18 |
- ip_addresses = get_server_ip_address(host_name, fstore,
|
|
|
590d18 |
+ ip_addresses = get_server_ip_address(host_name,
|
|
|
590d18 |
not installer.interactive, False,
|
|
|
590d18 |
options.ip_addresses)
|
|
|
590d18 |
|
|
|
590d18 |
+ # installer needs to update hosts file when DNS subsystem will be
|
|
|
590d18 |
+ # installed or custom addresses are used
|
|
|
590d18 |
+ if options.ip_addresses or options.setup_dns:
|
|
|
590d18 |
+ installer._update_hosts_file = True
|
|
|
590d18 |
+
|
|
|
590d18 |
print
|
|
|
590d18 |
print "The IPA Master Server will be configured with:"
|
|
|
590d18 |
print "Hostname: %s" % host_name
|
|
|
590d18 |
@@ -709,6 +715,9 @@ def install(installer):
|
|
|
590d18 |
# configure /etc/sysconfig/network to contain the custom hostname
|
|
|
590d18 |
tasks.backup_and_replace_hostname(fstore, sstore, host_name)
|
|
|
590d18 |
|
|
|
590d18 |
+ if installer._update_hosts_file:
|
|
|
590d18 |
+ update_hosts_file(ip_addresses, host_name, fstore)
|
|
|
590d18 |
+
|
|
|
590d18 |
# Create DS user/group if it doesn't exist yet
|
|
|
590d18 |
dsinstance.create_ds_user()
|
|
|
590d18 |
|
|
|
590d18 |
@@ -1494,6 +1503,7 @@ class Server(common.Installable, common.Interactive, core.Composite):
|
|
|
590d18 |
self._external_cert_file = None
|
|
|
590d18 |
self._external_ca_file = None
|
|
|
590d18 |
self._ca_cert = None
|
|
|
590d18 |
+ self._update_hosts_file = False
|
|
|
590d18 |
|
|
|
590d18 |
#pylint: disable=no-member
|
|
|
590d18 |
|
|
|
590d18 |
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
|
|
|
590d18 |
index 0725c7763e505ca0cc5a8892414a3c36c557cf1d..6f9a6141fe9af44806244ce52df59c191dc966b0 100644
|
|
|
590d18 |
--- a/ipaserver/install/server/replicainstall.py
|
|
|
590d18 |
+++ b/ipaserver/install/server/replicainstall.py
|
|
|
590d18 |
@@ -502,11 +502,17 @@ def install_check(installer):
|
|
|
590d18 |
|
|
|
590d18 |
if options.setup_dns:
|
|
|
590d18 |
dns.install_check(False, True, options, config.host_name)
|
|
|
590d18 |
+ config.ips = dns.ip_addresses
|
|
|
590d18 |
else:
|
|
|
590d18 |
config.ips = installutils.get_server_ip_address(
|
|
|
590d18 |
- config.host_name, fstore, not installer.interactive, False,
|
|
|
590d18 |
+ config.host_name, not installer.interactive, False,
|
|
|
590d18 |
options.ip_addresses)
|
|
|
590d18 |
|
|
|
590d18 |
+ # installer needs to update hosts file when DNS subsystem will be
|
|
|
590d18 |
+ # installed or custom addresses are used
|
|
|
590d18 |
+ if options.setup_dns or options.ip_addresses:
|
|
|
590d18 |
+ installer._update_hosts_file = True
|
|
|
590d18 |
+
|
|
|
590d18 |
# check connection
|
|
|
590d18 |
if not options.skip_conncheck:
|
|
|
590d18 |
replica_conn_check(
|
|
|
590d18 |
@@ -528,6 +534,9 @@ def install(installer):
|
|
|
590d18 |
|
|
|
590d18 |
dogtag_constants = dogtag.install_constants
|
|
|
590d18 |
|
|
|
590d18 |
+ if installer._update_hosts_file:
|
|
|
590d18 |
+ installutils.update_hosts_file(config.ips, config.host_name, fstore)
|
|
|
590d18 |
+
|
|
|
590d18 |
# Create DS user/group if it doesn't exist yet
|
|
|
590d18 |
dsinstance.create_ds_user()
|
|
|
590d18 |
|
|
|
590d18 |
@@ -785,6 +794,7 @@ class Replica(common.Installable, common.Interactive, core.Composite):
|
|
|
590d18 |
|
|
|
590d18 |
self._top_dir = None
|
|
|
590d18 |
self._config = None
|
|
|
590d18 |
+ self._update_hosts_file = False
|
|
|
590d18 |
|
|
|
590d18 |
#pylint: disable=no-member
|
|
|
590d18 |
|
|
|
590d18 |
--
|
|
|
590d18 |
2.5.1
|
|
|
590d18 |
|