From b6c7247319575a376ac9a480ae6ceda39a2bd968 Mon Sep 17 00:00:00 2001

From: Martin Basti <mbasti@redhat.com>

Date: Tue, 1 Sep 2015 19:05:01 +0200

Subject: [PATCH] Installer: do not modify /etc/hosts before user agreement

https://fedorahosted.org/freeipa/ticket/4561

As side effect this also fixes:

https://fedorahosted.org/freeipa/ticket/5266

Reviewed-By: David Kupka <dkupka@redhat.com>

---

 ipaserver/install/dns.py                   |  9 ++++++--

 ipaserver/install/installutils.py          | 36 +++++++++++++++++++-----------

 ipaserver/install/server/install.py        | 14 ++++++++++--

 ipaserver/install/server/replicainstall.py | 12 +++++++++-

 4 files changed, 53 insertions(+), 18 deletions(-)

diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py

index 538e99fbe01a34cee627f1cebd938be19777c134..099e35dc331722607c8ca02cdbc7a0e66f8c4754 100644

--- a/ipaserver/install/dns.py

+++ b/ipaserver/install/dns.py

@@ -19,6 +19,7 @@ from ipapython.ipaldap import AUTOBIND_ENABLED

 from ipapython.ipautil import user_input

 from ipaserver.install.installutils import get_server_ip_address

 from ipaserver.install.installutils import read_dns_forwarders

+from ipaserver.install.installutils import update_hosts_file

 from ipaserver.install import bindinstance

 from ipaserver.install import dnskeysyncinstance

 from ipaserver.install import ntpinstance

@@ -225,8 +226,8 @@ def install_check(standalone, replica, options, hostname):

                 "the original kasp.db file." %

                 ", ".join([str(zone) for zone in dnssec_zones]))

-    ip_addresses = get_server_ip_address(

-        hostname, fstore, options.unattended, True, options.ip_addresses)

+    ip_addresses = get_server_ip_address(hostname, options.unattended,

+                                         True, options.ip_addresses)

     if options.no_forwarders:

         dns_forwarders = ()

@@ -277,6 +278,10 @@ def install(standalone, replica, options):

     conf_ntp = ntpinstance.NTPInstance(fstore).is_enabled()

+    if standalone:

+        # otherwise this is done by server/replica installer

+        update_hosts_file(ip_addresses, api.env.host, fstore)

+

     bind = bindinstance.BindInstance(fstore, ldapi=True,

                                      autobind=AUTOBIND_ENABLED)

     bind.setup(api.env.host, ip_addresses, api.env.realm, api.env.domain,

diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py

index 02e8526317dbab909ed48a1823000922ce6e6b7a..81a025597c97b41377c35a6714bf1d3001c868cc 100644

--- a/ipaserver/install/installutils.py

+++ b/ipaserver/install/installutils.py

@@ -264,7 +264,8 @@ def read_ip_address(host_name, fstore):

     return ip_parsed

-def read_ip_addresses(host_name, fstore):

+

+def read_ip_addresses():

     ips = []

     print "Enter the IP address to use, or press Enter to finish."

     while True:

@@ -470,7 +471,7 @@ def get_host_name(no_host_dns):

     verify_fqdn(hostname, no_host_dns)

     return hostname

-def get_server_ip_address(host_name, fstore, unattended, setup_dns, ip_addresses):

+def get_server_ip_address(host_name, unattended, setup_dns, ip_addresses):

     # Check we have a public IP that is associated with the hostname

     try:

         hostaddr = resolve_host(host_name)

@@ -483,8 +484,6 @@ def get_server_ip_address(host_name, fstore, unattended, setup_dns, ip_addresses

         print >> sys.stderr, "Please fix your /etc/hosts file and restart the setup program"

         sys.exit(1)

-    ip_add_to_hosts = False

-

     ips = []

     if len(hostaddr):

         for ha in hostaddr:

@@ -495,7 +494,7 @@ def get_server_ip_address(host_name, fstore, unattended, setup_dns, ip_addresses

     if not ips and not ip_addresses:

         if not unattended:

-            ip_addresses = read_ip_addresses(host_name, fstore)

+            ip_addresses = read_ip_addresses()

     if ip_addresses:

         if setup_dns:

@@ -511,22 +510,16 @@ def get_server_ip_address(host_name, fstore, unattended, setup_dns, ip_addresses

                 print >>sys.stderr, "Provided but not resolved address(es): %s" % \

                                     ", ".join(str(ip) for ip in (set(ip_addresses) - set(ips)))

                 sys.exit(1)

-        ip_add_to_hosts = True

     if not ips:

         print >> sys.stderr, "No usable IP address provided nor resolved."

         sys.exit(1)

     for ip_address in ips:

-        # check /etc/hosts sanity, add a record when needed

+        # check /etc/hosts sanity

         hosts_record = record_in_hosts(str(ip_address))

-        if hosts_record is None:

-            if ip_add_to_hosts or setup_dns:

-                print "Adding ["+str(ip_address)+" "+host_name+"] to your /etc/hosts file"

-                fstore.backup_file(paths.HOSTS)

-                add_record_to_hosts(str(ip_address), host_name)

-        else:

+        if hosts_record is not None:

             primary_host = hosts_record[1][0]

             if primary_host != host_name:

                 print >>sys.stderr, "Error: there is already a record in /etc/hosts for IP address %s:" \

@@ -539,6 +532,23 @@ def get_server_ip_address(host_name, fstore, unattended, setup_dns, ip_addresses

     return ips

+

+def update_hosts_file(ip_addresses, host_name, fstore):

+    """

+    Update hosts with specified addresses

+    :param ip_addresses: list of IP addresses

+    :return:

+    """

+    if not fstore.has_file(paths.HOSTS):

+        fstore.backup_file(paths.HOSTS)

+    for ip_address in ip_addresses:

+        if record_in_hosts(str(ip_address)):

+            continue

+        print "Adding [{address!s} {name}] to your /etc/hosts file".format(

+            address=ip_address, name=host_name)

+        add_record_to_hosts(str(ip_address), host_name)

+

+

 def expand_replica_info(filename, password):

     """

     Decrypt and expand a replica installation file into a temporary

diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py

index ff517513473a458a84f63c5c1308a8cc0b8699f8..9d7036a7786a35e6aa2429254d62c8afb30970db 100644

--- a/ipaserver/install/server/install.py

+++ b/ipaserver/install/server/install.py

@@ -32,7 +32,8 @@ from ipaserver.install import (

     otpdinstance, replication, service, sysupgrade)

 from ipaserver.install.installutils import (

     IPA_MODULES, BadHostError, get_fqdn, get_server_ip_address,

-    is_ipa_configured, load_pkcs12, read_password, verify_fqdn)

+    is_ipa_configured, load_pkcs12, read_password, verify_fqdn,

+    update_hosts_file)

 from ipaserver.plugins.ldap2 import ldap2

 try:

     from ipaserver.install import adtrustinstance

@@ -607,10 +608,15 @@ def install_check(installer):

         dns.install_check(False, False, options, host_name)

         ip_addresses = dns.ip_addresses

     else:

-        ip_addresses = get_server_ip_address(host_name, fstore,

+        ip_addresses = get_server_ip_address(host_name,

                                              not installer.interactive, False,

                                              options.ip_addresses)

+    # installer needs to update hosts file when DNS subsystem will be

+    # installed or custom addresses are used

+    if options.ip_addresses or options.setup_dns:

+        installer._update_hosts_file = True

+

     print

     print "The IPA Master Server will be configured with:"

     print "Hostname:       %s" % host_name

@@ -709,6 +715,9 @@ def install(installer):

         # configure /etc/sysconfig/network to contain the custom hostname

         tasks.backup_and_replace_hostname(fstore, sstore, host_name)

+    if installer._update_hosts_file:

+        update_hosts_file(ip_addresses, host_name, fstore)

+

     # Create DS user/group if it doesn't exist yet

     dsinstance.create_ds_user()

@@ -1494,6 +1503,7 @@ class Server(common.Installable, common.Interactive, core.Composite):

         self._external_cert_file = None

         self._external_ca_file = None

         self._ca_cert = None

+        self._update_hosts_file = False

         #pylint: disable=no-member

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py

index 0725c7763e505ca0cc5a8892414a3c36c557cf1d..6f9a6141fe9af44806244ce52df59c191dc966b0 100644

--- a/ipaserver/install/server/replicainstall.py

+++ b/ipaserver/install/server/replicainstall.py

@@ -502,11 +502,17 @@ def install_check(installer):

     if options.setup_dns:

         dns.install_check(False, True, options, config.host_name)

+        config.ips = dns.ip_addresses

     else:

         config.ips = installutils.get_server_ip_address(

-            config.host_name, fstore, not installer.interactive, False,

+            config.host_name, not installer.interactive, False,

             options.ip_addresses)

+    # installer needs to update hosts file when DNS subsystem will be

+    # installed or custom addresses are used

+    if options.setup_dns or options.ip_addresses:

+        installer._update_hosts_file = True

+

     # check connection

     if not options.skip_conncheck:

         replica_conn_check(

@@ -528,6 +534,9 @@ def install(installer):

     dogtag_constants = dogtag.install_constants

+    if installer._update_hosts_file:

+        installutils.update_hosts_file(config.ips, config.host_name, fstore)

+

     # Create DS user/group if it doesn't exist yet

     dsinstance.create_ds_user()

@@ -785,6 +794,7 @@ class Replica(common.Installable, common.Interactive, core.Composite):

         self._top_dir = None

         self._config = None

+        self._update_hosts_file = False

         #pylint: disable=no-member

-- 

2.5.1