Bug 432066
| Summary: | installation scripts and othe parts derive domain name from host name | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Retired] freeIPA | Reporter: | Simo Sorce <ssorce> | ||||
| Component: | ipa-server | Assignee: | Rob Crittenden <rcritten> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 1.0 | CC: | benl | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | freeipa-2.0.0-1.fc15 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-03-27 07:16:16 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 429034 | ||||||
| Attachments: |
|
||||||
So basically what I need to do is add a new argument for domain_name in the
create_instance() functions so that we don't do this:
freeipa/ipaserver/dsinstance.py: self.domain =
host_name[host_name.find(".")+1:]
freeipa/ipaserver/bindinstance.py: self.domain = fqdn[fqdn.find(".")+1:]
freeipa/ipaserver/httpinstance.py: self.domain = fqdn[fqdn.find(".")+1:]
This looks like a more general bug because we ignore the domain altogether other
than using it to create the realm. We need to pass this along even for the
master install.
This is going to require us to store the initial domain name somewhere so we can pass it along when we create replication agreements. /etc/ipa/ipa.conf seems like a logic place to put it but I don't think there is a way to discover it. We don't currently store it in either LDAP or DNS (that I can see). One option is to leave it in /etc/ipa/ipa.conf only. This value is only needed on the first master (as it should be the only one to create replicas). The other option is to create a separate file for this. Either would have the positive side-effect of easily preventing other replicas to create replicas because they would lack this file/value. (In reply to comment #2) > This is going to require us to store the initial domain name somewhere so we can > pass it along when we create replication agreements. /etc/ipa/ipa.conf seems > like a logic place to put it but I don't think there is a way to discover it. We > don't currently store it in either LDAP or DNS (that I can see). I am not sure what you mean by this. The domain name is definitely in DNS :-) And it is the base of the zone where SRV records hang on. So far it is also == REALM (there fore it is $SUFFIX in LDAP) If we need it explicitly tho, I'd store it in LDAP somwhere. > One option is to leave it in /etc/ipa/ipa.conf only. This value is only needed > on the first master (as it should be the only one to create replicas). The other > option is to create a separate file for this. Either would have the positive > side-effect of easily preventing other replicas to create replicas because they > would lack this file/value. Replicas can't generate further replicas because they lack the master certificate anyway, right ? Anyway text files are bad for us, I'd avoid them in most cases unless we have no way to store something in LDAP. I can't assume that they are using our bind zone and REALM doesn't have to be the upper-case version of the domain. Good point about the CA. I'm not sure where to store this in LDAP, any suggestions? I guess we could add a new attribute in the ipaconfig objectclass. yes adding it to ipaconfig sounds ok Created attachment 295056 [details]
determine domain at install time. Use that when creating replicas
Committed in changeset 651 the solution is to store ream information into ream_info file QA Verified on May 28, 2008 (Yi) Build used: May 28, 2008 (i386) |
Description of problem: Installation scripts assume the DSN domain name to always be the hostnme minus the host specific part (eg. hostname[hostname.find(".")+1:] This may lead to incorrect setup on replicas in other geographies or depratemts, etc... where the local DNS setup would require a different domain. example: First Master has name: master.example.com Replica has name: replica.nyc.example.com In this case the scripts running on the first server would coma up with domain_name = example.com Scripts running on replica with nyc.example.com In some cases this might be the right thing, in others it won't, we need to asses when it is ok, and when instead we need to use the master's domain name.