Bug 433515

Summary: Server setup script should validate hostname and A / PTR dns records
Product: [Retired] freeIPA Reporter: Daniel BerrangĂ© <berrange>
Component: ipa-serverAssignee: Rob Crittenden <rcritten>
Status: CLOSED CURRENTRELEASE QA Contact: Chandrasekar Kannan <ckannan>
Severity: low Docs Contact:
Priority: high    
Version: unspecifiedCC: benl
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-09-03 14:34:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 429034    
Attachments:
Description Flags
require DNS A record, match A record to PTR
none
make sure /etc/hosts is sane none

Description Daniel Berrangé 2008-02-19 19:40:24 UTC 
Description of problem:
When deploying IPA server, we've had several people fail due to incorrect
hostname / DNS settings.

In one case /etc/sysconfig/network HOSTNAME setting was bogus, not matching the
configured ip address. In another case the reverse DNS was incorrect.
The resulting kerberos problems are essentially impossible to diagnose except
through guess-work / luck

These are both issues that it ought to be possible to detect at time of setup.

eg,

  - Run 'hostname' command & capture output
  - Verify that you can resolve the hostname to an IP address
  - Verify that the hostname is an A record, not a CNAME
  - Verify that the IP address matches that configured for one of the ethN devices
  - Resolve the IP address back to a hostname
  - Verify that the hostname matches the original hostname

Version-Release number of selected component (if applicable):
ipa-0.99-9.fc8                            dist-f8-updates-candidate  rcritten

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Rob Crittenden 2008-03-03 21:11:20 UTC 
Created attachment 296678 [details]
require DNS A record, match A record to PTR

This gets us most of the way there. What's left is to ensure that the hostname
is configured to an operational ethernet address. I'm not sure how I'm going to
do that.
Comment 2 Rob Crittenden 2008-03-05 16:02:47 UTC 
Committed in changeset 707
Comment 3 Rob Crittenden 2008-03-06 18:18:26 UTC 
Created attachment 297085 [details]
make sure /etc/hosts is sane

More fixes:

Verify that the hostname is correct in /etc/hosts
Fix an issue with reverse lookups on x86_64
Don't ignore exceptions when getting the hostname from the user
Comment 4 Rob Crittenden 2008-03-17 16:26:43 UTC 
Committed /etc/hosts fix in changeset 716
Comment 5 Yi Zhang 2008-04-11 23:15:57 UTC 
Hi:
The ipa install script correctly detects the configed hostname does not match
DNS record, and it output some msg as below,
=====================================================================
Server host name [wrong.ipaqa.com]:

Warning: Hostname (wrong.ipaqa.com) not found in DNS
The domain name has been calculated based on the host name.

Please confirm the domain name [ipaqa.com]:

The IPA Master Server will be configured with
Hostname:    wrong.ipaqa.com
IP address:  172.16.142.140
Domain name: ipaqa.com
=================================================================

If user just hit enter, the installation will continue and finish it.

My question is: is this a right fix? if it is, then I will close the bug

Yi
Comment 6 Rob Crittenden 2008-04-14 14:11:32 UTC 
Yes. We warn them that things may not work but if they want to install anyway we
can go ahead and let them (maybe they'll setup DNS afterward).
Comment 7 Chandrasekar Kannan 2008-04-16 01:39:18 UTC 
this one is fixed.

marking bug verified.