Bug 433515 - Server setup script should validate hostname and A / PTR dns records
Summary: Server setup script should validate hostname and A / PTR dns records
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: freeIPA
Classification: Retired
Component: ipa-server
Version: unspecified
Hardware: All
OS: Linux
high
low
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 429034
TreeView+ depends on / blocked
 
Reported: 2008-02-19 19:40 UTC by Daniel Berrangé
Modified: 2015-01-04 23:30 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-09-03 14:34:20 UTC
Embargoed:

Attachments (Terms of Use)
require DNS A record, match A record to PTR (2.12 KB, patch)
2008-03-03 21:11 UTC, Rob Crittenden 		no flags Details | Diff
make sure /etc/hosts is sane (2.91 KB, patch)
2008-03-06 18:18 UTC, Rob Crittenden 		no flags Details | Diff
View All

Description Daniel Berrangé 2008-02-19 19:40:24 UTC 
Description of problem:
When deploying IPA server, we've had several people fail due to incorrect
hostname / DNS settings.

In one case /etc/sysconfig/network HOSTNAME setting was bogus, not matching the
configured ip address. In another case the reverse DNS was incorrect.
The resulting kerberos problems are essentially impossible to diagnose except
through guess-work / luck

These are both issues that it ought to be possible to detect at time of setup.

eg,

  - Run 'hostname' command & capture output
  - Verify that you can resolve the hostname to an IP address
  - Verify that the hostname is an A record, not a CNAME
  - Verify that the IP address matches that configured for one of the ethN devices
  - Resolve the IP address back to a hostname
  - Verify that the hostname matches the original hostname

Version-Release number of selected component (if applicable):
ipa-0.99-9.fc8                            dist-f8-updates-candidate  rcritten

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Rob Crittenden 2008-03-03 21:11:20 UTC 
Created attachment 296678 [details]
require DNS A record, match A record to PTR

This gets us most of the way there. What's left is to ensure that the hostname
is configured to an operational ethernet address. I'm not sure how I'm going to
do that.
Comment 2 Rob Crittenden 2008-03-05 16:02:47 UTC 
Committed in changeset 707
Comment 3 Rob Crittenden 2008-03-06 18:18:26 UTC 
Created attachment 297085 [details]
make sure /etc/hosts is sane

More fixes:

Verify that the hostname is correct in /etc/hosts
Fix an issue with reverse lookups on x86_64
Don't ignore exceptions when getting the hostname from the user
Comment 4 Rob Crittenden 2008-03-17 16:26:43 UTC 
Committed /etc/hosts fix in changeset 716
Comment 5 Yi Zhang 2008-04-11 23:15:57 UTC 
Hi:
The ipa install script correctly detects the configed hostname does not match
DNS record, and it output some msg as below,
=====================================================================
Server host name [wrong.ipaqa.com]:

Warning: Hostname (wrong.ipaqa.com) not found in DNS
The domain name has been calculated based on the host name.

Please confirm the domain name [ipaqa.com]:

The IPA Master Server will be configured with
Hostname:    wrong.ipaqa.com
IP address:  172.16.142.140
Domain name: ipaqa.com
=================================================================

If user just hit enter, the installation will continue and finish it.

My question is: is this a right fix? if it is, then I will close the bug

Yi
Comment 6 Rob Crittenden 2008-04-14 14:11:32 UTC 
Yes. We warn them that things may not work but if they want to install anyway we
can go ahead and let them (maybe they'll setup DNS afterward).
Comment 7 Chandrasekar Kannan 2008-04-16 01:39:18 UTC 
this one is fixed.

marking bug verified.
Note You need to log in before you can comment on or make changes to this bug.