Bug 433515 - Server setup script should validate hostname and A / PTR dns records
Server setup script should validate hostname and A / PTR dns records
Status: CLOSED CURRENTRELEASE
Product: freeIPA
Classification: Community
Component: ipa-server (Show other bugs)
unspecified
All Linux
high Severity low
: ---
: ---
Assigned To: Rob Crittenden
Chandrasekar Kannan
:
Depends On:
Blocks: 429034
  Show dependency treegraph
 
Reported: 2008-02-19 14:40 EST by Daniel Berrange
Modified: 2015-01-04 18:30 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-09-03 10:34:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
require DNS A record, match A record to PTR (2.12 KB, patch)
2008-03-03 16:11 EST, Rob Crittenden
no flags Details | Diff
make sure /etc/hosts is sane (2.91 KB, patch)
2008-03-06 13:18 EST, Rob Crittenden
no flags Details | Diff

  None (edit)
Description Daniel Berrange 2008-02-19 14:40:24 EST
Description of problem:
When deploying IPA server, we've had several people fail due to incorrect
hostname / DNS settings.

In one case /etc/sysconfig/network HOSTNAME setting was bogus, not matching the
configured ip address. In another case the reverse DNS was incorrect.
The resulting kerberos problems are essentially impossible to diagnose except
through guess-work / luck

These are both issues that it ought to be possible to detect at time of setup.

eg,

  - Run 'hostname' command & capture output
  - Verify that you can resolve the hostname to an IP address
  - Verify that the hostname is an A record, not a CNAME
  - Verify that the IP address matches that configured for one of the ethN devices
  - Resolve the IP address back to a hostname
  - Verify that the hostname matches the original hostname

Version-Release number of selected component (if applicable):
ipa-0.99-9.fc8                            dist-f8-updates-candidate  rcritten

How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Rob Crittenden 2008-03-03 16:11:20 EST
Created attachment 296678 [details]
require DNS A record, match A record to PTR

This gets us most of the way there. What's left is to ensure that the hostname
is configured to an operational ethernet address. I'm not sure how I'm going to
do that.
Comment 2 Rob Crittenden 2008-03-05 11:02:47 EST
Committed in changeset 707
Comment 3 Rob Crittenden 2008-03-06 13:18:26 EST
Created attachment 297085 [details]
make sure /etc/hosts is sane

More fixes:

Verify that the hostname is correct in /etc/hosts
Fix an issue with reverse lookups on x86_64
Don't ignore exceptions when getting the hostname from the user
Comment 4 Rob Crittenden 2008-03-17 12:26:43 EDT
Committed /etc/hosts fix in changeset 716
Comment 5 Yi Zhang 2008-04-11 19:15:57 EDT
Hi:
The ipa install script correctly detects the configed hostname does not match
DNS record, and it output some msg as below,
=====================================================================
Server host name [wrong.ipaqa.com]:

Warning: Hostname (wrong.ipaqa.com) not found in DNS
The domain name has been calculated based on the host name.

Please confirm the domain name [ipaqa.com]:

The IPA Master Server will be configured with
Hostname:    wrong.ipaqa.com
IP address:  172.16.142.140
Domain name: ipaqa.com
=================================================================

If user just hit enter, the installation will continue and finish it.

My question is: is this a right fix? if it is, then I will close the bug

Yi
Comment 6 Rob Crittenden 2008-04-14 10:11:32 EDT
Yes. We warn them that things may not work but if they want to install anyway we
can go ahead and let them (maybe they'll setup DNS afterward).
Comment 7 Chandrasekar Kannan 2008-04-15 21:39:18 EDT
this one is fixed.

marking bug verified.

Note You need to log in before you can comment on or make changes to this bug.