Red Hat Bugzilla – Bug 433515
Server setup script should validate hostname and A / PTR dns records
Last modified: 2015-01-04 18:30:51 EST
Description of problem:
When deploying IPA server, we've had several people fail due to incorrect
hostname / DNS settings.
In one case /etc/sysconfig/network HOSTNAME setting was bogus, not matching the
configured ip address. In another case the reverse DNS was incorrect.
The resulting kerberos problems are essentially impossible to diagnose except
through guess-work / luck
These are both issues that it ought to be possible to detect at time of setup.
- Run 'hostname' command & capture output
- Verify that you can resolve the hostname to an IP address
- Verify that the hostname is an A record, not a CNAME
- Verify that the IP address matches that configured for one of the ethN devices
- Resolve the IP address back to a hostname
- Verify that the hostname matches the original hostname
Version-Release number of selected component (if applicable):
ipa-0.99-9.fc8 dist-f8-updates-candidate rcritten
Steps to Reproduce:
Created attachment 296678 [details]
require DNS A record, match A record to PTR
This gets us most of the way there. What's left is to ensure that the hostname
is configured to an operational ethernet address. I'm not sure how I'm going to
Committed in changeset 707
Created attachment 297085 [details]
make sure /etc/hosts is sane
Verify that the hostname is correct in /etc/hosts
Fix an issue with reverse lookups on x86_64
Don't ignore exceptions when getting the hostname from the user
Committed /etc/hosts fix in changeset 716
The ipa install script correctly detects the configed hostname does not match
DNS record, and it output some msg as below,
Server host name [wrong.ipaqa.com]:
Warning: Hostname (wrong.ipaqa.com) not found in DNS
The domain name has been calculated based on the host name.
Please confirm the domain name [ipaqa.com]:
The IPA Master Server will be configured with
IP address: 172.16.142.140
Domain name: ipaqa.com
If user just hit enter, the installation will continue and finish it.
My question is: is this a right fix? if it is, then I will close the bug
Yes. We warn them that things may not work but if they want to install anyway we
can go ahead and let them (maybe they'll setup DNS afterward).
this one is fixed.
marking bug verified.