Exit if a DNS A or AAAA record doesn't exist for the replica we are preparing.

Without this it is possible to prepare a replica for a host that doesn't exist in DNS. The result when this replica file is installed is that replication will fail because the master won't be able to communicate to the replica by name. ticket 680
2025-01-27 16:46:42 -06:00 · 2011-01-10 17:16:25 -05:00 · 2011-01-10 17:16:25 -05:00 · 06179dc105
commit 06179dc105
parent 371ce528fb
3 changed files with 35 additions and 5 deletions
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@ -245,6 +245,22 @@ def main():
    if not options.pkinit_pkcs12 and not certs.ipa_self_signed():
        options.setup_pkinit = False

+    try:
+        installutils.verify_fqdn(replica_fqdn)
+    except RuntimeError, e:
+        msg = str(e)
+        if msg.startswith('Unable to resolve host name'):
+            if options.ip_address is None:
+                if bindinstance.dns_container_exists(api.env.host,
+                    api.env.basedn):
+                    msg += '\nAdd the --ip-address argument to create a DNS entry.'
+                sys.exit(msg)
+            else:
+                # The host doesn't exist in DNS but we're adding it.
+                pass
+        else:
+            sys.exit(msg)
+
    if options.ip_address:
        if not bindinstance.dns_container_exists(api.env.host, api.env.basedn):
            print "You can't add a DNS record because DNS is not set up."
@ -255,6 +271,12 @@ def main():

    check_ipa_configuration(api.env.realm)

+    if not options.ip_address:
+        try:
+            api.Command['dns_resolve'](replica_fqdn)
+        except errors.NotFound:
+            sys.exit("Neither an A nor AAAA record for host '%s' does not exist in DNS.\nUse the --ip-address option to add DNS entries for the replica." % replica_fqdn)
+
    if api.env.host == replica_fqdn:
        print "You can't create a replica on itself"
        sys.exit(1)
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@ -923,9 +923,17 @@ class dns_resolve(Command):
            query = '%s.%s.' % (query, api.env.domain)
        if query[-1] != '.':
            query = query + '.'
-        rr = dnsclient.query(query, dnsclient.DNS_C_IN, dnsclient.DNS_T_A)
-        self.log.debug('%s' % rr)
-        if len(rr) == 0:
+        reca = dnsclient.query(query, dnsclient.DNS_C_IN, dnsclient.DNS_T_A)
+        rec6 = dnsclient.query(query, dnsclient.DNS_C_IN, dnsclient.DNS_T_AAAA)
+        records = reca + rec6
+        found = False
+        for rec in records:
+            if rec.dns_type == dnsclient.DNS_T_A or \
+              rec.dns_type == dnsclient.DNS_T_AAAA:
+                found = True
+                break
+
+        if not found:
            raise errors.NotFound(reason=_('Host \'%(host)s\' not found' % {'host':query}))

        return dict(result=True, value=query)
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@ -99,7 +99,7 @@ def verify_dns_records(host_name, responses, resaddr, family):

 def verify_fqdn(host_name,no_host_dns=False):
    if len(host_name.split(".")) < 2 or host_name == "localhost.localdomain":
-        raise RuntimeError("Invalid hostname: " + host_name)
+        raise RuntimeError("Invalid hostname '%s', must be fully-qualified." % host_name)

    try:
        hostaddr = socket.getaddrinfo(host_name, None)
@ -129,7 +129,7 @@ def verify_fqdn(host_name,no_host_dns=False):
    if len(rs) != 0:
        for rsn in rs:
            if rsn.dns_type == dnsclient.DNS_T_CNAME:
-                raise RuntimeError("The IPA Server Hostname cannot be a CNAME, only A names are allowed.")
+                raise RuntimeError("The IPA Server Hostname cannot be a CNAME, only A and AAAA names are allowed.")

    # Verify that it is a DNS A or AAAA record
    rs = dnsclient.query(host_name+".", dnsclient.DNS_C_IN, dnsclient.DNS_T_A)