Call generate-rndc-key.sh during ipa-server-install

Since systemd has by default a 2 minute timeout to start a service, the end of ipa-server-install might fail because starting named times out. This patch ensures that generate-rndc-key.sh runs before named service restart. Also, warning message is displayed before KDC install and generate-rndc-key.sh, if there is a lack of entropy, to notify the user that the process could take more time than expected. Modifications done by Martin Kosek: - removed whitespace at the end of installutils.py - the warning in krbinstance.py moved right before the step requiring entropy - slightly reworded the warning message https://fedorahosted.org/freeipa/ticket/4210 Reviewed-By: Martin Kosek <mkosek@redhat.com>
2025-02-25 18:55:28 -06:00 · 2014-04-18 15:44:11 +02:00
parent d6a4da30de
commit 71c6d2f1eb
3 changed files with 29 additions and 1 deletions
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -523,6 +523,9 @@ class BindInstance(service.Service):
        if installutils.record_in_hosts(self.ip_address, self.fqdn) is None:
            installutils.add_record_to_hosts(self.ip_address, self.fqdn)

+        # Make sure generate-rndc-key.sh runs before named restart
+        self.step("generating rndc key file", self.__generate_rndc_key)
+
        if self.first_instance:
            self.step("adding DNS container", self.__setup_dns_container)

@@ -820,6 +823,10 @@ class BindInstance(service.Service):
        except IOError as e:
            root_logger.error('Could not write to resolv.conf: %s', e)

+    def __generate_rndc_key(self):
+        installutils.check_entropy()
+        ipautil.run(['/usr/libexec/generate-rndc-key.sh'])
+
    def add_master_dns_records(self, fqdn, ip_address, realm_name, domain_name,
                               reverse_zone, ntp=False, ca_configured=None):
        self.fqdn = fqdn
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -41,7 +41,7 @@ from ipalib.util import validate_hostname
 from ipapython import config
 from ipalib import errors
 from ipapython.dn import DN
-from ipaserver.install import certs
+from ipaserver.install import certs, service
 from ipapython import services as ipaservices

 # Used to determine install status
@@ -846,3 +846,21 @@ def stopped_service(service, instance_name=""):
        finally:
            root_logger.debug('Starting %s%s.', service, log_instance_name)
            ipaservices.knownservices[service].start(instance_name)
+
+def check_entropy():
+    '''
+    Checks if the system has enough entropy, if not, displays warning message
+    '''
+    try:
+        with open('/proc/sys/kernel/random/entropy_avail', 'r') as efname:
+            if int(efname.read()) < 200:
+                emsg = 'WARNING: Your system is running out of entropy, ' \
+                        'you may experience long delays'
+                service.print_msg(emsg)
+                root_logger.debug(emsg)
+    except IOError as e:
+        root_logger.debug("Could not open /proc/sys/kernel/random/entropy_avail: %s" % \
+            e)
+    except ValueError as e:
+        root_logger.debug("Invalid value in /proc/sys/kernel/random/entropy_avail %s" % \
+            e)
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -326,6 +326,9 @@ class KrbInstance(service.Service):
            os.chmod(path, chmod)

    def __init_ipa_kdb(self):
+        # kdb5_util may take a very long time when entropy is low
+        installutils.check_entropy()
+
        #populate the directory with the realm structure
        args = ["kdb5_util", "create", "-s",
                                       "-r", self.realm,