Let replicas install without DNS

Let ipa-replica-prepare and ipa-replica-install work without
proper DNS records as records in /etc/hosts are sufficient for
DS replication.

  1) ipa-replica-prepare now just checks if the replica hostname
     is resolvable (DNS records are not required). It is now able
     to prepare a replica file even when the replica IP address is
     present in /etc/hosts only.
  2) ipa-replica-install is now able to proceed when the hostname
     is not resolvable. It uses an IP address passed in a new
     option --ip-address to create a record in /etc/hosts in the
     same way as ipa-server-install does.

https://fedorahosted.org/freeipa/ticket/2139

install/tools/ipa-replica-install

@@ -52,6 +52,9 @@ def parse_options():
     basic_group = OptionGroup(parser, "basic options")
     basic_group.add_option("--setup-ca", dest="setup_ca", action="store_true",
                       default=False, help="configure a dogtag CA")
+    basic_group.add_option("--ip-address", dest="ip_address",
+                      type="ip", ip_local=True,
+                      help="Replica server IP Address")
     basic_group.add_option("-p", "--password", dest="password", sensitive=True,
                       help="Directory Manager (existing master) password")
     basic_group.add_option("-w", "--admin-password", dest="admin_password", sensitive=True,
@@ -284,6 +287,9 @@ def main():
     global sstore
     sstore = sysrestore.StateFile('/var/lib/ipa/sysrestore')
 
+    global fstore
+    fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
+
     # check the bind is installed
     if options.setup_dns:
         check_bind()
@@ -334,6 +340,9 @@ def main():
     if not options.skip_conncheck:
         replica_conn_check(config.master_host_name, config.host_name, config.realm_name, options.setup_ca, options.admin_password)
 
+    # check replica host IP resolution
+    ip = installutils.get_server_ip_address(config.host_name, fstore, True, options)
+
     # Create the management framework config file
     # Note: We must do this before bootstraping and finalizing ipalib.api
     old_umask = os.umask(022)   # must be readable for httpd

install/tools/ipa-replica-prepare

@@ -298,12 +298,6 @@ def main():
 
     check_ipa_configuration(api.env.realm)
 
-    if not options.ip_address:
-        try:
-            api.Command['dns_resolve'](replica_fqdn.decode('utf-8'))
-        except errors.NotFound:
-            sys.exit("Neither an A nor AAAA record for host '%s' does not exist in DNS.\nUse the --ip-address option to add DNS entries for the replica." % replica_fqdn)
-
     if api.env.host == replica_fqdn:
         print "You can't create a replica on itself"
         sys.exit(1)

install/tools/ipa-server-install

@@ -730,65 +730,9 @@ def main():
 
     domain_name = domain_name.lower()
 
-    # Check we have a public IP that is associated with the hostname
+    ip = get_server_ip_address(host_name, fstore, options.unattended, options)
-    try:
-        hostaddr = resolve_host(host_name)
-    except HostnameLocalhost:
-        print >> sys.stderr, "The hostname resolves to the localhost address (127.0.0.1/::1)"
-        print >> sys.stderr, "Please change your /etc/hosts file so that the hostname"
-        print >> sys.stderr, "resolves to the ip address of your network interface."
-        print >> sys.stderr, "The KDC service does not listen on localhost"
-        print >> sys.stderr, ""
-        print >> sys.stderr, "Please fix your /etc/hosts file and restart the setup program"
-        sys.exit(1)
-
-    ip_add_to_hosts = False
-    if hostaddr is not None:
-        ip = CheckedIPAddress(hostaddr, match_local=True)
-    else:
-        # hostname is not resolvable
-        ip = options.ip_address
-        ip_add_to_hosts = True
-
-    if ip is None:
-        print "Unable to resolve IP address for host name"
-        if options.unattended:
-            sys.exit(1)
-
-    if options.ip_address:
-        if options.ip_address != ip and not options.setup_dns:
-            print >>sys.stderr, "Error: the hostname resolves to an IP address that is different"
-            print >>sys.stderr, "from the one provided on the command line.  Please fix your DNS"
-            print >>sys.stderr, "or /etc/hosts file and restart the installation."
-            return 1
-
-        ip = options.ip_address
-
-    if ip is None:
-        ip = read_ip_address(host_name, fstore)
-        root_logger.debug("read ip_address: %s\n" % str(ip))
-
     ip_address = str(ip)
 
-    # check /etc/hosts sanity, add a record when needed
-    hosts_record = record_in_hosts(ip_address)
-
-    if hosts_record is None:
-        if ip_add_to_hosts:
-            print "Adding ["+ip_address+" "+host_name+"] to your /etc/hosts file"
-            fstore.backup_file("/etc/hosts")
-            add_record_to_hosts(ip_address, host_name)
-    else:
-        primary_host = hosts_record[1][0]
-        if primary_host != host_name:
-            print >>sys.stderr, "Error: there is already a record in /etc/hosts for IP address %s:" \
-                    % ip_address
-            print >>sys.stderr, hosts_record[0], " ".join(hosts_record[1])
-            print >>sys.stderr, "Chosen hostname %s does not match configured canonical hostname %s" \
-                    % (host_name, primary_host)
-            print >>sys.stderr, "Please fix your /etc/hosts file and restart the installation."
-            return 1
-
     if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, ip):
         sys.exit(1)
 

install/tools/man/ipa-replica-install.1

@@ -32,6 +32,9 @@ The replica_file is created using the ipa\-replica\-prepare utility.
 Install and configure a CA on this replica. If a CA is not configured then
 certificate operations will be forwarded to a master with a CA installed.
 .TP
+\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
+The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail. If the server hostname is not resolvable, a record for the hostname and IP_ADDRESS is added to /etc/hosts.
+.TP
 \fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
 Directory Manager (existing master) password
 .TP

install/tools/man/ipa-server-install.1

@@ -46,7 +46,7 @@ The password for the IPA admin user
 The fully\-qualified DNS name of this server. If the hostname does not match system hostname, the system hostname will be updated accordingly to prevent service failures.
 .TP
 \fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
-The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail.
+The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail. If the server hostname is not resolvable, a record for the hostname and IP_ADDRESS is added to /etc/hosts.
 .TP
 \fB\-N\fR, \fB\-\-no\-ntp\fR
 Do not configure NTP

ipaserver/install/installutils.py

@@ -520,6 +520,68 @@ def get_host_name(no_host_dns):
     verify_fqdn(hostname, no_host_dns)
     return hostname
 
+def get_server_ip_address(host_name, fstore, unattended, options):
+    # Check we have a public IP that is associated with the hostname
+    try:
+        hostaddr = resolve_host(host_name)
+    except HostnameLocalhost:
+        print >> sys.stderr, "The hostname resolves to the localhost address (127.0.0.1/::1)"
+        print >> sys.stderr, "Please change your /etc/hosts file so that the hostname"
+        print >> sys.stderr, "resolves to the ip address of your network interface."
+        print >> sys.stderr, "The KDC service does not listen on localhost"
+        print >> sys.stderr, ""
+        print >> sys.stderr, "Please fix your /etc/hosts file and restart the setup program"
+        sys.exit(1)
+
+    ip_add_to_hosts = False
+    if hostaddr is not None:
+        ip = ipautil.CheckedIPAddress(hostaddr, match_local=True)
+    else:
+        # hostname is not resolvable
+        ip = options.ip_address
+        ip_add_to_hosts = True
+
+    if ip is None:
+        print "Unable to resolve IP address for host name"
+        if unattended:
+            sys.exit(1)
+
+    if options.ip_address:
+        if options.ip_address != ip and not options.setup_dns:
+            print >>sys.stderr, "Error: the hostname resolves to an IP address that is different"
+            print >>sys.stderr, "from the one provided on the command line.  Please fix your DNS"
+            print >>sys.stderr, "or /etc/hosts file and restart the installation."
+            sys.exit(1)
+
+        ip = options.ip_address
+
+    if ip is None:
+        ip = read_ip_address(host_name, fstore)
+        root_logger.debug("read ip_address: %s\n" % str(ip))
+
+    ip_address = str(ip)
+
+    # check /etc/hosts sanity, add a record when needed
+    hosts_record = record_in_hosts(ip_address)
+
+    if hosts_record is None:
+        if ip_add_to_hosts:
+            print "Adding ["+ip_address+" "+host_name+"] to your /etc/hosts file"
+            fstore.backup_file("/etc/hosts")
+            add_record_to_hosts(ip_address, host_name)
+    else:
+        primary_host = hosts_record[1][0]
+        if primary_host != host_name:
+            print >>sys.stderr, "Error: there is already a record in /etc/hosts for IP address %s:" \
+                    % ip_address
+            print >>sys.stderr, hosts_record[0], " ".join(hosts_record[1])
+            print >>sys.stderr, "Chosen hostname %s does not match configured canonical hostname %s" \
+                    % (host_name, primary_host)
+            print >>sys.stderr, "Please fix your /etc/hosts file and restart the installation."
+            sys.exit(1)
+
+    return ip
+
 def expand_replica_info(filename, password):
     """
     Decrypt and expand a replica installation file into a temporary