Don't allow the FQDN to match the domain on server installs

Without this the installation is successful but the DNS records will not work. With --setup-dns there will be no A record for the host (only an NS record) and the PTR record will point to the domain name. Fixes: https://pagure.io/freeipa/issue/9003 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2025-02-25 18:55:28 -06:00 · 2023-05-24 10:55:03 -04:00 · 2023-05-24 10:55:03 -04:00 · c2bce952d8
commit c2bce952d8
parent 1aea1cc29e
4 changed files with 37 additions and 0 deletions
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@ -525,6 +525,9 @@ def install_check(installer):

    domain_name = domain_name.lower()

+    if host_name.lower() == domain_name:
+        raise ScriptError("hostname cannot be the same as the domain name")
+
    if not options.realm_name:
        realm_name = read_realm_name(domain_name, not installer.interactive)
        logger.debug("read realm_name: %s\n", realm_name)
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@ -930,6 +930,9 @@ def promote_check(installer):
    installutils.verify_fqdn(config.master_host_name, options.no_host_dns,
                             local_hostname=not container_environment)

+    if config.host_name.lower() == config.domain_name.lower():
+        raise ScriptError("hostname cannot be the same as the domain name")
+
    ccache = os.environ['KRB5CCNAME']
    kinit_keytab('host/{env.host}@{env.realm}'.format(env=api.env),
                 paths.KRB5_KEYTAB,
--- a/ipatests/test_integration/test_installation.py
+++ b/ipatests/test_integration/test_installation.py
@ -2100,3 +2100,17 @@ class TestHostnameValidator(IntegrationTest):
                hostname = m.group(1)
                break
        assert hostname == self.master.hostname
+
+    def test_hostname_matching_domain(self):
+        # https://pagure.io/freeipa/issue/9003
+        # Prevent hostname from matching the domain
+        self.master.run_command(['hostname', self.master.hostname])
+        args = self.get_args(self.master)
+        args.extend(['--hostname', self.master.domain.name])
+        result = self.master.run_command(
+            args, raiseonerr=False,
+        )
+
+        assert result.returncode == 1
+        assert 'hostname cannot be the same as the domain name' \
+            in result.stderr_text
--- a/ipatests/test_integration/test_replica_promotion.py
+++ b/ipatests/test_integration/test_replica_promotion.py
@ -355,6 +355,23 @@ class TestWrongClientDomain(IntegrationTest):
        assert("An error occurred while removing SSSD" not in
               result.stdout_text)

+    def test_hostname_domain_matching(self):
+        client = self.replicas[0]
+        client.run_command(['ipa-client-install', '-U', '--domain',
+                            self.master.domain.name, '-w',
+                            self.master.config.admin_password,
+                            '-p', 'admin',
+                            '--server', self.master.hostname,
+                            '--hostname', self.master.domain.name])
+        Firewall(self.replicas[0]).enable_services(["freeipa-ldap",
+                                                    "freeipa-ldaps"])
+        result = client.run_command(['ipa-replica-install', '-U', '-w',
+                                     self.master.config.dirman_password],
+                                    raiseonerr=False)
+        assert result.returncode == 1
+        assert 'hostname cannot be the same as the domain name' \
+            in result.stderr_text
+

 class TestRenewalMaster(IntegrationTest):