ipa-{server,replica}-install: add too-restritive mask detection

If the mask used during the installation is "too restrictive", ie.0027, installing FreeIPA results in a broken server or replica. Check for too-restrictive mask at install time and error out. Fixes: https://pagure.io/freeipa/issue/7193 Signed-off-by: François Cami <fcami@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2025-02-25 18:55:28 -06:00 · 2019-03-12 22:30:39 +01:00
parent f2e7c3f68b
commit f90a4b9554
3 changed files with 28 additions and 2 deletions
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -41,7 +41,7 @@ from ipaserver.install import (
    adtrust, bindinstance, ca, dns, dsinstance, httpinstance,
    installutils, kra, krbinstance, otpdinstance, custodiainstance, service)
 from ipaserver.install.installutils import (
-    ReplicaConfig, load_pkcs12, is_ipa_configured)
+    ReplicaConfig, load_pkcs12, is_ipa_configured, validate_mask)
 from ipaserver.install.replication import (
    ReplicationManager, replica_conn_check)
 from ipaserver.masters import find_providing_servers, find_providing_server
@@ -570,6 +570,11 @@ def common_check(no_ntp):
    tasks.check_selinux_status()
    check_ldap_conf()

+    mask_str = validate_mask()
+    if mask_str:
+        raise ScriptError(
+            "Unexpected system mask: %s, expected 0022" % mask_str)
+
    if is_ipa_configured():
        raise ScriptError(
            "IPA server is already configured on this system.\n"