diff --git a/infra/image/system-service/fixipaip.service b/infra/image/system-service/fixipaip.service
index 6dde6ae8403abaac251c05060d1cc31e9d741b00..95db1180825ddc93b60d65fbf6778587cb36b6c4 100644
--- a/infra/image/system-service/fixipaip.service
+++ b/infra/image/system-service/fixipaip.service
@@ -5,6 +5,8 @@ After=multi-user.target
[Service]
Type=oneshot
ExecStart=/root/fixipaip.sh
+StandardOutput=journal
+StandardError=journal
[Install]
WantedBy=default.target
diff --git a/infra/image/system-service/fixipaip.sh b/infra/image/system-service/fixipaip.sh
index dd638fa029eb6b958de06beb557153ddd1300413..599aa15a2b795aa07bc63303409bfdff1f141c8e 100755
--- a/infra/image/system-service/fixipaip.sh
+++ b/infra/image/system-service/fixipaip.sh
@@ -1,26 +1,82 @@
#!/bin/bash -eu
+function valid_fqdn()
+{
+ local name="${1}"
+
+ [[ "${name}" =~ [[:space:]] ]] && return 1
+ [[ "${name}" =~ \. ]] || return 1
+ [[ "${name}" =~ \.\. ]] && return 1
+ for i in ${name//./ }; do
+ [[ "${i}" =~ ^[a-z0-9_/]+$ ]] || return 1
+ done
+ [[ "${name}" == "localhost.localdomain" ]] && return 1
+ return 0
+}
+
+function valid_ipv4()
+{
+ local ip="${1}"
+ local rematch="^([0-9]{1,3}\.){3}[0-9]{1,3}$"
+
+ [[ "${ip}" =~ ${rematch} ]] || return 1
+ for i in ${ip//./ }; do
+ [[ ${i} -le 255 ]] || return 1
+ done
+
+ return 0
+}
+
HOSTNAME=$(hostname)
IP=$(hostname -I | cut -d " " -f 1)
+export KRB5CCNAME=ansible_freeipa_cache
-if [ -z "${HOSTNAME}" ]; then
- echo "ERROR: Failed to retrieve hostname."
+if [ -z "${HOSTNAME}" ] || ! valid_fqdn "${HOSTNAME}" ; then
+ echo "ERROR: Got invalid hostname: '${HOSTNAME}'"
exit 1
fi
-if [ -z "${IP}" ]; then
- echo "ERROR: Failed to retrieve IP address."
+if [ -z "${IP}" ] || ! valid_ipv4 "${IP}" ; then
+ echo "ERROR: Got invalid IPv4 address: '${IP}'"
exit 1
fi
+PTR=$(echo "${IP}" | awk -F"." '{print $4}')
+if [ -z "${PTR}" ] || [ -n "${PTR//[0-9]}" ]; then
+ echo "ERROR: Failed to get PTR from IPv4 address: '${PTR}'"
+ exit 1
+fi
+
+echo "Fix IPA IP:"
+echo " HOSTNAME: '${HOSTNAME}'"
+echo " IP: '${IP}'"
+echo " PTR: '${PTR}'"
-if ! echo "SomeADMINpassword" | kinit -c ansible_freeipa_cache admin
+if ! echo "SomeADMINpassword" | kinit -c "${KRB5CCNAME}"
then
echo "ERROR: Failed to obtain Kerberos ticket"
exit 1
fi
-KRB5CCNAME=ansible_freeipa_cache \
- ipa dnsrecord-mod test.local "${HOSTNAME%%.*}" --a-rec="$IP"
-KRB5CCNAME=ansible_freeipa_cache \
- ipa dnsrecord-mod test.local ipa-ca --a-rec="$IP"
-kdestroy -c ansible_freeipa_cache -A
+
+ZONES=$(ipa dnszone-find --name-from-ip="${HOSTNAME}." --raw --pkey-only \
+ | grep "idnsname:" | awk -F": " '{print $2}')
+for zone in ${ZONES}; do
+ echo
+ if [[ "${zone}" == *".in-addr.arpa."* ]]; then
+ echo "Fixing reverse zone ${zone}:"
+ OLD_PTR=$(ipa dnsrecord-find "${zone}" --ptr-rec="${HOSTNAME}." \
+ --raw | grep "idnsname:" | awk -F": " '{print $2}')
+ if [ -z "${OLD_PTR}" ] || [ -n "${OLD_PTR//[0-9]}" ]; then
+ echo "ERROR: Failed to get old PTR from '${zone}': '${OLD_PTR}'"
+ else
+ ipa dnsrecord-mod "${zone}" "${OLD_PTR}" --ptr-rec="${HOSTNAME}." \
+ --rename="${PTR}"
+ fi
+ else
+ echo "Fixing forward zone ${zone}:"
+ ipa dnsrecord-mod test.local "${HOSTNAME%%.*}" --a-rec="$IP"
+ ipa dnsrecord-mod test.local ipa-ca --a-rec="$IP"
+ fi
+done
+
+kdestroy -c "${KRB5CCNAME}" -A
exit 0
diff --git a/infra/image/system-service/fixnet.service b/infra/image/system-service/fixnet.service
index c481b19ee496c1076d1895f40d1ea9616e6acaa3..a546a2f2e7122a5a421ef6eb362c655fa669564a 100644
--- a/infra/image/system-service/fixnet.service
+++ b/infra/image/system-service/fixnet.service
@@ -7,6 +7,8 @@ Before=ipa.service
[Service]
Type=oneshot
ExecStart=/root/fixnet.sh
+StandardOutput=journal
+StandardError=journal
[Install]
WantedBy=ipa.service
diff --git a/infra/image/system-service/fixnet.sh b/infra/image/system-service/fixnet.sh
index 3fc05b515c2e0c79f4b16c182d02bf8f67ad4dd6..e4ee3dff69013a2f40bc91da31546b4d628a4067 100755
--- a/infra/image/system-service/fixnet.sh
+++ b/infra/image/system-service/fixnet.sh
@@ -1,24 +1,62 @@
#!/bin/bash -eu
+function valid_fqdn()
+{
+ local name="${1}"
+
+ [[ "${name}" =~ [[:space:]] ]] && return 1
+ [[ "${name}" =~ \. ]] || return 1
+ [[ "${name}" =~ \.\. ]] && return 1
+ for i in ${name//./ }; do
+ [[ "${i}" =~ ^[a-z0-9_/]+$ ]] || return 1
+ done
+ [[ "${name}" == "localhost.localdomain" ]] && return 1
+ return 0
+}
+
+function valid_ipv4()
+{
+ local ip="${1}"
+ local rematch="^([0-9]{1,3}\.){3}[0-9]{1,3}$"
+
+ [[ "${ip}" =~ ${rematch} ]] || return 1
+ for i in ${ip//./ }; do
+ [[ ${i} -le 255 ]] || return 1
+ done
+
+ return 0
+}
+
HOSTNAME=$(hostname)
IP=$(hostname -I | cut -d " " -f 1)
-if [ -z "${HOSTNAME}" ]; then
+if [ -z "${HOSTNAME}" ] || ! valid_fqdn "${HOSTNAME}" ; then
echo "ERROR: Failed to retrieve hostname."
exit 1
fi
-if [ -z "${IP}" ]; then
- echo "ERROR: Failed to retrieve IP address."
+if [ -z "${IP}" ] || ! valid_ipv4 "${IP}" ; then
+ echo "ERROR: Got invalid IPv4 address: '${IP}'"
exit 1
fi
-# shellcheck disable=SC2143
-if [ -n "$(grep -P "[[:space:]]${HOSTNAME}" /etc/hosts)" ]; then
- sed -ie "s/.*${HOSTNAME}/${IP}\t${HOSTNAME}/" /etc/hosts
+echo "Fix NET:"
+echo " HOSTNAME: '${HOSTNAME}'"
+echo " IP: '${IP}'"
+echo
+
+if grep -qE "^[^(#\s*)][0-9\.]+\s$HOSTNAME(\s|$)" /etc/hosts
+then
+ sed -i.bak -e "s/.*${HOSTNAME}/${IP}\t${HOSTNAME}/" /etc/hosts
else
- echo -e "$IP\t${HOSTNAME}" >> /etc/hosts
+ echo -e "$IP\t${HOSTNAME} ${HOSTNAME%%.*}" >> /etc/hosts
fi
echo "nameserver 127.0.0.1" > /etc/resolv.conf
+echo "/etc/hosts:"
+cat "/etc/hosts"
+echo
+echo "/etc/resolv.conf:"
+cat "/etc/resolv.conf"
+
exit 0