Bug 1033763

Summary: oo-diagnostics DNS-checking test is too strict
Product: OpenShift Container Platform Reporter: Brenton Leanhardt <bleanhar>
Component: NodeAssignee: Luke Meyer <lmeyer>
Status: CLOSED ERRATA QA Contact: libra bugs <libra-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 1.2.0CC: adellape, bleanhar, libra-onpremise-devel, lmeyer, xiama, xtian
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rubygem-openshift-origin-common-1.8.16-1.el6op Doc Type: Bug Fix
Doc Text:
Previously, the default DNS health check performed by the oo-diagnostics command was too strict. If administrators configured their DNS server to disable recursion, the command would report a problem. The oo-diagnostics command now simply ensures that it receives a response during the default DNS health check.
 Story Points: ---
Clone Of: 1033701 Environment:
Last Closed: 2014-01-13 15:06:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1033701    
Bug Blocks:    

Description Brenton Leanhardt 2013-11-22 19:39:50 UTC 
+++ This bug was initially created as a clone of Bug #1033701 +++

Description of problem:
The first test in oo-diagnostics checks that the first DNS server in /etc/resolv.conf is working properly. It checks for an NXDOMAIN response on a bogus domain. There are other valid responses that would not indicate a problem. For now it seems best to just validate that the server responds at all.

Steps to Reproduce:
1. Install an OSE system including BIND
2. Reconfigure BIND /etc/named.conf with "recursion no;" instead of "yes".
3. Run oo-diagnostics

Actual results:
Fails because server returns "REFUSED", not "NXDOMAIN".

Expected results:
Test should pass.

Additional info:
Other servers could also respond with other valid codes.
The best we can do in the general case is test that the server is at least responding, as the server being down or unreachable is the most common cause of problems. We could do better validating the actual app domain on brokers or nodes, but save that for a later update.

--- Additional comment from Luke Meyer on 2013-11-22 11:51:15 EST ---

origin-server:
commit e3e29eb1e9b40d275b0d4a6bd78544416f741c73
Author: Luke Meyer <lmeyer>
Date:   Fri Nov 22 11:34:08 2013 -0500

    <oo-diagnostics> loosen DNS test - bug 1033701

enterprise-1.2.z: commit c2b71ca01ebb6eb0839b83f8fceb6e73b679918b
enterprise-2.0: commit 90b1a61113635e4e8fa1db667ac039228b048092

--- Additional comment from RHEL Product and Program Management on 2013-11-22 11:56:28 EST ---

Since this issue was entered in bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

--- Additional comment from Brenton Leanhardt on 2013-11-22 13:23:55 EST ---

I'll move this to ON_QA once RC2 is built.
Comment 1 Brenton Leanhardt 2013-11-22 19:40:32 UTC 
Creating the OSE 1.2.z BZ.
Comment 4 Ma xiaoqiang 2013-12-16 09:05:20 UTC 
check it on puddle [2.0/2013-12-09.3]
rubygem-openshift-origin-common-1.17.2.2-1.el6op.noarch
1.Reconfigure BIND /etc/named.conf with "recursion no;" instead of "yes".
#vim /etc/named.conf
[snip]
 recursion no;
[snip]
#/etc/init.d/named restart
2.Run oo-diagnostics
# oo-diagnostics 
[snip]
FAIL: rescue in block in run_tests
error running test_broker_certificate: #<NoMethodError: undefined method `scan' for nil:NilClass>
WARN: test_yum_configuration
        oo-admin-yum-validator is not installed. Please install with:
          yum install openshift-enterprise-release-2.0
        This tool helps validate and fix your package source
        configuration. Incorrect configuration could lead to
        failure to install the correct RPMs.

4 WARNINGS
1 ERRORS
Comment 6 errata-xmlrpc 2014-01-13 15:06:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0019.html