Bug 1215659
Summary: | Configuring katello-installer to use external DNS via GSS-TSIG does not provide a working configuration | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Rich Jerrido <rjerrido> |
Component: | Installation | Assignee: | Katello Bug Bin <katello-bugs> |
Status: | CLOSED ERRATA | QA Contact: | Kedar Bidarkar <kbidarka> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.1.0 | CC: | bbuckingham, bkearney, chpeters, cwelton, daobrien, jpazdziora, kbidarka, mburgerh, mmccune, nshaik, pdwyer, sghai, tkolhar, wburrows |
Target Milestone: | Unspecified | Keywords: | Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
URL: | http://projects.theforeman.org/issues/10436 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Configuring katello-installer to use external DNS via GSS-TSIG did not provide a working configuration. The templates were fixed to support this configuration.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2016-01-21 07:41:47 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1177570, 1281350 |
Description
Rich Jerrido
2015-04-27 11:53:31 UTC
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release. This issue is fixed with the following upstream commit. [https://github.com/theforeman/puppet-foreman_proxy/commit/753b65c2dad35a5887c46094061703d0a76e3c3c] With the dns.yml.erb from this commit on a satellite 6.1.3 system, the above command works as designed. Can we get this backported to the sat 6.1.x codebase? Connecting redmine issue http://projects.theforeman.org/issues/10436 from this bug Moving to POST since upstream bug http://projects.theforeman.org/issues/10436 has been closed ------------- Stefan Meyer Pull request: https://github.com/theforeman/puppet-foreman_proxy/pull/171 This failsQA as it causes a regression outlined here: https://bugzilla.redhat.com/show_bug.cgi?id=1296877 I'd vote we just close the above bug and resolve this one since it is the same code and usecase. *** Bug 1296877 has been marked as a duplicate of this bug. *** Ran the below command, ~]#katello-installer -v --capsule-dns true --capsule-dns-provider nsupdate_gss --capsule-dns-server x.x.x.x --capsule-dns-tsig-keytab /etc/foreman-proxy/dnsdude.keytab --capsule-dns-tsig-principal dnsdude --- # DNS management :enabled: https # valid providers: # dnscmd (Microsoft Windows native implementation) # nsupdate # nsupdate_gss (for GSS-TSIG support) # virsh (simple implementation for libvirt) :dns_provider: nsupdate_gss # use this setting if you are managing a dns server which is not localhost though this proxy :dns_server: x.x.x.x # use this setting if you want to override default TTL setting (86400) :dns_ttl: 86400 # use dns_tsig_* for GSS-TSIG updates using Kerberos. Required for Windows MS DNS with # Secure Dynamic Updates, or BIND as used in FreeIPA. Set dns_provider to nsupdate_gss. :dns_tsig_keytab: /etc/foreman-proxy/dnsdude.keytab :dns_tsig_principal: dnsdude # dns_key must be disabled if nsupdate_gss is used #:dns_key: /etc/rndc.key Capsule features in 'Infrastructure->Capsules' shows "DNS" Feature. ----------------------------------------------------------------------- With 'katello-installer --capsule-dns false', Capsule features in 'Infrastructure->Capsules' Does not show "DNS" Feature. Is this required ? As per the initial bug request "Actual Result" 2). Please confirm. # DNS management :enabled: false # valid providers: # dnscmd (Microsoft Windows native implementation) # nsupdate # nsupdate_gss (for GSS-TSIG support) # virsh (simple implementation for libvirt) :dns_provider: nsupdate_gss # use this setting if you are managing a dns server which is not localhost though this proxy :dns_server: x.x.x.x # use this setting if you want to override default TTL setting (86400) :dns_ttl: 86400 # use dns_tsig_* for GSS-TSIG updates using Kerberos. Required for Windows MS DNS with # Secure Dynamic Updates, or BIND as used in FreeIPA. Set dns_provider to nsupdate_gss. :dns_tsig_keytab: /etc/foreman-proxy/dnsdude.keytab :dns_tsig_principal: dnsdude # dns_key must be disabled if nsupdate_gss is used #:dns_key: /etc/rndc.key If DNS feature is set to false, the Capsule feature "DNS" is not shown on the UI. VERIFIED With Sat6.1.6 compose 5 If this bug requires doc text for errata release, please provide draft text in the doc text field in the following format: Cause: Consequence: Fix: Result: The documentation team will review, edit, and approve the text. If this bug does not require doc text, please set the 'requires_doc_text' flag to -. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:0052 |