Bug 1219503

Summary:

[RFE] Add reverse DNS lookup to installer for server and capsule.

Product:

Red Hat Satellite

Reporter:

Jitendra Yejare <jyejare>

Component:

Installation

Assignee:

Chris Roberts <chrobert>

Status:

CLOSED DUPLICATE

QA Contact:

Katello QA List <katello-qa-list>

Severity:

high

Docs Contact:

Priority:

unspecified

Version:

6.1.0

CC:

bbuckingham, bkearney, chrobert, jsherril, jyejare, lzap

Target Milestone:

Unspecified

Keywords:

FutureFeature, Triaged

Target Release:

Unused

Hardware:

Unspecified

OS:

Linux

Whiteboard:

Fixed In Version:

Doc Type:

Enhancement

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2016-10-10 22:47:05 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
Production Logs	none
Foreman Debug Logs	none

Description Jitendra Yejare 2015-05-07 13:44:07 UTC

Created attachment 1023128 [details]
Production Logs

Description of problem:
Proxy Exception stacktrace in production logs while promoting a CV from DEV env to QA env.

Version-Release number of selected component (if applicable):
Satellite6.1-GA-Snap3

How reproducible:


Steps to Reproduce:
1. Create DEV and QA environments.
2. Create CV with some RH contents.
3. Publish and promote this CV to DEV env.
4. After successful promote to DEV, promote the CV to QA env.
5. Observe the production logs while promoting the CV to QA env.

Actual results:
1. Long stack-trace of ProxyException has thrown in production logs.
2. Promotion to QA fails.

Expected results:
Promotion of CV should be successful to any env.

Additional info:
Also non localized stacktrace for same error can be observed for upgraded Sat6 server.

Comment 2 Jitendra Yejare 2015-05-08 11:26:06 UTC

The same issue observed while publishing the CV to Library env also.

Comment 3 Justin Sherrill 2015-05-08 19:19:22 UTC

Can you attach a foreman-debug?

Comment 4 Jitendra Yejare 2015-05-11 06:46:32 UTC

Created attachment 1024102 [details]
Foreman Debug Logs

Comment 5 Jitendra Yejare 2015-05-11 10:59:01 UTC

When I tried publishing CV with smaller size RH repos, the publish works for me. But whenever I publish or promote with bigger size RH repos, I will hit with this issue.

Comment 6 Justin Sherrill 2015-05-11 21:30:59 UTC

Looking through the logs (and going by your traceback), i discovered this error in the proxy.log:

10.8.49.111 - - [08/May/2015 07:07:34] "GET /puppet/environments/KT_Default_Organization_Library_cv_rhel71_2/classes HTTP/1.1" 403 153 9.9223
E, [2015-05-08T08:10:09.986380 #22870] ERROR -- : Unable to resolve hostname for connecting client - 10.8.49.111. If it's to be a trusted host, ensure it has a reverse DNS entry.

and checking the allowed client list:

:trusted_hosts:
  - sat6-qe-rhel7.usersys.redhat.com


usersys domain names do not provide reverse DNS.  See this example:

# dig abic.usersys.redhat.com
SNIP
;; ANSWER SECTION:
abic.usersys.redhat.com. 60 IN	A	19.14.139.56
SNIP

# dig -x 19.14.139.56
<SNIP>
;; ANSWER SECTION:
56.129.13.10.in-addr.arpa. 28800 IN	PTR	dhcp139-56.example.com
<SNIP>

So in this example the usersys hostname is not able to be reverse resolved.  I really can't explain why this would ever work with a 'smaller' content view, but can you reproduce by adding:

10.1.2.3  host.example.com  host 

into /etc/hosts and try to reproduce again?

Thanks,
-Justin

Comment 7 Jitendra Yejare 2015-05-12 10:55:17 UTC

@Justin :

I tried the work around you provided and then publish/promoting is working like a charm.

I added the Sat server info in /etc/hosts and then published and promoted the CV. I observed that the failing publish/promote issue and error logs in production.log are no more.

Also Note, I have Sat6 server setup on Openstack instance.

Thanks,
Jitendra

Comment 8 Bryan Kearney 2015-05-12 13:17:22 UTC

So, is this related to the upgrade?

Comment 9 Justin Sherrill 2015-05-12 13:23:27 UTC

Bryan,

Nope, not an upgrade issue.  All smart proxies require reverse DNS to resolve to the system's host name (for authentication purposes).  usersys domain names do not do this, hence why adding the ip/hostname to /etc/hosts fixed the issue.

We could add a check in the installer to verify that reverse DNS works and is correct immediately fail if it doesn't.  But other than that, there is no bug here.

Comment 10 Jitendra Yejare 2015-05-12 13:42:55 UTC

Justin,

Do you feel that this issue is due to openstack instance ?

If yes, Do we close this as an environment specific issue?

Comment 11 Justin Sherrill 2015-05-12 13:47:35 UTC

Its an issue with using usersys.redhat.com domain names.  This would likely happen with any usersys.redhat.com domain name, unless you also added it to /etc/hosts.

I think we probably should add a reverse dns check on the hostname to warn the user before they get to the install, however this could wait till 6.2 unless we really wanted it.

Comment 12 Bryan Kearney 2015-05-12 14:58:55 UTC

Moving this out since it is environmental.

Comment 13 Lukas Zapletal 2015-12-17 14:22:34 UTC

I just hit this. Nasty bug.

Comment 14 Brad Buckingham 2016-07-24 15:38:06 UTC

Created redmine issue http://projects.theforeman.org/issues/15807 from this bug

Comment 15 Bryan Kearney 2016-07-24 16:06:59 UTC

Upstream bug component is WebUI

Comment 17 Bryan Kearney 2016-08-04 20:17:26 UTC

Moving 6.2 bugs out to sat-backlog.

Comment 18 Bryan Kearney 2016-08-31 20:10:08 UTC

Upstream bug component is Installer

Comment 19 Chris Roberts 2016-10-10 22:47:05 UTC


*** This bug has been marked as a duplicate of bug 1243566 ***