Bug 1221749
Summary: | Puppet content promotion fails if there is no reverse DNS entry | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Lukas Zapletal <lzap> |
Component: | Installation | Assignee: | Chris Roberts <chrobert> |
Status: | CLOSED WORKSFORME | QA Contact: | Katello QA List <katello-qa-list> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.1.0 | CC: | bbuckingham, chrobert, daobrien, stbenjam |
Target Milestone: | Unspecified | Keywords: | ReleaseNotes, Triaged |
Target Release: | Unused | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-08-25 16:43:23 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1190823 |
Description
Lukas Zapletal
2015-05-14 18:03:59 UTC
Upstream in the authorize_with_trusted_hosts method we already introduce a "forward_verify" flag. We need to backport this and to introduce another one "reverse_verify". Both flags are a decent workaround for all cases. Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release. Moving 6.2 bugs out to sat-backlog. Moving 6.2 bugs out to sat-backlog. I tested this and this works fine, reverse DNS is only a fallback. The proxy looks at the CN of the certificate now in trusted hosts first, so even if customer reverse DNS is broken, promotion still works. |