Bug 1243566

Summary: [RFE] katello-installer should do dns forward reverse validation
Product: Red Hat Satellite Reporter: Dave Sullivan <dsulliva>
Component: InstallationAssignee: Chris Roberts <chrobert>
Status: CLOSED ERRATA QA Contact: Peter Ondrejka <pondrejk>
Severity: high Docs Contact:
Priority: high    
Version: 6.1.0CC: bbuckingham, bkearney, chrobert, dcaplan, egolov, jyejare, pondrejk, rjerrido, stbenjam
Target Milestone: UnspecifiedKeywords: FutureFeature, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
URL: http://projects.theforeman.org/issues/15905
Whiteboard:
Fixed In Version: katello-installer-base-3.4.5.12 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 1487519 (view as bug list) Environment:
Last Closed: 2018-02-21 16:54:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1466688, 1525544    

Description Dave Sullivan 2015-07-15 19:31:16 UTC 
Description of problem:

If this product depends on proper forward and reverse dns then the installer should validate that.

Here's an example of a server that is not getting the right hostname with reverse dns.

[root@cragsat61 foreman-proxy]# hostnamectl
   Static hostname: cragsat61.usersys.redhat.com
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 1b96bb6696a143219c9183471cc13e7e
           Boot ID: 43ab780a2d0a45eeaf0b17c6fb3df24a
    Virtualization: kvm
  Operating System: Red Hat
       CPE OS Name: cpe:/o:redhat:enterprise_linux:7.1:GA:server
            Kernel: Linux 3.10.0-229.7.2.el7.x86_64
      Architecture: x86_64
[root@cragsat61 foreman-proxy]# host cragsat61.usersys.redhat.com
cragsat61.usersys.redhat.com has address 10.13.145.116
[root@cragsat61 foreman-proxy]# host 10.13.145.116
116.145.13.10.in-addr.arpa domain name pointer dhcp145-116.rdu.redhat.com.

This causes the following foreman proxy error

[root@cragsat61 foreman-proxy]# cat proxy.log
I, [2015-07-15T03:35:02.784001 #21467]  INFO -- : 'pulpnode' module is disabled.
W, [2015-07-15T03:35:02.784256 #21467]  WARN -- : Couldn't find settings file /etc/foreman-proxy/settings.d/foreman_proxy.yml. Using default settings.
I, [2015-07-15T03:35:02.784378 #21467]  INFO -- : 'foreman_proxy' settings were initialized with default values: :enabled: true
I, [2015-07-15T03:35:02.787436 #21467]  INFO -- : 'facts' module is disabled.
I, [2015-07-15T03:35:02.787932 #21467]  INFO -- : 'dns' module is disabled.
I, [2015-07-15T03:35:02.791412 #21467]  INFO -- : 'tftp' module is disabled.
I, [2015-07-15T03:35:02.791787 #21467]  INFO -- : 'dhcp' module is disabled.
I, [2015-07-15T03:35:03.443661 #21467]  INFO -- : 'puppet' settings were initialized with default values: :puppet_provider: puppetrun, :puppetdir: /etc/puppet
I, [2015-07-15T03:35:03.448143 #21467]  INFO -- : 'bmc' module is disabled.
I, [2015-07-15T03:35:03.448642 #21467]  INFO -- : 'realm' module is disabled.
E, [2015-07-15T14:49:52.845480 #21478] ERROR -- : Untrusted client dhcp145-116.rdu.redhat.com attempted to access /environments/KT_davesworld_Library_daveview1_5/classes. Check :trusted_hosts: in settings.yml
10.13.145.116 - - [15/Jul/2015 14:49:52] "GET /puppet/environments/KT_davesworld_Library_daveview1_5/classes HTTP/1.1" 403 158 0.0277

Se untrusted client above




Version-Release number of selected component (if applicable):


6.1 public beta

How reproducible:

create a content view and try to publish promote when reverse dns points to different fqdn


Actual results:



Expected results:

Installer should run this test pre installation and kick out if there is an issue with forward or reverse dns


Additional info:
Comment 1 Dave Sullivan 2015-07-15 19:59:57 UTC 
Workaround to bad reverse dns

Add your reverse fqdn to trusted_hosts

vi /etc/foreman-proxy/settings.yml

:trusted_hosts:
  - cragsat61.usersys.redhat.com
  - cragsat61.usersys.redhat.com
  - dhcp145-116.rdu.redhat.com


restart the foreman-proxy service

But you probably should correct your dns
Comment 2 Chris Roberts 2016-07-07 13:36:43 UTC 
*** Bug 1346080 has been marked as a duplicate of this bug. ***
Comment 3 Bryan Kearney 2016-07-08 20:21:37 UTC 
Per 6.3 planning, moving out non acked bugs to the backlog
Comment 5 Stephen Benjamin 2016-07-29 14:27:12 UTC 
Created redmine issue http://projects.theforeman.org/issues/15905 from this bug
Comment 6 Chris Roberts 2016-10-10 22:47:05 UTC 
*** Bug 1219503 has been marked as a duplicate of this bug. ***
Comment 7 Satellite Program 2017-10-25 22:06:50 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/15905 has been resolved.
Comment 16 Satellite Program 2018-02-21 16:54:37 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> > 
> > For information on the advisory, and where to find the updated files, follow the link below.
> > 
> > If the solution does not work for you, open a new bug report.
> > 
> > https://access.redhat.com/errata/RHSA-2018:0336