Bug 1720200

Summary: REST API-based DNS conflict check
Product: Red Hat Satellite Reporter: Lukas Zapletal <lzap>
Component: Infoblox integrationAssignee: Lukas Zapletal <lzap>
Status: CLOSED ERRATA QA Contact: Perry Gagne <pgagne>
Severity: high Docs Contact:
Priority: high    
Version: 6.5.0CC: alexander.lackner, amasolov, bkearney, egolov, ktordeur, pgagne
Target Milestone: 6.6.0Keywords: PrioBumpField, PrioBumpPM, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rubygem-infoblox-3.0.0, rubygem-smart_proxy_dns_infoblox-1.0.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-22 12:47:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1724201, 1746581    
Bug Blocks:    

Description Lukas Zapletal 2019-06-13 11:31:32 UTC 
Infoblox DNS provider have a single setting called dns_server which is used for two purposes:

- HTTP endpoint which is used to communicate with Infoblox
- DNS resover used to do conflict checks by common DNS code

It's very common to configure Infoblox in a way that the API node does not provide DNS resolver. Currently it's not possible to do such configuration and a manual hotfix is needed:

Nn dns_common.rb (find it on the filesystem) change this line:

  @server = server || "localhost"

to

  @server = "1.2.3.4"

where 1.2.3.4 is IP address of (preferably) authoritative DNS server from the Infoblox cluster, or a caching DNS server.
Comment 4 Lukas Zapletal 2019-06-13 11:38:31 UTC 
Created redmine issue https://projects.theforeman.org/issues/27046 from this bug
Comment 5 Lukas Zapletal 2019-06-26 12:40:44 UTC 
The solution is more complicated and it needs incompatible changes in the smart proxy core DNS API. Therefore this is a temporary solution to override DNS server to query during DNS add/remove operations.
Comment 6 Bryan Kearney 2019-06-26 14:05:57 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/27046 has been resolved.
Comment 7 Lukas Zapletal 2019-06-28 07:17:48 UTC 
So after discussion with Ewoud I worked on a proper fix - DNS conflict check does not use system resolver but Infoblox REST API now.
Comment 8 Lukas Zapletal 2019-07-25 07:22:15 UTC 
https://github.com/theforeman/foreman-packaging/pull/3958
https://github.com/theforeman/foreman-packaging/pull/3959
Comment 25 errata-xmlrpc 2019-10-22 12:47:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3172