Bug 1721108

Summary: Unable to start qpidd on IPv6 only deployment
Product: Red Hat Satellite Reporter: Lukas Zapletal <lzap>
Component: InstallationAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED NEXTRELEASE QA Contact: Devendra Singh <desingh>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.5.0CC: ekohlvan, janarula, ktordeur, ldelouw, zhunting
Target Milestone: UnspecifiedKeywords: Reopened, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-09-08 13:06:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lukas Zapletal 2019-06-17 11:21:00 UTC 
Hello, this is 6.5.0 on a host with only IPv6 interface (no IPv4 available).

The installation was not successful because qpidd won't start with a connection timeout. When I provide --foreman-proxy-content-qpid-router-hub-addr :: --foreman-proxy-content-qpid-router-agent-addr :: options the installer fails as well.

Here is relevant bit from my answers file:

  qpid_router: true
  qpid_router_hub_addr: '::'
  qpid_router_hub_port: 5646
  qpid_router_agent_addr: '::'
  qpid_router_agent_port: 5647
  qpid_router_broker_addr: localhost
  qpid_router_broker_port: 5671

However qpidd won't start. Here is: /etc/qpid-dispatch/qdrouterd.conf

router {
    mode: standalone
}

listener {
    host: 0.0.0.0
    port: amqp
    authenticatePeer: no
    saslMechanisms: ANONYMOUS
}

listener {
    host: 0.0.0.0
    port: 8672
    authenticatePeer: no
    http: yes
    httpRoot: /usr/share/qpid-dispatch/console
}

address {
    prefix: closest
    distribution: closest
}

address {
    prefix: multicast
    distribution: multicast
}

address {
    prefix: unicast
    distribution: closest
}

address {
    prefix: exclusive
    distribution: closest
}

address {
    prefix: broadcast
}

And /etc/qpid/qpidd.conf

acl-file=/etc/qpid/qpid.acl
log-enable=error+
log-to-syslog=yes
auth=no
require-encryption=yes
ssl-require-client-authentication=yes
ssl-port=5671
ssl-cert-db=/etc/pki/katello/nssdb
ssl-cert-password-file=/etc/pki/katello/nssdb/nss_db_password-file
ssl-cert-name=broker
interface=lo
wcache-page-size=4
Comment 3 Lukas Zapletal 2019-06-17 13:35:27 UTC 
The reason is probably because 6.5 don't have yet the up to date version from upstream (of the ERB template):

connector {
    name: <%= @title %>
    host: <%= @host %>
    port: <%= @port %>
    sasl-mechanisms: <%= @sasl_mech %>
<% unless [nil, :undefined, :undef, ''].include?(@sasl_username) -%>
    sasl-username: <%= @sasl_username %>
<% end -%>
<% unless [nil, :undefined, :undef, ''].include?(@sasl_password) -%>
    sasl-password: <%= @sasl_password %>
<% end -%>
<% unless [nil, :undefined, :undef, ''].include?(@role) -%>
    role: <%= @role %>
<% end -%>
<% unless [nil, :undefined, :undef, ''].include?(@ssl_profile) -%>
    ssl-profile: <%= @ssl_profile %>
<% end -%>
<% unless [nil, :undefined, :undef, ''].include?(@idle_timeout) -%>
    idle-timeout-seconds: <%= @idle_timeout %>
<% end -%>
}

While upstream has: https://github.com/theforeman/puppet-qpid/blob/master/templates/router/connector.conf.erb
Comment 4 Ewoud Kohl van Wijngaarden 2019-06-17 14:09:09 UTC 
Is this a capsule? The satellite scenario does have satellite.migrations/181012141418-qdrouterd-listen-ipv6.rb but the capsule scenario lacks this. Upstream does have https://github.com/theforeman/foreman-installer/blob/develop/config/foreman-proxy-content.migrations/181012141418-qdrouterd-listen-ipv6.rb

The workaround should be to install with --reset-foreman-proxy-content-qpid-router-hub-addr --reset-foreman-proxy-content-qpid-router-agent-addr but I haven't tested this myself.
Comment 5 Lukas Zapletal 2019-06-18 11:07:15 UTC 
It's not a Capsule. Here are my notes which I took when I was creating this instance (RHEL 7.6):

cat /etc/hosts
::1         fivesix.ipsix.lan localhost localhost.localdomain localhost6 localhost6.localdomain6
fd00:aaaa:bbbb:cc::1 gw.ipsix.lan

grep proxy /etc/rhsm/rhsm.conf
proxy_hostname = gw.ipsix.lan
proxy_port = 3128
proxy_user =
proxy_password =

subscription-manager register

subscription-manager attach --pool=XYZ

subscription-manager repos --disable "*"
subscription-manager repos --enable rhel-7-server-rpms \
  --enable rhel-server-rhscl-7-rpms \
  --enable rhel-7-server-satellite-6.5-rpms \
  --enable rhel-7-server-satellite-maintenance-6-rpms \
  --enable rhel-7-server-extras-rpms \
  --enable rhel-7-server-optional-rpms \
  --enable rhel-7-server-ansible-2.6-rpms

yum -y install satellite yum-utils

foreman-installer -v --scenario satellite --foreman-initial-organization=MyOrg --foreman-initial-location=MyLoc --foreman-admin-password=changeme

The installer command failed.

Do you want me to try --reset-foreman-proxy-content-qpid-router-hub-addr --reset-foreman-proxy-content-qpid-router-agent-addr ? I doubt it will work, there is no if clause for undef value.
Comment 6 Ewoud Kohl van Wijngaarden 2019-07-11 14:06:26 UTC 
You are looking at the connector template but it's the listener that ends up listening to 0.0.0.0. That's the actual problem. However, it looks like the answers already differ from your actual config files so that doesn't make sense. I would expect to at least have the answers match the config files.

Could you try running the installer without any arguments (or just -v)? After I'd expect /etc/qpid-dispatch/qdrouterd.conf to at least have host: :: in them instead of host: 0.0.0.0.

After you could run it with --reset-foreman-proxy-content-qpid-router-hub-addr --reset-foreman-proxy-content-qpid-router-agent-addr and then I would expect host: not to be present in the listener blocks. That should bind to all IPs, including IPv6 since qpid 1.0.
Comment 7 Lukas Zapletal 2019-07-19 12:55:24 UTC 
It seems busted now: Evaluation Error: Error while evaluating a Function Call, Could not get the ip address from fact ipaddress_eth0

# facter ipaddress

(blank line)

Unable to run the installer anymore.

[ERROR 2019-07-19T13:52:23 verbose]  Evaluation Error: Error while evaluating a Function Call, Could not get the ip address from fact ipaddress_eth0 (file: /usr/share/foreman-installer/modules/foreman_proxy/manifests/proxydns.pp, line: 41, column: 5) on node fivesix.ipsix.lan
Comment 8 Ewoud Kohl van Wijngaarden 2019-07-19 14:50:57 UTC 
I suspect you can work around that by setting --foreman-proxy-dns-interface lo if you need DNS, but DNS shouldn't be required to validate this function. You can set --foreman-proxy-dns-managed false.
Comment 9 Lukas Zapletal 2019-07-22 15:38:02 UTC 
My instance is dead, let's revisit this once PM put IPv6 on our backlog.
Comment 16 Marek Hulan 2020-09-08 13:06:25 UTC 
This works with Satellite 6.8 beta, we can't backport that to the older versions, hence I'm closing this BZ. Please reopen if you see the same error with 6.8