Hide Forgot
Description of problem: According to BZ#990645, dns-nsupdate plugin already support unauthenticated DNS. But oo-accept-broker and oo-register-dns are not updated, so they will fail when using unauthenticated DNS updates. Version-Release number of selected component (if applicable): openshift-origin-broker-util-1.9.12-1.el6op.noarch How reproducible: Always Steps to Reproduce: 1.Set up unauthenticated DNS server 2.Modify /etc/openshift/plugins.d/openshift-origin-dns-nsupdate.conf like the following: # cat /etc/openshift/plugins.d/openshift-origin-dns-nsupdate.conf BIND_SERVER=192.168.59.150 BIND_PORT=53 BIND_ZONE="rhn.com" 3.Create app successfully. 4.Run oo-accept-broker and oo-register-dns Actual results: # oo-accept-broker NOTICE: SELinux is Enforcing NOTICE: SELinux is Enforcing FAIL: wrong number of values returned from ruby code keys: 2; values: 0 ##### puts Rails.application.config.dns[:krb_keytab] puts Rails.application.config.dns[:krb_principal] ##### ##### kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting initial credentials tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Credentials cache file '/tmp/krb5cc_0' not found. FAIL: error adding txt record name testrecord.rhn.com to server 192.168.59.150: krb0 -- is the nameserver running, reachable, and krb auth working? FAIL: txt record testrecord.rhn.com does not resolve on server 192.168.59.150 kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting initial credentials tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor code may provide more information, Minor = Credentials cache file '/tmp/krb5cc_0' not found. FAIL: error deleteing txt record name testrecord.rhn.com to server 192.168.59.150: krb0 -- is the nameserver running, reachable, and krb auth working? 4 ERRORS # oo-register-dns -h node5 -n 10.5.5.5 -d rhn.com ; TSIG error with server: tsig indicates error update failed: NOTAUTH(BADKEY) Expected results: oo-accept-broker and oo-register-dns should support unauthenticated DNS updates Additional info:
Pull request: https://github.com/openshift/enterprise-server/pull/147
Related pull-request: https://github.com/openshift/enterprise-server/pull/203
Verified on puddle 1-2-RHSCL11-2014-05-20 Verified steps: 1.Set up unauthenticated DNS server notice:in unauthorized DNS env you need delete the default key file: /var/named/<domain name>.key 2.Create app successfully. 3.Run oo-accept-broker and oo-register-dns # oo-accept-broker # oo-register-dns -h node5 -n 10.5.5.5 -d ose12zscl11.example.com Actual results: step3: without error or fail output info.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-0598.html