Bug 1007700 - oo-accept-broker and oo-register-dns will fail when using unauthenticated DNS updates
oo-accept-broker and oo-register-dns will fail when using unauthenticated DNS...
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Pod (Show other bugs)
1.2.1
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Miciah Dashiel Butler Masters
libra bugs
:
Depends On: 1015255
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-13 03:22 EDT by Johnny Liu
Modified: 2017-03-08 12 EST (History)
4 users (show)

See Also:
Fixed In Version: openshift-origin-broker-util-1.9.17-1.el6op
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1015255 (view as bug list)
Environment:
Last Closed: 2014-06-03 20:39:25 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Johnny Liu 2013-09-13 03:22:40 EDT
Description of problem:
According to BZ#990645, dns-nsupdate plugin already support unauthenticated DNS.
But oo-accept-broker and oo-register-dns are not updated, so they will fail when using unauthenticated DNS updates.

Version-Release number of selected component (if applicable):
openshift-origin-broker-util-1.9.12-1.el6op.noarch

How reproducible:
Always

Steps to Reproduce:
1.Set up unauthenticated DNS server
2.Modify /etc/openshift/plugins.d/openshift-origin-dns-nsupdate.conf like the following:
# cat /etc/openshift/plugins.d/openshift-origin-dns-nsupdate.conf
BIND_SERVER=192.168.59.150
BIND_PORT=53
BIND_ZONE="rhn.com"
3.Create app successfully.
4.Run oo-accept-broker and oo-register-dns

Actual results:
# oo-accept-broker 
NOTICE: SELinux is Enforcing
NOTICE: SELinux is  Enforcing
FAIL: wrong number of values returned from ruby code
keys: 2; values: 0
#####

			puts Rails.application.config.dns[:krb_keytab]
			puts Rails.application.config.dns[:krb_principal]
#####

#####
kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting initial credentials
tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor code may provide more information, Minor = Credentials cache file '/tmp/krb5cc_0' not found.
FAIL: error adding txt record name testrecord.rhn.com to server 192.168.59.150: krb0
	-- is the nameserver running, reachable, and krb auth working?
FAIL: txt record testrecord.rhn.com does not resolve on server 192.168.59.150
kinit: Cannot contact any KDC for realm 'EXAMPLE.COM' while getting initial credentials
tkey query failed: GSSAPI error: Major = Unspecified GSS failure.  Minor code may provide more information, Minor = Credentials cache file '/tmp/krb5cc_0' not found.
FAIL: error deleteing txt record name testrecord.rhn.com to server 192.168.59.150: krb0
	-- is the nameserver running, reachable, and krb auth working?
4 ERRORS

# oo-register-dns -h node5 -n 10.5.5.5 -d rhn.com
; TSIG error with server: tsig indicates error
update failed: NOTAUTH(BADKEY)


Expected results:
oo-accept-broker and oo-register-dns should support unauthenticated DNS updates

Additional info:
Comment 2 Miciah Dashiel Butler Masters 2013-10-03 14:15:01 EDT
Pull request:   https://github.com/openshift/enterprise-server/pull/147
Comment 3 Miciah Dashiel Butler Masters 2014-01-20 10:48:35 EST
Related pull-request: https://github.com/openshift/enterprise-server/pull/203
Comment 5 Yanping Zhang 2014-05-21 04:51:45 EDT
Verified on puddle 1-2-RHSCL11-2014-05-20

Verified steps:
1.Set up unauthenticated DNS server
notice:in unauthorized DNS env you need delete the default key file: /var/named/<domain name>.key
2.Create app successfully.
3.Run oo-accept-broker and oo-register-dns
# oo-accept-broker 
# oo-register-dns -h node5 -n 10.5.5.5 -d ose12zscl11.example.com

Actual results:
step3: without error or fail output info.
Comment 7 errata-xmlrpc 2014-06-03 20:39:25 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0598.html

Note You need to log in before you can comment on or make changes to this bug.