Bug 1040257 - cannot add an alias that shares the same root of the existing domain
Summary: cannot add an alias that shares the same root of the existing domain
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Node
Version: 2.0.0
Hardware: x86_64
OS: Linux
high
high
Target Milestone: ---
: ---
Assignee: Luke Meyer
QA Contact: libra bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-11 03:27 UTC by Mike Barrett
Modified: 2017-03-08 17:36 UTC (History)
6 users (show)

Fixed In Version: rubygem-openshift-origin-controller-1.17.12.1-1 openshift-origin-broker-1.15.3.1-1
Doc Type: Enhancement
Doc Text:
By default, users were restricted from creating custom domain name aliases in the cloud domain of their applications to prevent confusion or possible name collisions. This enhancement adds a new ALLOW_ALIAS_IN_DOMAIN setting in the /etc/openshift/broker.conf file on the broker host that allows users to create aliases within the cloud domain. However, the alias must not be in the form <name>-<name>.<cloud-domain>. Aliases taking this standard form of application names are rejected to prevent conflicts. See the OpenShift Enterprise Administration Guide for more information.
Clone Of:
Environment:
Last Closed: 2014-02-25 15:41:34 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:0209 0 normal SHIPPED_LIVE Red Hat OpenShift Enterprise 2.0.3 bugfix and enhancement update 2014-02-25 20:40:32 UTC

Description Mike Barrett 2013-12-11 03:27:53 UTC 
Description of problem:
-----------------------
OpenShift does not allow someone to alias a nested domain (shared root or parent domain). By that I mean aliasing for example myapp-sales.oapps.corp.com to mysales.oapps.corp.com 

Version:
--------
OpenShift Enterprise 2.0

How reproducible:
-----------------
$rhc apps
myapp @ http://myapp-sales.oapps.corp.com/ (uid: blah)
...
...
removed
...
...
$ rhc alias add myapp mysales.oapps.corp.com
The specified alias is not allowed: 'mysales.oapps.corp.com'
$


Actual results:
---------------
The error: 
The specified alias is not allowed: 'mysales.oapps.corp.com'

Expected results:
------------------
Would like to add the alias mysales.oapps.corp.com to myapp-sales.oapps.corp.com
Comment 3 Luke Meyer 2013-12-12 18:24:36 UTC 
Mind you, I haven't actually looked at the code yet, but my guess would be this is a pretty simple fix. My thought was to introduce this as a configurable option, defaulting to the existing behavior (disallow subdomain aliases). Any opposing view - make it non-configurable or default to allow?
Comment 4 Luke Meyer 2013-12-26 20:45:13 UTC 
Proposed fix is at https://github.com/openshift/origin-server/pull/4401

Need someone to review the approach; not sure if I should do something to keep the user from possibly creating an alias that conflicts with another app's name; e.g. someone else with app "bogus-app.oapps.corp.com" could create an alias for it called "myapp-sales.oapps.corp.com" and if they happened to land on the same node host, I'm not sure which would win in the front end web proxy. I'm not sure if customers would care or not. Anyway the fix is there.
Comment 7 Peter Ruan 2014-01-31 20:22:27 UTC 
verified with puddlge-2014-01-30
mynodejsapp1 @ http://mynodejsapp1-demo.ose203.example.com/ (uuid: 52eb49663eefa979ea000001)

rhc alias add mynodejsapp1 test.ose203.example.com
Alias 'test.ose203.example.com' has been added.
Comment 9 errata-xmlrpc 2014-02-25 15:41:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0209.html
Note You need to log in before you can comment on or make changes to this bug.