Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1061941 - The broker nsupdate plugin and oo-accept-broker need to allow additonal dns key algorithms
The broker nsupdate plugin and oo-accept-broker need to allow additonal dns k...
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Pod (Show other bugs)
2.0.0
Unspecified Unspecified
unspecified Severity medium
: ---
: ---
Assigned To: chris alfonso
libra bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2014-02-05 17:23 EST by chris alfonso
Modified: 2017-03-08 12 EST (History)
10 users (show)

See Also:
Fixed In Version: openshift-origin-broker-util-1.17.6.3-1.el6op, rubygem-openshift-origin-dns-nsupdate-1.15.2-1.el6op
Doc Type: Bug Fix
Doc Text:
OpenShift Enterprise DNS commands assumed DNS keys were created using the HMAC-MD5 algorithm, causing calls to the nsupdate utility to fail when the DNS key did not use HMAC-MD5. This bug fix adds support to the nsupdate plugin and the oo-accept-broker tool to include the key algorithm when nsupdate is called. DNS key algorithms other than HMAC-MD5 are now supported by OpenShift Enterprise tools.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-02-25 10:48:04 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:0209 normal SHIPPED_LIVE Red Hat OpenShift Enterprise 2.0.3 bugfix and enhancement update 2014-02-25 15:40:32 EST

  None (edit)
Description chris alfonso 2014-02-05 17:23:33 EST 
Description of problem:
If the dns key is created with algorithm other than HMAC-MD5 (assumed to be the default), the nsupdate commands for adding/removing domain names fail for oo-accept-broker and the nsupdate_plugin.


How reproducible:
Change the algorithm used in the dnssec-key command when creating the bind key from soemthing other than HMAC-MD5, then try to use op-accept-broker. It won't work because the interactive nsupdate command needs the key attribute to specify what the algorithm is.
Comment 1 chris alfonso 2014-02-05 18:25:26 EST 
The updated packages have landed in the latest internal puddle and are in enterprise-server/enterprise-2.0.
Comment 5 Nan Wei 2014-02-10 07:00:03 EST 
openshift enterprise:

step 1: make sure old env exits the dns key which be create by HMAC-MD5.
step 2: create new dns key by other algorithm HMAC-SHA256.
step 3: delete existing app and throw some failure message.
[root@broker named]# rhc app delete apps7
This is a non-reversible action! Your application code and data will be permanently deleted if you continue!

Are you sure you want to delete the application 'apps7'? (yes|no): yes

Deleting application 'apps7' ... error deleting app record apps7-nweidomain.ose-20140115.com.cn
step 4: upgrade broker-util
openshift-origin-broker-util-1.17.6.3-1.el6op, 
rubygem-openshift-origin-dns-nsupdate-1.15.2-1.el6op
step 5: app delete successfully and run 'oo-accept-broker' pass
[root@br215 ~]# oo-accept-broker 
NOTICE: SELinux is Enforcing
NOTICE: SELinux is  Enforcing
pass
Comment 6 Nan Wei 2014-02-12 01:04:39 EST 
sure, I have added testing dns key case.
Comment 8 errata-xmlrpc 2014-02-25 10:48:04 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0209.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.