Bug 1219503 - [RFE] Add reverse DNS lookup to installer for server and capsule.
Summary: [RFE] Add reverse DNS lookup to installer for server and capsule.
Keywords:
Status: CLOSED DUPLICATE of bug 1243566
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Installer
Version: 6.1.0
Hardware: Unspecified
OS: Linux
unspecified
high vote
Target Milestone: Unspecified
Assignee: Chris Roberts
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-05-07 13:44 UTC by Jitendra Yejare
Modified: 2016-10-10 22:47 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-10-10 22:47:05 UTC


Attachments (Terms of Use)
Production Logs (69.22 KB, text/plain)
2015-05-07 13:44 UTC, Jitendra Yejare
no flags Details
Foreman Debug Logs (584.12 KB, application/x-xz)
2015-05-11 06:46 UTC, Jitendra Yejare
no flags Details


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 15807 None None None 2016-07-24 15:38:08 UTC

Description Jitendra Yejare 2015-05-07 13:44:07 UTC
Created attachment 1023128 [details]
Production Logs

Description of problem:
Proxy Exception stacktrace in production logs while promoting a CV from DEV env to QA env.

Version-Release number of selected component (if applicable):
Satellite6.1-GA-Snap3

How reproducible:


Steps to Reproduce:
1. Create DEV and QA environments.
2. Create CV with some RH contents.
3. Publish and promote this CV to DEV env.
4. After successful promote to DEV, promote the CV to QA env.
5. Observe the production logs while promoting the CV to QA env.

Actual results:
1. Long stack-trace of ProxyException has thrown in production logs.
2. Promotion to QA fails.

Expected results:
Promotion of CV should be successful to any env.

Additional info:
Also non localized stacktrace for same error can be observed for upgraded Sat6 server.

Comment 2 Jitendra Yejare 2015-05-08 11:26:06 UTC
The same issue observed while publishing the CV to Library env also.

Comment 3 Justin Sherrill 2015-05-08 19:19:22 UTC
Can you attach a foreman-debug?

Comment 4 Jitendra Yejare 2015-05-11 06:46:32 UTC
Created attachment 1024102 [details]
Foreman Debug Logs

Comment 5 Jitendra Yejare 2015-05-11 10:59:01 UTC
When I tried publishing CV with smaller size RH repos, the publish works for me. But whenever I publish or promote with bigger size RH repos, I will hit with this issue.

Comment 6 Justin Sherrill 2015-05-11 21:30:59 UTC
Looking through the logs (and going by your traceback), i discovered this error in the proxy.log:

10.8.49.111 - - [08/May/2015 07:07:34] "GET /puppet/environments/KT_Default_Organization_Library_cv_rhel71_2/classes HTTP/1.1" 403 153 9.9223
E, [2015-05-08T08:10:09.986380 #22870] ERROR -- : Unable to resolve hostname for connecting client - 10.8.49.111. If it's to be a trusted host, ensure it has a reverse DNS entry.

and checking the allowed client list:

:trusted_hosts:
  - sat6-qe-rhel7.usersys.redhat.com


usersys domain names do not provide reverse DNS.  See this example:

# dig abic.usersys.redhat.com
SNIP
;; ANSWER SECTION:
abic.usersys.redhat.com. 60 IN	A	19.14.139.56
SNIP

# dig -x 19.14.139.56
<SNIP>
;; ANSWER SECTION:
56.129.13.10.in-addr.arpa. 28800 IN	PTR	dhcp139-56.example.com
<SNIP>

So in this example the usersys hostname is not able to be reverse resolved.  I really can't explain why this would ever work with a 'smaller' content view, but can you reproduce by adding:

10.1.2.3  host.example.com  host 

into /etc/hosts and try to reproduce again?

Thanks,
-Justin

Comment 7 Jitendra Yejare 2015-05-12 10:55:17 UTC
@Justin :

I tried the work around you provided and then publish/promoting is working like a charm.

I added the Sat server info in /etc/hosts and then published and promoted the CV. I observed that the failing publish/promote issue and error logs in production.log are no more.

Also Note, I have Sat6 server setup on Openstack instance.

Thanks,
Jitendra

Comment 8 Bryan Kearney 2015-05-12 13:17:22 UTC
So, is this related to the upgrade?

Comment 9 Justin Sherrill 2015-05-12 13:23:27 UTC
Bryan,

Nope, not an upgrade issue.  All smart proxies require reverse DNS to resolve to the system's host name (for authentication purposes).  usersys domain names do not do this, hence why adding the ip/hostname to /etc/hosts fixed the issue.

We could add a check in the installer to verify that reverse DNS works and is correct immediately fail if it doesn't.  But other than that, there is no bug here.

Comment 10 Jitendra Yejare 2015-05-12 13:42:55 UTC
Justin,

Do you feel that this issue is due to openstack instance ?

If yes, Do we close this as an environment specific issue?

Comment 11 Justin Sherrill 2015-05-12 13:47:35 UTC
Its an issue with using usersys.redhat.com domain names.  This would likely happen with any usersys.redhat.com domain name, unless you also added it to /etc/hosts.

I think we probably should add a reverse dns check on the hostname to warn the user before they get to the install, however this could wait till 6.2 unless we really wanted it.

Comment 12 Bryan Kearney 2015-05-12 14:58:55 UTC
Moving this out since it is environmental.

Comment 13 Lukas Zapletal 2015-12-17 14:22:34 UTC
I just hit this. Nasty bug.

Comment 14 Brad Buckingham 2016-07-24 15:38:06 UTC
Created redmine issue http://projects.theforeman.org/issues/15807 from this bug

Comment 15 Bryan Kearney 2016-07-24 16:06:59 UTC
Upstream bug component is WebUI

Comment 17 Bryan Kearney 2016-08-04 20:17:26 UTC
Moving 6.2 bugs out to sat-backlog.

Comment 18 Bryan Kearney 2016-08-31 20:10:08 UTC
Upstream bug component is Installer

Comment 19 Chris Roberts 2016-10-10 22:47:05 UTC

*** This bug has been marked as a duplicate of bug 1243566 ***


Note You need to log in before you can comment on or make changes to this bug.