Created attachment 1023128 [details] Production Logs Description of problem: Proxy Exception stacktrace in production logs while promoting a CV from DEV env to QA env. Version-Release number of selected component (if applicable): Satellite6.1-GA-Snap3 How reproducible: Steps to Reproduce: 1. Create DEV and QA environments. 2. Create CV with some RH contents. 3. Publish and promote this CV to DEV env. 4. After successful promote to DEV, promote the CV to QA env. 5. Observe the production logs while promoting the CV to QA env. Actual results: 1. Long stack-trace of ProxyException has thrown in production logs. 2. Promotion to QA fails. Expected results: Promotion of CV should be successful to any env. Additional info: Also non localized stacktrace for same error can be observed for upgraded Sat6 server.
The same issue observed while publishing the CV to Library env also.
Can you attach a foreman-debug?
Created attachment 1024102 [details] Foreman Debug Logs
When I tried publishing CV with smaller size RH repos, the publish works for me. But whenever I publish or promote with bigger size RH repos, I will hit with this issue.
Looking through the logs (and going by your traceback), i discovered this error in the proxy.log: 10.8.49.111 - - [08/May/2015 07:07:34] "GET /puppet/environments/KT_Default_Organization_Library_cv_rhel71_2/classes HTTP/1.1" 403 153 9.9223 E, [2015-05-08T08:10:09.986380 #22870] ERROR -- : Unable to resolve hostname for connecting client - 10.8.49.111. If it's to be a trusted host, ensure it has a reverse DNS entry. and checking the allowed client list: :trusted_hosts: - sat6-qe-rhel7.usersys.redhat.com usersys domain names do not provide reverse DNS. See this example: # dig abic.usersys.redhat.com SNIP ;; ANSWER SECTION: abic.usersys.redhat.com. 60 IN A 19.14.139.56 SNIP # dig -x 19.14.139.56 <SNIP> ;; ANSWER SECTION: 56.129.13.10.in-addr.arpa. 28800 IN PTR dhcp139-56.example.com <SNIP> So in this example the usersys hostname is not able to be reverse resolved. I really can't explain why this would ever work with a 'smaller' content view, but can you reproduce by adding: 10.1.2.3 host.example.com host into /etc/hosts and try to reproduce again? Thanks, -Justin
@Justin : I tried the work around you provided and then publish/promoting is working like a charm. I added the Sat server info in /etc/hosts and then published and promoted the CV. I observed that the failing publish/promote issue and error logs in production.log are no more. Also Note, I have Sat6 server setup on Openstack instance. Thanks, Jitendra
So, is this related to the upgrade?
Bryan, Nope, not an upgrade issue. All smart proxies require reverse DNS to resolve to the system's host name (for authentication purposes). usersys domain names do not do this, hence why adding the ip/hostname to /etc/hosts fixed the issue. We could add a check in the installer to verify that reverse DNS works and is correct immediately fail if it doesn't. But other than that, there is no bug here.
Justin, Do you feel that this issue is due to openstack instance ? If yes, Do we close this as an environment specific issue?
Its an issue with using usersys.redhat.com domain names. This would likely happen with any usersys.redhat.com domain name, unless you also added it to /etc/hosts. I think we probably should add a reverse dns check on the hostname to warn the user before they get to the install, however this could wait till 6.2 unless we really wanted it.
Moving this out since it is environmental.
I just hit this. Nasty bug.
Created redmine issue http://projects.theforeman.org/issues/15807 from this bug
Upstream bug component is WebUI
Moving 6.2 bugs out to sat-backlog.
Upstream bug component is Installer
*** This bug has been marked as a duplicate of bug 1243566 ***