Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1221749 - Puppet content promotion fails if there is no reverse DNS entry
Puppet content promotion fails if there is no reverse DNS entry
Status: CLOSED WORKSFORME
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Installer (Show other bugs)
6.1.0
Unspecified Unspecified
unspecified Severity unspecified (vote)
: Unspecified
: Unused
Assigned To: Chris Roberts
Katello QA List
: ReleaseNotes, Triaged
Depends On:
Blocks: sat61-release-notes
  Show dependency treegraph
 
Reported: 2015-05-14 14:03 EDT by Lukas Zapletal
Modified: 2016-08-25 12:43 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-08-25 12:43:23 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Lukas Zapletal 2015-05-14 14:03:59 EDT 
Create a CV with at least one module and promote it on a system that does not have reverse DNS record (e.g. some beaker machines):

E, [2015-05-14T13:56:31.419762 #23462] ERROR -- : Unable to resolve hostname for connecting client - 10.16.65.186. If it's to be a trusted host, ensure it has a reverse DNS entry.

There is currently no workaround for this, you cannot continue until you fix this.

We should either:

A) Give the user some way to workaround this (extra switch)

or

B) Error out before installation if reverse DNS is not set (I was under imporession we already do this, apparently this is not working for Beta).
Comment 1 Lukas Zapletal 2015-05-14 14:10:47 EDT 
Upstream in the authorize_with_trusted_hosts method we already introduce a "forward_verify" flag. We need to backport this and to introduce another one "reverse_verify". Both flags are a decent workaround for all cases.
Comment 2 RHEL Product and Program Management 2015-05-14 14:22:38 EDT 
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 5 Bryan Kearney 2016-07-26 11:25:24 EDT 
Moving 6.2 bugs out to sat-backlog.
Comment 6 Bryan Kearney 2016-07-26 11:45:10 EDT 
Moving 6.2 bugs out to sat-backlog.
Comment 8 Stephen Benjamin 2016-08-25 12:43:23 EDT 
I tested this and this works fine, reverse DNS is only a fallback.  The proxy looks at the CN of the certificate now in trusted hosts first, so even if customer reverse DNS is broken, promotion still works.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.