Bug 1243566 - [RFE] katello-installer should do dns forward reverse validation
Summary: [RFE] katello-installer should do dns forward reverse validation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Installer
Version: 6.1.0
Hardware: Unspecified
OS: Unspecified
high
high vote
Target Milestone: Unspecified
Assignee: Chris Roberts
QA Contact: Peter Ondrejka
URL: http://projects.theforeman.org/issues...
Whiteboard:
: 1219503 1346080 (view as bug list)
Depends On:
Blocks: 1466688 1525544
TreeView+ depends on / blocked
 
Reported: 2015-07-15 19:31 UTC by Dave Sullivan
Modified: 2019-04-01 20:27 UTC (History)
9 users (show)

Fixed In Version: katello-installer-base-3.4.5.12
Doc Type: Enhancement
Doc Text:
Clone Of:
: 1487519 (view as bug list)
Environment:
Last Closed: 2018-02-21 16:54:37 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Foreman Issue Tracker 15905 None None None 2016-07-29 14:27:14 UTC

Description Dave Sullivan 2015-07-15 19:31:16 UTC
Description of problem:

If this product depends on proper forward and reverse dns then the installer should validate that.

Here's an example of a server that is not getting the right hostname with reverse dns.

[root@cragsat61 foreman-proxy]# hostnamectl
   Static hostname: cragsat61.usersys.redhat.com
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 1b96bb6696a143219c9183471cc13e7e
           Boot ID: 43ab780a2d0a45eeaf0b17c6fb3df24a
    Virtualization: kvm
  Operating System: Red Hat
       CPE OS Name: cpe:/o:redhat:enterprise_linux:7.1:GA:server
            Kernel: Linux 3.10.0-229.7.2.el7.x86_64
      Architecture: x86_64
[root@cragsat61 foreman-proxy]# host cragsat61.usersys.redhat.com
cragsat61.usersys.redhat.com has address 10.13.145.116
[root@cragsat61 foreman-proxy]# host 10.13.145.116
116.145.13.10.in-addr.arpa domain name pointer dhcp145-116.rdu.redhat.com.

This causes the following foreman proxy error

[root@cragsat61 foreman-proxy]# cat proxy.log
I, [2015-07-15T03:35:02.784001 #21467]  INFO -- : 'pulpnode' module is disabled.
W, [2015-07-15T03:35:02.784256 #21467]  WARN -- : Couldn't find settings file /etc/foreman-proxy/settings.d/foreman_proxy.yml. Using default settings.
I, [2015-07-15T03:35:02.784378 #21467]  INFO -- : 'foreman_proxy' settings were initialized with default values: :enabled: true
I, [2015-07-15T03:35:02.787436 #21467]  INFO -- : 'facts' module is disabled.
I, [2015-07-15T03:35:02.787932 #21467]  INFO -- : 'dns' module is disabled.
I, [2015-07-15T03:35:02.791412 #21467]  INFO -- : 'tftp' module is disabled.
I, [2015-07-15T03:35:02.791787 #21467]  INFO -- : 'dhcp' module is disabled.
I, [2015-07-15T03:35:03.443661 #21467]  INFO -- : 'puppet' settings were initialized with default values: :puppet_provider: puppetrun, :puppetdir: /etc/puppet
I, [2015-07-15T03:35:03.448143 #21467]  INFO -- : 'bmc' module is disabled.
I, [2015-07-15T03:35:03.448642 #21467]  INFO -- : 'realm' module is disabled.
E, [2015-07-15T14:49:52.845480 #21478] ERROR -- : Untrusted client dhcp145-116.rdu.redhat.com attempted to access /environments/KT_davesworld_Library_daveview1_5/classes. Check :trusted_hosts: in settings.yml
10.13.145.116 - - [15/Jul/2015 14:49:52] "GET /puppet/environments/KT_davesworld_Library_daveview1_5/classes HTTP/1.1" 403 158 0.0277

Se untrusted client above




Version-Release number of selected component (if applicable):


6.1 public beta

How reproducible:

create a content view and try to publish promote when reverse dns points to different fqdn


Actual results:



Expected results:

Installer should run this test pre installation and kick out if there is an issue with forward or reverse dns


Additional info:

Comment 1 Dave Sullivan 2015-07-15 19:59:57 UTC
Workaround to bad reverse dns

Add your reverse fqdn to trusted_hosts

vi /etc/foreman-proxy/settings.yml

:trusted_hosts:
  - cragsat61.usersys.redhat.com
  - cragsat61.usersys.redhat.com
  - dhcp145-116.rdu.redhat.com


restart the foreman-proxy service

But you probably should correct your dns

Comment 2 Chris Roberts 2016-07-07 13:36:43 UTC
*** Bug 1346080 has been marked as a duplicate of this bug. ***

Comment 3 Bryan Kearney 2016-07-08 20:21:37 UTC
Per 6.3 planning, moving out non acked bugs to the backlog

Comment 5 Stephen Benjamin 2016-07-29 14:27:12 UTC
Created redmine issue http://projects.theforeman.org/issues/15905 from this bug

Comment 6 Chris Roberts 2016-10-10 22:47:05 UTC
*** Bug 1219503 has been marked as a duplicate of this bug. ***

Comment 7 pm-sat@redhat.com 2017-10-25 22:06:50 UTC
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/15905 has been resolved.

Comment 16 pm-sat@redhat.com 2018-02-21 16:54:37 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> > 
> > For information on the advisory, and where to find the updated files, follow the link below.
> > 
> > If the solution does not work for you, open a new bug report.
> > 
> > https://access.redhat.com/errata/RHSA-2018:0336


Note You need to log in before you can comment on or make changes to this bug.