Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1243566 - [RFE] katello-installer should do dns forward reverse validation
Summary: [RFE] katello-installer should do dns forward reverse validation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Installation
Version: 6.1.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: Unspecified
Assignee: Chris Roberts
QA Contact: Peter Ondrejka
URL: http://projects.theforeman.org/issues...
Whiteboard:
: 1219503 1346080 (view as bug list)
Depends On:
Blocks: 1466688 1525544
TreeView+ depends on / blocked
 
Reported: 2015-07-15 19:31 UTC by Dave Sullivan
Modified: 2019-10-10 09:57 UTC (History)
9 users (show)

Fixed In Version: katello-installer-base-3.4.5.12
Doc Type: Enhancement
Doc Text:
Clone Of:
: 1487519 (view as bug list)
Environment:
Last Closed: 2018-02-21 16:54:37 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 15905 0 None None None 2016-07-29 14:27:14 UTC

Description Dave Sullivan 2015-07-15 19:31:16 UTC 
Description of problem:

If this product depends on proper forward and reverse dns then the installer should validate that.

Here's an example of a server that is not getting the right hostname with reverse dns.

[root@cragsat61 foreman-proxy]# hostnamectl
   Static hostname: cragsat61.usersys.redhat.com
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 1b96bb6696a143219c9183471cc13e7e
           Boot ID: 43ab780a2d0a45eeaf0b17c6fb3df24a
    Virtualization: kvm
  Operating System: Red Hat
       CPE OS Name: cpe:/o:redhat:enterprise_linux:7.1:GA:server
            Kernel: Linux 3.10.0-229.7.2.el7.x86_64
      Architecture: x86_64
[root@cragsat61 foreman-proxy]# host cragsat61.usersys.redhat.com
cragsat61.usersys.redhat.com has address 10.13.145.116
[root@cragsat61 foreman-proxy]# host 10.13.145.116
116.145.13.10.in-addr.arpa domain name pointer dhcp145-116.rdu.redhat.com.

This causes the following foreman proxy error

[root@cragsat61 foreman-proxy]# cat proxy.log
I, [2015-07-15T03:35:02.784001 #21467]  INFO -- : 'pulpnode' module is disabled.
W, [2015-07-15T03:35:02.784256 #21467]  WARN -- : Couldn't find settings file /etc/foreman-proxy/settings.d/foreman_proxy.yml. Using default settings.
I, [2015-07-15T03:35:02.784378 #21467]  INFO -- : 'foreman_proxy' settings were initialized with default values: :enabled: true
I, [2015-07-15T03:35:02.787436 #21467]  INFO -- : 'facts' module is disabled.
I, [2015-07-15T03:35:02.787932 #21467]  INFO -- : 'dns' module is disabled.
I, [2015-07-15T03:35:02.791412 #21467]  INFO -- : 'tftp' module is disabled.
I, [2015-07-15T03:35:02.791787 #21467]  INFO -- : 'dhcp' module is disabled.
I, [2015-07-15T03:35:03.443661 #21467]  INFO -- : 'puppet' settings were initialized with default values: :puppet_provider: puppetrun, :puppetdir: /etc/puppet
I, [2015-07-15T03:35:03.448143 #21467]  INFO -- : 'bmc' module is disabled.
I, [2015-07-15T03:35:03.448642 #21467]  INFO -- : 'realm' module is disabled.
E, [2015-07-15T14:49:52.845480 #21478] ERROR -- : Untrusted client dhcp145-116.rdu.redhat.com attempted to access /environments/KT_davesworld_Library_daveview1_5/classes. Check :trusted_hosts: in settings.yml
10.13.145.116 - - [15/Jul/2015 14:49:52] "GET /puppet/environments/KT_davesworld_Library_daveview1_5/classes HTTP/1.1" 403 158 0.0277

Se untrusted client above




Version-Release number of selected component (if applicable):


6.1 public beta

How reproducible:

create a content view and try to publish promote when reverse dns points to different fqdn


Actual results:



Expected results:

Installer should run this test pre installation and kick out if there is an issue with forward or reverse dns


Additional info:
Comment 1 Dave Sullivan 2015-07-15 19:59:57 UTC 
Workaround to bad reverse dns

Add your reverse fqdn to trusted_hosts

vi /etc/foreman-proxy/settings.yml

:trusted_hosts:
  - cragsat61.usersys.redhat.com
  - cragsat61.usersys.redhat.com
  - dhcp145-116.rdu.redhat.com


restart the foreman-proxy service

But you probably should correct your dns
Comment 2 Chris Roberts 2016-07-07 13:36:43 UTC 
*** Bug 1346080 has been marked as a duplicate of this bug. ***
Comment 3 Bryan Kearney 2016-07-08 20:21:37 UTC 
Per 6.3 planning, moving out non acked bugs to the backlog
Comment 5 Stephen Benjamin 2016-07-29 14:27:12 UTC 
Created redmine issue http://projects.theforeman.org/issues/15905 from this bug
Comment 6 Chris Roberts 2016-10-10 22:47:05 UTC 
*** Bug 1219503 has been marked as a duplicate of this bug. ***
Comment 7 Satellite Program 2017-10-25 22:06:50 UTC 
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/15905 has been resolved.
Comment 16 Satellite Program 2018-02-21 16:54:37 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.
> > 
> > For information on the advisory, and where to find the updated files, follow the link below.
> > 
> > If the solution does not work for you, open a new bug report.
> > 
> > https://access.redhat.com/errata/RHSA-2018:0336
Note You need to log in before you can comment on or make changes to this bug.