Description of problem: Current version of Kobo uses socket.getfqdn() which collects the worker's source IP address and look it up in DNS. If the PTR record of that IP address in DNS doesn't match the username it claims, Hub will fail and complain "Worker's FQDN (...) doesn't match username (...)". I don't think it is a good idea to validate the reverse DNS (PTR record). 1. Unless you are the NS administrator of that IP address or operate your own local NS servers, it is impossible to control the PTR record of an IP address. It is unreliable to use an external DNS. 2. We are able to have multiple domain names that point to the same IP address, but an IP address can only have a single PTR record. It is common to run several services on a single host but you can't match the PTR record with every domain names. 3. It is also impossible to run a worker behind NAT... 4. I believe it is safe enough to allow a worker ti connect with correct credential. Version-Release number of selected component (if applicable): master branch
We used an entry in /etc/hosts to work around this. Not sure if it covers all the cases though...
Any consideration to remove the validation? It will be very helpful to run Kobo based application on Docker or other cloud computing platform. This patch may help. From aa90390785557684e539ab85c68e8446bca5fdc9 Mon Sep 17 00:00:00 2001 From: Rayson zhu <vfreex+git> Date: Fri, 21 Oct 2016 22:50:26 +0800 Subject: [PATCH] remove reverse DNS validation for Kobo worker --- kobo/hub/decorators.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/kobo/hub/decorators.py b/kobo/hub/decorators.py index 2bc64e5..d54bb11 100644 --- a/kobo/hub/decorators.py +++ b/kobo/hub/decorators.py @@ -16,11 +16,6 @@ def validate_worker(func): if getattr(request, 'worker', None) is None: raise SuspiciousOperation("User doesn't match any worker: %s" % request.user.username) - fqdn = socket.getfqdn(request.META["REMOTE_ADDR"]) - prefix, hostname = request.user.username.split("/", 1) - if hostname != fqdn: - raise SuspiciousOperation("Worker's FQDN (%s) doesn't match username (%s)" % (fqdn, hostname)) - return func(request, *args, **kwargs) _new_func.__name__ = func.__name__ -- 2.7.4
Fixed upstream: https://github.com/release-engineering/kobo/commit/6d83e409dcf56806b433c10012717b3551c69a4f Moving to MODIFIED until I build a new kobo build in koji.
(In reply to Daniel Mach from comment #3) > Fixed upstream: > https://github.com/release-engineering/kobo/commit/ > 6d83e409dcf56806b433c10012717b3551c69a4f > > Moving to MODIFIED until I build a new kobo build in koji. Thank you. That'll be very helpful!
This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle. Changing version to '26'.
kobo-0.6.0-1.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-37ed4d4db6
kobo-0.6.0-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0579784f53
kobo-0.6.0-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-6b7dcfe861
kobo-0.6.0-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-57639ea44b
kobo-0.6.0-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-bc3c16a54f
kobo-0.6.0-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-bc3c16a54f
kobo-0.6.0-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-6b7dcfe861
kobo-0.6.0-1.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-57639ea44b
kobo-0.6.0-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0579784f53
kobo-0.6.0-1.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-37ed4d4db6
kobo-0.6.0-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
kobo-0.6.0-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
kobo-0.6.0-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
kobo-0.6.0-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
kobo-0.6.0-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.