Description of problem: In engine-setup there are a number of places where it is requested that the user specify the hostname for use of a proxy or image-uploader. If the user chooses "localhost" rather than the FQDN this can lead to issues like the following: ~~~ When attempting to upload a disk image directly, I get a 'network error' https://access.redhat.com/solutions/2730191 The database of a user who chose "localhost" rather than the FQDN will appear like so: engine=> select * from vdc_options where option_name='ImageProxyAddress'; option_id | option_name | option_value | version -----------+-------------------+-----------------+--------- 1109 | ImageProxyAddress | localhost:54323 | general Support is seeing cases where this has to manually be changed after the setup with the following command, where "FQDN" is the full hostname of the RHV-M: [root@rhv-m ~]# /usr/share/ovirt-engine/dbscripts/engine-psql.sh -c "update vdc_options set option_value = 'FQDN:54323' where option_value = 'localhost:54323';" UPDATE 1 On a properly configured manager this should appear like the following after an initial install: [root@rhv-m ~]# /usr/share/ovirt-engine/dbscripts/engine-psql.sh -c "select * from vdc_options where option_name='ImageProxyAddress';" Which should give you the following with the FQDN set properly: option_id | option_name | option_value | version -----------+-------------------+--------------+--------- 1109 | ImageProxyAddress | FQDN:54323 | general ~~~ This bug is opened for engineering to specify when "localhost" is not an acceptable value in engine-setup and the user should instead use the FQDN of whichever server will be in use, even if it is the RHV-M itself. Version-Release number of selected component (if applicable): RHV 4.0 How reproducible: 100%
The hosts could have localhost.localdomain too and I once submitted bug and it was closed that it's sysadmin fault - it prevents migration between hosts. And IIUC during engine hostname change this and other things are not renamed too (maybe there is/was a BZ about this)...
We have an warning in engine-setup when specifying 'localhost' as a DNS name [*]. Hence, to avoid such configuration, it should probably be an error instead, and block the installation. [*] --== NETWORK CONFIGURATION ==-- Host fully qualified DNS name of this server: localhost [WARNING] Host name localhost has no domain suffix [WARNING] Failed to resolve localhost using DNS, it can be resolved only locally Setup can automatically configure the firewall on this system. Note: automatic configuration of the firewall may overwrite current settings. NOTICE: iptables is deprecated and will be removed in future releases
I'd say that the wording of "Failed to resolve localhost using DNS, it can be resolved only locally" doesn't cover the situation listed in the initial bug though. Even though we'd only be working within the RHV-M here (locally) the image uploads will still fail due to not having an FQDN. Given how much this can break in RHV I request stronger language be in use for the warnings here as this falls in the "an ounce of prevention is worth a pound of cure" category and that we should change the wording to explicitly note that using "localhost" can cause major failures requiring the assistance of support or engineering for the deployment later on. Only do this if you are aware of the inherent problems that come with using "localhost" over a fully qualified domain name.
re-targeting to 4.3.1 since this BZ has not been proposed as blocker for 4.3.0. If you think this bug should block 4.3.0 please re-target and set blocker flag.
Moving to 4.3.2 not being identified as blocker for 4.3.1.
It seems to me like the specific issue with imageio-proxy isn't a 'localhost' fqdn but bug 1650177. It's been a very long time since I installed an OS from a CD/DVD (image, even), and with PXE installs, all modern installers set the hostname from PXE/DHCP/DNS (and should be fixed, if they do not). So normally, users should have a sensible hostname without extra effort, and engine-setup defaults to the hostname. If users do have 'localhost' as hostname, or deliberately input that as fqdn, we should warn, but not prevent. IMO. We currently do not have a warning specific to this, IIRC, but it should be easy to add one (much easier than prevent, because if we prevent, someone will later on ask to allow bypassing the prevention...). Makes sense?
That sounds great to me. Even just a warning would fit my needs to let users know that this is a bad practice for reasons X, Y, and Z. Thanks!
*** Bug 1465561 has been marked as a duplicate of this bug. ***
Verified on ovirt-engine-4.4.0-0.6.master.el7.noarch The setup completes successfully, throwing: [WARNING] Using the name 'localhost' is not recommended, and may cause problems later on. couple times, it's actually thrown 3 times after confirming I'm sure.
Petr, Is there a bug about the warning thrown 3 times in a row?
No there is not, I wasn't sure it was a bug or a feature. And now the engine with all the logs is long gone.
Can you please try to reproduce?
WARN: Bug status (VERIFIED) wasn't changed but the folowing should be fixed: [Found non-acked flags: '{}', ] For more info please contact: rhv-devops: Bug status (VERIFIED) wasn't changed but the folowing should be fixed: [Found non-acked flags: '{}', ] For more info please contact: rhv-devops
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:3247