Bug 1546838 - [RFE] Refuse to deploy on localhost.localdomain
Summary: [RFE] Refuse to deploy on localhost.localdomain
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine
Version: 4.0.7
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ovirt-4.4.0
: 4.4.0
Assignee: Asaf Rachmani
QA Contact: Petr Matyáš
URL: http://post-office.corp.redhat.com/ar...
Whiteboard:
: 1465561 (view as bug list)
Depends On: 1465561
Blocks: 1701526 1780058
TreeView+ depends on / blocked
 
Reported: 2018-02-19 18:01 UTC by Robert McSwain
Modified: 2020-08-04 13:16 UTC (History)
13 users (show)

Fixed In Version: ovirt-setup-lib-1.3.0
Doc Type: Enhancement
Doc Text:
The current release displays a new warning when you use 'localhost' as an FQDN: "[WARNING] Using the name 'localhost' is not recommended, and may cause problems later on."
Clone Of:
Environment:
Last Closed: 2020-08-04 13:16:05 UTC
oVirt Team: Integration
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:3247 0 None None None 2020-08-04 13:16:42 UTC
oVirt gerrit 99342 0 'None' MERGED hostname: Add warning when FQDN is 'localhost' 2020-09-09 20:22:40 UTC

Description Robert McSwain 2018-02-19 18:01:06 UTC
Description of problem:
In engine-setup there are a number of places where it is requested that the user specify the hostname for use of a proxy or image-uploader. If the user chooses "localhost" rather than the FQDN this can lead to issues like the following:

~~~
When attempting to upload a disk image directly, I get a 'network error' 
https://access.redhat.com/solutions/2730191

The database of a user who chose "localhost" rather than the FQDN will appear like so: 

engine=> select * from vdc_options where option_name='ImageProxyAddress';
 option_id |    option_name    |  option_value   | version 
-----------+-------------------+-----------------+---------
      1109 | ImageProxyAddress | localhost:54323 | general

Support is seeing cases where this has to manually be changed after the setup with the following command, where "FQDN" is the full hostname of the RHV-M:

[root@rhv-m ~]# /usr/share/ovirt-engine/dbscripts/engine-psql.sh -c "update vdc_options set option_value = 'FQDN:54323' where option_value = 'localhost:54323';"
UPDATE 1

On a properly configured manager this should appear like the following after an initial install:

[root@rhv-m ~]# /usr/share/ovirt-engine/dbscripts/engine-psql.sh -c "select * from vdc_options where option_name='ImageProxyAddress';"

Which should give you the following with the FQDN set properly:

 option_id |    option_name    | option_value | version 
-----------+-------------------+--------------+---------
      1109 | ImageProxyAddress | FQDN:54323   | general
~~~

This bug is opened for engineering to specify when "localhost" is not an acceptable value in engine-setup and the user should instead use the FQDN of whichever server will be in use, even if it is the RHV-M itself.

Version-Release number of selected component (if applicable):
RHV 4.0

How reproducible:
100%

Comment 1 Jiri Belka 2018-03-15 15:59:28 UTC
The hosts could have localhost.localdomain too and I once submitted bug and it was closed that it's sysadmin fault - it prevents migration between hosts.

And IIUC during engine hostname change this and other things are not renamed too (maybe there is/was a BZ about this)...

Comment 2 Daniel Erez 2018-03-18 13:02:02 UTC
We have an warning in engine-setup when specifying 'localhost' as a DNS name [*].
Hence, to avoid such configuration, it should probably be an error instead, and block the installation.

[*]
 --== NETWORK CONFIGURATION ==--
Host fully qualified DNS name of this server: localhost
[WARNING] Host name localhost has no domain suffix
[WARNING] Failed to resolve localhost using DNS, it can be resolved only locally
          Setup can automatically configure the firewall on this system.
          Note: automatic configuration of the firewall may overwrite current settings.
          NOTICE: iptables is deprecated and will be removed in future releases

Comment 3 Robert McSwain 2018-03-19 15:48:04 UTC
I'd say that the wording of "Failed to resolve localhost using DNS, it can be resolved only locally" doesn't cover the situation listed in the initial bug though. Even though we'd only be working within the RHV-M here (locally) the image uploads will still fail due to not having an FQDN. 

Given how much this can break in RHV I request stronger language be in use for the warnings here as this falls in the "an ounce of prevention is worth a pound of cure" category and that we should change the wording to explicitly note that using "localhost" can cause major failures requiring the assistance of support or engineering for the deployment later on. Only do this if you are aware of the inherent problems that come with using "localhost" over a fully qualified domain name.

Comment 4 Sandro Bonazzola 2019-01-21 08:28:26 UTC
re-targeting to 4.3.1 since this BZ has not been proposed as blocker for 4.3.0.
If you think this bug should block 4.3.0 please re-target and set blocker flag.

Comment 6 Sandro Bonazzola 2019-02-18 07:54:48 UTC
Moving to 4.3.2 not being identified as blocker for 4.3.1.

Comment 7 Yedidyah Bar David 2019-03-25 08:26:40 UTC
It seems to me like the specific issue with imageio-proxy isn't a 'localhost' fqdn but bug 1650177.

It's been a very long time since I installed an OS from a CD/DVD (image, even), and with PXE installs, all modern installers set the hostname from PXE/DHCP/DNS (and should be fixed, if they do not). So normally, users should have a sensible hostname without extra effort, and engine-setup defaults to the hostname. If users do have 'localhost' as hostname, or deliberately input that as fqdn, we should warn, but not prevent. IMO. We currently do not have a warning specific to this, IIRC, but it should be easy to add one (much easier than prevent, because if we prevent, someone will later on ask to allow bypassing the prevention...).

Makes sense?

Comment 8 Robert McSwain 2019-04-08 18:39:28 UTC
That sounds great to me. Even just a warning would fit my needs to let users know that this is a bad practice for reasons X, Y, and Z. Thanks!

Comment 9 Asaf Rachmani 2019-06-23 08:07:28 UTC
*** Bug 1465561 has been marked as a duplicate of this bug. ***

Comment 13 Petr Matyáš 2019-12-03 15:15:57 UTC
Verified on ovirt-engine-4.4.0-0.6.master.el7.noarch

The setup completes successfully, throwing:
[WARNING] Using the name 'localhost' is not recommended, and may cause problems later on.
couple times, it's actually thrown 3 times after confirming I'm sure.

Comment 15 Asaf Rachmani 2019-12-05 07:39:43 UTC
Petr, Is there a bug about the warning thrown 3 times in a row?

Comment 16 Petr Matyáš 2019-12-05 09:10:23 UTC
No there is not, I wasn't sure it was a bug or a feature.
And now the engine with all the logs is long gone.

Comment 17 Asaf Rachmani 2019-12-05 09:21:43 UTC
Can you please try to reproduce?

Comment 18 RHV bug bot 2019-12-13 13:14:14 UTC
WARN: Bug status (VERIFIED) wasn't changed but the folowing should be fixed:

[Found non-acked flags: '{}', ]

For more info please contact: rhv-devops@redhat.comINFO: Bug status (VERIFIED) wasn't changed but the folowing should be fixed:

[Found non-acked flags: '{}', ]

For more info please contact: rhv-devops@redhat.com

Comment 19 RHV bug bot 2019-12-20 17:44:08 UTC
WARN: Bug status (VERIFIED) wasn't changed but the folowing should be fixed:

[Found non-acked flags: '{}', ]

For more info please contact: rhv-devops@redhat.comINFO: Bug status (VERIFIED) wasn't changed but the folowing should be fixed:

[Found non-acked flags: '{}', ]

For more info please contact: rhv-devops@redhat.com

Comment 20 RHV bug bot 2020-01-08 14:46:51 UTC
WARN: Bug status (VERIFIED) wasn't changed but the folowing should be fixed:

[Found non-acked flags: '{}', ]

For more info please contact: rhv-devops@redhat.comINFO: Bug status (VERIFIED) wasn't changed but the folowing should be fixed:

[Found non-acked flags: '{}', ]

For more info please contact: rhv-devops@redhat.com

Comment 21 RHV bug bot 2020-01-08 15:14:59 UTC
WARN: Bug status (VERIFIED) wasn't changed but the folowing should be fixed:

[Found non-acked flags: '{}', ]

For more info please contact: rhv-devops@redhat.comINFO: Bug status (VERIFIED) wasn't changed but the folowing should be fixed:

[Found non-acked flags: '{}', ]

For more info please contact: rhv-devops@redhat.com

Comment 22 RHV bug bot 2020-01-24 19:48:37 UTC
WARN: Bug status (VERIFIED) wasn't changed but the folowing should be fixed:

[Found non-acked flags: '{}', ]

For more info please contact: rhv-devops@redhat.comINFO: Bug status (VERIFIED) wasn't changed but the folowing should be fixed:

[Found non-acked flags: '{}', ]

For more info please contact: rhv-devops@redhat.com

Comment 26 errata-xmlrpc 2020-08-04 13:16:05 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:3247


Note You need to log in before you can comment on or make changes to this bug.