Description of problem: When setting the global setting remote_execution_connect_by_ip to TRUE and the host setting tor FALSE the remote execution still uses the IP adress Version-Release number of selected component (if applicable): - Satellite 6.8.6 - Satellite 6.9.4 How reproducible: - Tested via Ansible command because it gave back a proper debug log - Set the default verbosity level to -vvv to get the same output Steps to Reproduce: 1. Set global remote_execution_connect_by_ip setting to TRUE (yes) 2. Set parameter for host remote_execution_connect_by_ip = true (boolean) 3. Run remote command via Ansible Actual results: The remote execution (via Ansible) is using the IP adress: <192.168.4.199> SSH: EXEC ssh -o ProxyCommand=none -o StrictHostKeyChecking=no -o Port=22 -o 'IdentityFile="/usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 192.168.4.199 '/bin/sh -c '"'"'echo ~root && sleep 0'"'"'' Expected results: The remote command should use the dns name of the host like this: <fluffy.example.com> SSH: EXEC ssh -o ProxyCommand=none -o StrictHostKeyChecking=no -o Port=22 -o 'IdentityFile="/usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 fluffy.example.com '/bin/sh -c '"'"'echo ~root && sleep 0'"'"'' Additional info: Tested settings Scenario | Global | Host | Status ------------------------------------------------ Scenario 1 | IP | DNS | Still uses the IP Scenario 2 | DNS | None | Uses DNS Scenario 3 | DNS | IP | Uses IP
Created redmine issue https://projects.theforeman.org/issues/33242 from this bug
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/33242 has been resolved.
Created attachment 1814947 [details] HOTFIX RPM for Satellite 6.8.6 HOTFIX RPM for Satellite 6.8.6 INSTALL INSTRUCTIONS: 1. Take a complete backup or snapshot of Satellite 6.8.6 server 2. Download the hotfix RPM attached to this BZ and copy it to Satellite server 3. # yum install tfm-rubygem-foreman_remote_execution-3.3.7.2-3.HOTFIXRHBZ1992624.el7sat.noarch.rpm --disableplugin=foreman-protector 4. # systemctl restart httpd
Created attachment 1815192 [details] Optional tfm-rubygem-foreman_remote_execution-cockpit hotfix RPM The previous hotfix can fail to install with a dependency conflict when tfm-rubygem-foreman_remote_execution-cockpit is installed This dependency conflict is due solely to bumped release number in the hotfix RPM, so one workaround is to ignore the dependency conflict and install anyway since there is no corresponding change in the code that is actually required for the cockpit plugin The other workaround is to also install tfm-rubygem-foreman_remote_execution-cockpit with a bumped release number to satisfy the dependency. I've attached a 2nd "hotfix" RPM for the cockpit plugin, which is identical to the non-hotfix version in every way except that the release number is bumped.
The original fix should work for non-ansible REX. Ansible will need this PR[1]. Kudos to smeyer for pointing this out [1] - https://github.com/theforeman/foreman_ansible/pull/449
After adding Adams fix from #9 it works. So we need that one too.
Attached Redmine https://projects.theforeman.org/issues/33284 for the related foreman_ansible issue to this BZ for tracking. When https://github.com/theforeman/foreman_ansible/pull/449 is reviewed and merged, I can build a hotfix RPM for tfm-rubygem-foreman_ansible
https://github.com/theforeman/foreman_ansible/pull/449 is now reviewed and merged
Created attachment 1819117 [details] tfm-rubygem-foreman_ansible hotfix RPM for Satellite 6.8.6 HOTFIX RPM is available for foreman_ansible plugin The installation steps are the same as before but with this additional RPM
Verified on Satellite 6.10 sn 23
@wclark - looking over the previous 6.9.7 triage notes, the query used to determine hotfixes was checking only items that contained a 6.9.z flag. So perhaps that is the root of the issue?
Created attachment 1842428 [details] HOTFIX tfm-rubygem-foreman_ansible RPM for Satellite 6.9.7
Created attachment 1842429 [details] HOTFIX tfm-rubygem-foreman_remote_execution RPM for Satellite 6.9.7
Created attachment 1842430 [details] HOTFIX tfm-rubygem-foreman_remote_execution-cockpit RPM for Satellite 6.9.7
HOTFIX RPMs are available for Satellite 6.9.7 To obtain the Hotfix RPMs, download the below Bugzilla attachments: - HOTFIX tfm-rubygem-foreman_ansible RPM for Satellite 6.9.7 - HOTFIX tfm-rubygem-foreman_remote_execution RPM for Satellite 6.9.7 - HOTFIX tfm-rubygem-foreman_remote_execution-cockpit RPM for Satellite 6.9.7 INSTALL INSTRUCTIONS: 1. Take a complete backup or snapshot of Satellite 6.9.7 server 2. Copy the downloaded Hotfix RPMs to Satellite server 3. # yum install tfm-rubygem-foreman_remote_execution-4.2.3.1-2.HOTFIXRHBZ1992624.el7sat.noarch.rpm \ tfm-rubygem-foreman_remote_execution-cockpit-4.2.3.1-2.HOTFIXRHBZ1992624.el7sat.noarch.rpm \ tfm-rubygem-foreman_ansible-6.1.1-2.HOTFIXRHBZ1992624.el7sat.noarch.rpm \ --disableplugin=foreman-protector 4. # satellite-maintain service restart
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Satellite 6.11 Release), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5498