This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 883074 - Dns SRV records are sent to an empty domain
Dns SRV records are sent to an empty domain
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-config (Show other bugs)
3.1.0
Unspecified Unspecified
unspecified Severity unspecified
: ---
: 3.2.0
Assigned To: Yair Zaslavsky
Ilanit Stein
infra
: ZStream
Depends On:
Blocks: 883361 915537
  Show dependency treegraph
 
Reported: 2012-12-03 12:52 EST by Yair Zaslavsky
Modified: 2016-02-10 14:05 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 883361 (view as bug list)
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
istein: needinfo+


Attachments (Terms of Use)

  None (edit)
Description Yair Zaslavsky 2012-12-03 12:52:55 EST
Description of problem:

Although users use manage-domains correctly, DNS queries are sent to an empty domain string.
This is a regression as a result of fix for https://bugzilla.redhat.com/show_bug.cgi?id=871591

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 3 Ilanit Stein 2013-02-28 09:39:49 EST
I've tried to verify it on sf-8:
A domain was added, and got the engine-manage-domains.log bellow.
Where can I see the "a DNS srv record query is sent (a proper one)" (yzaslavs) please?

engine-manage-domains.log:  

2013-02-28 16:18:40,640 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): qa.lab.tlv.redhat.com
2013-02-28 16:18:40,677 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): qa.lab.tlv.redhat.com
2013-02-28 16:18:40,677 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: qa.lab.tlv.redhat.com
2013-02-28 16:18:41,030 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully tested kerberos configuration for domain: qa.lab.tlv.redhat.com
2013-02-28 16:18:41,032 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Applying kerberos configuration
2013-02-28 16:18:41,032 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] uuid: 9b9002d1-ec33-4083-8a7b-31f6b8931648 username: vdcadmin@QA.LAB.TLV.REDHAT.COM domain: qa.lab.tlv.redhat.com
2013-02-28 16:18:41,081 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for AdUserName to qa.lab.tlv.redhat.com:vdcadmin@QA.LAB.TLV.REDHAT.COM
2013-02-28 16:18:42,474 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for AdUserPassword to qa.lab.tlv.redhat.com:********
2013-02-28 16:18:44,080 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for LdapServers to
2013-02-28 16:18:45,510 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for AdUserId to qa.lab.tlv.redhat.com:9b9002d1-ec33-4083-8a7b-31f6b8931648
2013-02-28 16:18:46,868 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for LDAPSecurityAuthentication to qa.lab.tlv.redhat.com:GSSAPI
2013-02-28 16:18:48,357 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for DomainName to qa.lab.tlv.redhat.com
2013-02-28 16:18:49,738 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for LDAPProviderTypes to qa.lab.tlv.redhat.com:activeDirectory
Comment 4 Yair Zaslavsky 2013-02-28 10:55:26 EST
(In reply to comment #3)
> I've tried to verify it on sf-8:
> A domain was added, and got the engine-manage-domains.log bellow.
> Where can I see the "a DNS srv record query is sent (a proper one)"
> (yzaslavs) please?
> 
> engine-manage-domains.log:  
> 
> 2013-02-28 16:18:40,640 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos
> configuration for domain(s): qa.lab.tlv.redhat.com
> 2013-02-28 16:18:40,677 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created
> kerberos configuration for domain(s): qa.lab.tlv.redhat.com
> 2013-02-28 16:18:40,677 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos
> configuration for domain: qa.lab.tlv.redhat.com
> 2013-02-28 16:18:41,030 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully tested
> kerberos configuration for domain: qa.lab.tlv.redhat.com
> 2013-02-28 16:18:41,032 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Applying kerberos
> configuration
> 2013-02-28 16:18:41,032 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] uuid:
> 9b9002d1-ec33-4083-8a7b-31f6b8931648 username:
> vdcadmin@QA.LAB.TLV.REDHAT.COM domain: qa.lab.tlv.redhat.com
> 2013-02-28 16:18:41,081 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value
> for AdUserName to qa.lab.tlv.redhat.com:vdcadmin@QA.LAB.TLV.REDHAT.COM
> 2013-02-28 16:18:42,474 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value
> for AdUserPassword to qa.lab.tlv.redhat.com:********
> 2013-02-28 16:18:44,080 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value
> for LdapServers to
> 2013-02-28 16:18:45,510 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value
> for AdUserId to qa.lab.tlv.redhat.com:9b9002d1-ec33-4083-8a7b-31f6b8931648
> 2013-02-28 16:18:46,868 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value
> for LDAPSecurityAuthentication to qa.lab.tlv.redhat.com:GSSAPI
> 2013-02-28 16:18:48,357 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value
> for DomainName to qa.lab.tlv.redhat.com
> 2013-02-28 16:18:49,738 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value
> for LDAPProviderTypes to qa.lab.tlv.redhat.com:activeDirectory

You can't verify it using the log.
You need to use tcpdump and actually capture dns SRV calls, and analyze them to see engine-manage-domains issues the correct dns SRV calls
Comment 5 Ilanit Stein 2013-04-04 09:46:16 EDT
Verified on sf-12:

[1] Added a domain by:
rhevm-manage-domains  -action=add -addPermissions -domain=qa.lab.tlv.redhat.com -user=vdcadmin  -interactive -provider=activeDirectory

[2] tcpdump record for DNS port 'tcpdump -s 1500 port 53' run in paralll to [1]:
machine request ldap srv record, and in reply it got the info on the machine + the ldap port to use (389):
 
15:12:32.884344 IP vm-161-161.scl.lab.tlv.redhat.com.48451 > ns2.eng.tlv.redhat.com.domain: 1+ SRV? _ldap._tcp.qa.lab.tlv.redhat.com. (50)
15:12:32.884925 IP ns2.eng.tlv.redhat.com.domain > vm-161-161.scl.lab.tlv.redhat.com.48451: 1 1/1/2 SRV qa1.qa.lab.tlv.redhat.com.:389 0 100 (145)
15:12:32.954756 IP vm-161-161.scl.lab.tlv.redhat.com.47033 > ns2.eng.tlv.redhat.com.domain: 60846+ A? qa1.qa.lab.tlv.redhat.com. (43)
15:12:32.954842 IP vm-161-161.scl.lab.tlv.redhat.com.47033 > ns2.eng.tlv.redhat.com.domain: 30006+ AAAA? qa1.qa.lab.tlv.redhat.com. (43)
15:12:32.955335 IP ns2.eng.tlv.redhat.com.domain > vm-161-161.scl.lab.tlv.redhat.com.47033: 60846 1/1/1 A 10.35.64.1 (93)
15:12:32.955350 IP ns2.eng.tlv.redhat.com.domain > vm-161-161.scl.lab.tlv.redhat.com.47033: 30006 0/1/0 (90)
Comment 6 Itamar Heim 2013-06-11 04:34:26 EDT
3.2 has been released
Comment 7 Itamar Heim 2013-06-11 04:34:33 EDT
3.2 has been released
Comment 8 Itamar Heim 2013-06-11 04:34:43 EDT
3.2 has been released
Comment 9 Itamar Heim 2013-06-11 04:43:33 EDT
3.2 has been released

Note You need to log in before you can comment on or make changes to this bug.