Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 883074

Summary: Dns SRV records are sent to an empty domain
Product: Red Hat Enterprise Virtualization Manager Reporter: Yair Zaslavsky <yzaslavs>
Component: ovirt-engine-configAssignee: Yair Zaslavsky <yzaslavs>
Status: CLOSED CURRENTRELEASE QA Contact: Ilanit Stein <istein>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.1.0CC: cpelland, dyasny, iheim, oourfali, oramraz, Rhev-m-bugs, sgrinber, ykaul
Target Milestone: ---Keywords: ZStream
Target Release: 3.2.0Flags: istein: needinfo+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 883361 (view as bug list) Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 883361, 915537    

Description Yair Zaslavsky 2012-12-03 17:52:55 UTC 
Description of problem:

Although users use manage-domains correctly, DNS queries are sent to an empty domain string.
This is a regression as a result of fix for https://bugzilla.redhat.com/show_bug.cgi?id=871591

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 3 Ilanit Stein 2013-02-28 14:39:49 UTC 
I've tried to verify it on sf-8:
A domain was added, and got the engine-manage-domains.log bellow.
Where can I see the "a DNS srv record query is sent (a proper one)" (yzaslavs) please?

engine-manage-domains.log:  

2013-02-28 16:18:40,640 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): qa.lab.tlv.redhat.com
2013-02-28 16:18:40,677 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): qa.lab.tlv.redhat.com
2013-02-28 16:18:40,677 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: qa.lab.tlv.redhat.com
2013-02-28 16:18:41,030 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully tested kerberos configuration for domain: qa.lab.tlv.redhat.com
2013-02-28 16:18:41,032 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomains] Applying kerberos configuration
2013-02-28 16:18:41,032 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] uuid: 9b9002d1-ec33-4083-8a7b-31f6b8931648 username: vdcadmin.TLV.REDHAT.COM domain: qa.lab.tlv.redhat.com
2013-02-28 16:18:41,081 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for AdUserName to qa.lab.tlv.redhat.com:vdcadmin.TLV.REDHAT.COM
2013-02-28 16:18:42,474 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for AdUserPassword to qa.lab.tlv.redhat.com:********
2013-02-28 16:18:44,080 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for LdapServers to
2013-02-28 16:18:45,510 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for AdUserId to qa.lab.tlv.redhat.com:9b9002d1-ec33-4083-8a7b-31f6b8931648
2013-02-28 16:18:46,868 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for LDAPSecurityAuthentication to qa.lab.tlv.redhat.com:GSSAPI
2013-02-28 16:18:48,357 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for DomainName to qa.lab.tlv.redhat.com
2013-02-28 16:18:49,738 INFO  [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for LDAPProviderTypes to qa.lab.tlv.redhat.com:activeDirectory
Comment 4 Yair Zaslavsky 2013-02-28 15:55:26 UTC 
(In reply to comment #3)
> I've tried to verify it on sf-8:
> A domain was added, and got the engine-manage-domains.log bellow.
> Where can I see the "a DNS srv record query is sent (a proper one)"
> (yzaslavs) please?
> 
> engine-manage-domains.log:  
> 
> 2013-02-28 16:18:40,640 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos
> configuration for domain(s): qa.lab.tlv.redhat.com
> 2013-02-28 16:18:40,677 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created
> kerberos configuration for domain(s): qa.lab.tlv.redhat.com
> 2013-02-28 16:18:40,677 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos
> configuration for domain: qa.lab.tlv.redhat.com
> 2013-02-28 16:18:41,030 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully tested
> kerberos configuration for domain: qa.lab.tlv.redhat.com
> 2013-02-28 16:18:41,032 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomains] Applying kerberos
> configuration
> 2013-02-28 16:18:41,032 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] uuid:
> 9b9002d1-ec33-4083-8a7b-31f6b8931648 username:
> vdcadmin.TLV.REDHAT.COM domain: qa.lab.tlv.redhat.com
> 2013-02-28 16:18:41,081 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value
> for AdUserName to qa.lab.tlv.redhat.com:vdcadmin.TLV.REDHAT.COM
> 2013-02-28 16:18:42,474 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value
> for AdUserPassword to qa.lab.tlv.redhat.com:********
> 2013-02-28 16:18:44,080 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value
> for LdapServers to
> 2013-02-28 16:18:45,510 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value
> for AdUserId to qa.lab.tlv.redhat.com:9b9002d1-ec33-4083-8a7b-31f6b8931648
> 2013-02-28 16:18:46,868 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value
> for LDAPSecurityAuthentication to qa.lab.tlv.redhat.com:GSSAPI
> 2013-02-28 16:18:48,357 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value
> for DomainName to qa.lab.tlv.redhat.com
> 2013-02-28 16:18:49,738 INFO 
> [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value
> for LDAPProviderTypes to qa.lab.tlv.redhat.com:activeDirectory

You can't verify it using the log.
You need to use tcpdump and actually capture dns SRV calls, and analyze them to see engine-manage-domains issues the correct dns SRV calls
Comment 5 Ilanit Stein 2013-04-04 13:46:16 UTC 
Verified on sf-12:

[1] Added a domain by:
rhevm-manage-domains  -action=add -addPermissions -domain=qa.lab.tlv.redhat.com -user=vdcadmin  -interactive -provider=activeDirectory

[2] tcpdump record for DNS port 'tcpdump -s 1500 port 53' run in paralll to [1]:
machine request ldap srv record, and in reply it got the info on the machine + the ldap port to use (389):
 
15:12:32.884344 IP vm-161-161.scl.lab.tlv.redhat.com.48451 > ns2.eng.tlv.redhat.com.domain: 1+ SRV? _ldap._tcp.qa.lab.tlv.redhat.com. (50)
15:12:32.884925 IP ns2.eng.tlv.redhat.com.domain > vm-161-161.scl.lab.tlv.redhat.com.48451: 1 1/1/2 SRV qa1.qa.lab.tlv.redhat.com.:389 0 100 (145)
15:12:32.954756 IP vm-161-161.scl.lab.tlv.redhat.com.47033 > ns2.eng.tlv.redhat.com.domain: 60846+ A? qa1.qa.lab.tlv.redhat.com. (43)
15:12:32.954842 IP vm-161-161.scl.lab.tlv.redhat.com.47033 > ns2.eng.tlv.redhat.com.domain: 30006+ AAAA? qa1.qa.lab.tlv.redhat.com. (43)
15:12:32.955335 IP ns2.eng.tlv.redhat.com.domain > vm-161-161.scl.lab.tlv.redhat.com.47033: 60846 1/1/1 A 10.35.64.1 (93)
15:12:32.955350 IP ns2.eng.tlv.redhat.com.domain > vm-161-161.scl.lab.tlv.redhat.com.47033: 30006 0/1/0 (90)
Comment 6 Itamar Heim 2013-06-11 08:34:26 UTC 
3.2 has been released
Comment 7 Itamar Heim 2013-06-11 08:34:33 UTC 
3.2 has been released
Comment 8 Itamar Heim 2013-06-11 08:34:43 UTC 
3.2 has been released
Comment 9 Itamar Heim 2013-06-11 08:43:33 UTC 
3.2 has been released