IPv6 address cannot be blank for CR providing IPv4 plus domain with forward DNS
|Assigned To:||Timo Goebel|
|Found in release:||1.13.1||Pull request:||https://github.com/theforeman/foreman/pull/3988|
|Velocity based estimate||-|
When creating a host (using EC2) it insists that the ipv6 address must be filled in.
This is preventing us from building new hosts, as we have no ipv6 support. (Even if ::1 is used, it fails when trying to add the DNS records.)
There are no ipv6 subnets configured and retrying with the blank address results in the same error.
#1 Updated by Dominic Cleal 3 months ago
- Release set to 1.13.2
What is the value of
token_duration in Settings? If zero, try specifying a non-zero value (the default).
Edit: actually, that may not be the issue - if a domain with forward DNS is configured, it would probably trigger the same condition, requiring an IPv6 address.
I think #17071 may contain a fix for this, it improves how IP address validations are skipped when a compute resource provides one of the IPs (e.g. it'd properly skip IPv6 address validation when EC2 provides an IPv4 address).
#6 Updated by Dis McCarthy 3 months ago
Dominic Cleal wrote:
Is a domain set on the interface with a forward DNS proxy set? (I assume so, since you mention DNS in passing.)
Yes. We're doing forward/reverse management in ipv4 (with freeipa, which for this purpose can be treated as bind9 with a bunch of wrappers)
#9 Updated by Timo Goebel 3 months ago
- Assigned To set to Timo Goebel
Dis McCarthy wrote:
Proxy logs (1.11.4-1) show:
You should definitely update your smart proxy to 1.13. Smart Proxy 1.11 is not fully compatible with Foreman 1.13.
As a temporary workaround, you can replace this (in /usr/share/foreman/app/models/nic/base.rb) with "return false"
Dominic, I'll send a pr with a patch so that we can include a fix in 1.13.2 . #17071 seems a little to big to backport.
#12 Updated by Timo Goebel 3 months ago
Dis McCarthy wrote:
That replacement worked.
Great, would you mind testing the actual patch for this?
wget -O /tmp/17187.patch https://github.com/theforeman/foreman/pull/3988.patch
patch -p1 < /tmp/17187.patch
systemctl restart httpd.service
patch will be unable to find the unit test file, you can safely skip this patch.
Of course, you'll need to revert the hotfix first.