Project

General

Profile

Actions

Bug #17595

closed

foreman-installer does not check for correct values in DNS/DHCP providers

Added by Daniel Lobato Garcia over 7 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Category:
-
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1402062
Description of problem:
You can run satellite-installer with any value you wish in the DNS/DHCP provider!

Version-Release number of selected component (if applicable):
6.2.4 and probably earlier versions as well.

How reproducible:
Always.

Steps to Reproduce:
1. Run the following command:

satellite-installer -S satellite \
--foreman-proxy-dhcp-provider virsh \
--foreman-proxy-dhcp-server 192.168.122.1 \
--foreman-proxy-dns-server 192.168.122.1 \
--foreman-proxy-dns-provider blabla \
--foreman-proxy-dns true \
--foreman-proxy-dhcp true \
--foreman-proxy-dhcp-interface eth0

Installing Done [100%] [..........................................................]
Success! * Satellite is running at https://rhss62.testenv * To install additional capsule on separate machine continue by running:

capsule-certs-generate --capsule-fqdn "$CAPSULE" --certs-tar "~/$CAPSULE-certs.tar"
The full log is at /var/log/foreman-installer/satellite.log

Actual results:
satellite-installer starts and complete the installation without any warning/error message!

Expected results:
It should accept only the foreman-proxy providers.

Additional info:

cat ./dns.yml
---
  1. DNS management
    :enabled: https
  2. valid providers:
  3. dns_dnscmd (Microsoft Windows native implementation)
  4. dns_nsupdate
  5. dns_nsupdate_gss (for GSS-TSIG support)
  6. dns_virsh (simple implementation for libvirt)
    :use_provider: dns_blabla
  7. use this setting if you want to override default TTL setting (86400)
    :dns_ttl: 86400

Related issues 1 (0 open1 closed)

Related to Installer - Bug #17631: Validate realms/puppetrun providers ClosedDaniel Lobato Garcia12/12/2016Actions
Actions #1

Updated by Ewoud Kohl van Wijngaarden over 7 years ago

I'm unsure how to handle this. With 1.14 we can use type:Enum[...] so the installer picks it up but I'd be hesitant to validate the regex in code because users can have their own implementation of a plugin.

Actions #2

Updated by Dominic Cleal over 7 years ago

  • Subject changed from satellite-installer does not check for correct values in DNS/DHCP providers to foreman-installer does not check for correct values in DNS/DHCP providers
  • Status changed from New to Feedback

Yeah, this isn't validated because it can be any value from a plugin. I don't think building a list of plugins inside the installer is a good idea, it'll prevent new plugins from working.

Actions #3

Updated by The Foreman Bot over 7 years ago

  • Status changed from Feedback to Ready For Testing
  • Assignee set to Daniel Lobato Garcia
  • Pull request https://github.com/theforeman/puppet-foreman_proxy/pull/314 added
Actions #4

Updated by Daniel Lobato Garcia over 7 years ago

  • Related to Bug #17631: Validate realms/puppetrun providers added
Actions #5

Updated by Dominic Cleal over 7 years ago

  • Status changed from Ready For Testing to Feedback
  • Pull request deleted (https://github.com/theforeman/puppet-foreman_proxy/pull/314)

PR to validate DNS/DHCP was rejected for the same reasons as given above, moving back to prior state.

Actions #6

Updated by Anonymous almost 7 years ago

  • Status changed from Feedback to Needs design
Actions #7

Updated by Ewoud Kohl van Wijngaarden almost 7 years ago

In a way we already have this thanks to Dominics patch that verifies the smart proxy is registered with the DHCP feature enabled. It may not be obvious to the user how it should be fixed, but at least no longer pretend that it's OK while it's not.

Actions #8

Updated by Ewoud Kohl van Wijngaarden over 6 years ago

  • Status changed from Needs design to Resolved

Starting with puppet-foreman_proxy 6.0.0 (included in 1.16.0) we check if the proxy advertises the features it should and error out. Since users can have custom providers that we don't package we can never check it via regex and trying does solve it the best we can.

Actions

Also available in: Atom PDF