Bug #17595
closedforeman-installer does not check for correct values in DNS/DHCP providers
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1402062
Description of problem:
You can run satellite-installer with any value you wish in the DNS/DHCP provider!
Version-Release number of selected component (if applicable):
6.2.4 and probably earlier versions as well.
How reproducible:
Always.
Steps to Reproduce:
1. Run the following command:
satellite-installer -S satellite \
--foreman-proxy-dhcp-provider virsh \
--foreman-proxy-dhcp-server 192.168.122.1 \
--foreman-proxy-dns-server 192.168.122.1 \
--foreman-proxy-dns-provider blabla \
--foreman-proxy-dns true \
--foreman-proxy-dhcp true \
--foreman-proxy-dhcp-interface eth0
Installing Done [100%] [..........................................................]
Success!
* Satellite is running at https://rhss62.testenv
* To install additional capsule on separate machine continue by running:
capsule-certs-generate --capsule-fqdn "$CAPSULE" --certs-tar "~/$CAPSULE-certs.tar"
The full log is at /var/log/foreman-installer/satellite.log
Actual results:
satellite-installer starts and complete the installation without any warning/error message!
Expected results:
It should accept only the foreman-proxy providers.
Additional info:
cat ./dns.yml---
- DNS management
:enabled: https - valid providers:
- dns_dnscmd (Microsoft Windows native implementation)
- dns_nsupdate
- dns_nsupdate_gss (for GSS-TSIG support)
- dns_virsh (simple implementation for libvirt)
:use_provider: dns_blabla - use this setting if you want to override default TTL setting (86400)
:dns_ttl: 86400
Updated by Ewoud Kohl van Wijngaarden about 8 years ago
I'm unsure how to handle this. With 1.14 we can use type:Enum[...] so the installer picks it up but I'd be hesitant to validate the regex in code because users can have their own implementation of a plugin.
Updated by Dominic Cleal about 8 years ago
- Subject changed from satellite-installer does not check for correct values in DNS/DHCP providers to foreman-installer does not check for correct values in DNS/DHCP providers
- Status changed from New to Feedback
Yeah, this isn't validated because it can be any value from a plugin. I don't think building a list of plugins inside the installer is a good idea, it'll prevent new plugins from working.
Updated by The Foreman Bot about 8 years ago
- Status changed from Feedback to Ready For Testing
- Assignee set to Daniel Lobato Garcia
- Pull request https://github.com/theforeman/puppet-foreman_proxy/pull/314 added
Updated by Daniel Lobato Garcia about 8 years ago
- Related to Bug #17631: Validate realms/puppetrun providers added
Updated by Dominic Cleal about 8 years ago
- Status changed from Ready For Testing to Feedback
- Pull request deleted (
https://github.com/theforeman/puppet-foreman_proxy/pull/314)
PR to validate DNS/DHCP was rejected for the same reasons as given above, moving back to prior state.
Updated by Anonymous over 7 years ago
- Status changed from Feedback to Needs design
Updated by Ewoud Kohl van Wijngaarden over 7 years ago
In a way we already have this thanks to Dominics patch that verifies the smart proxy is registered with the DHCP feature enabled. It may not be obvious to the user how it should be fixed, but at least no longer pretend that it's OK while it's not.
Updated by Ewoud Kohl van Wijngaarden about 7 years ago
- Status changed from Needs design to Resolved
Starting with puppet-foreman_proxy 6.0.0 (included in 1.16.0) we check if the proxy advertises the features it should and error out. Since users can have custom providers that we don't package we can never check it via regex and trying does solve it the best we can.