Project

Profile

Help

Issue #620

admin.conf default for host value in [server] does not contain an accurate default

Added by bmbouter over 6 years ago. Updated over 2 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
1. Low
Version:
2.5
Platform Release:
2.7.0
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Easy Fix, Pulp 2
Sprint:
Quarter:

Description

The admin.conf contains this section:

[server]

  1. host:

We tell our users that the commented out values are the defaults so I expect host to be set to '' by default. This is especially true after fixing [0].

In looking in pulp/client_admin/pulp/client/admin/config.py I see this code:

'host': socket.gethostname()

This causes 'host' to unexpectedly default to socket.gethostname(). I expect defaults are not looked up dynamically at runtime, and that the values commented out in the admin.conf file to be the actual default. I think using localhost as a static default, and removing the socket.gethostname() would be the best.

[0]: https://bugzilla.redhat.com/show_bug.cgi?id=1161205

+ This bug was cloned from Bugzilla Bug #1165346 +

History

#1 Updated by jortel@redhat.com over 6 years ago

Document is behavior in admin.conf.

+ This comment was cloned from Bugzilla #1165346 comment 1 +

#2 Updated by rbarlow over 6 years ago

To clarify, we believe the current behavior is best, and that we should not default to localhost. Instead, we should just document that this setting being blank will make Pulp use gethostname().

+ This comment was cloned from Bugzilla #1165346 comment 2 +

#3 Updated by bmbouter over 6 years ago

Handling this in docs makes it consistent so that will resolve it. To satisfy my own curiosity, why is FQDN a better choice than localhost? Is it because apache defaults to FQDN and we want the SSL to verify by hostname?

+ This comment was cloned from Bugzilla #1165346 comment 3 +

#4 Updated by rbarlow over 6 years ago

By default, the installation of the Apache package will generate a self-signed certificate that uses the FQDN as the CN. Using localhost will cause an SSL error even if the user sets verify_ssl to False since the CN won't match the name of the requested host. Also, nobody would really ever make an SSL certificate that has "localhost" as the CN, so there's not a real world case where that makes a good default.

+ This comment was cloned from Bugzilla #1165346 comment 4 +

#6 Updated by bmbouter over 6 years ago

  • Severity changed from Low to 1. Low

#7 Updated by dkliban@redhat.com over 6 years ago

  • Platform Release set to 2.7.0

#8 Updated by dkliban@redhat.com over 6 years ago

  • Status changed from MODIFIED to 5

#9 Updated by pthomas@redhat.com over 6 years ago

  • Status changed from 5 to 6

verified

In admin.conf & consumer.conf


# host:
#   The pulp server hostname.  If not specified, this value will default to socket.gethostname().

#10 Updated by amacdona@redhat.com almost 6 years ago

  • Status changed from 6 to CLOSED - CURRENTRELEASE

#12 Updated by bmbouter over 2 years ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF