Project

Profile

Help

Issue #8991

Pulp Container determines external IP in a potentially inaccurate way.

Added by hhummel 7 months ago. Updated 6 months ago.

Status:
CLOSED - NOTABUG
Priority:
Normal
Assignee:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
3. High
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
GalaxyNG
Sprint:
Quarter:

Description

When attempting to podman login to an Automation Hub deployed using the platform installer, the following error appears:

(hubtest) henderson@mars => podman login https://myhubonEC2.amazonaws.com/ --username admin --password '*************' --tls-verify=False

Error: error authenticating creds for "myhubonEC2.amazonaws.com": 
Get "https://automationhub1.testing.ansible.com/token?account=admin&service=myhubonEC2.amazonaws.com": 
dial tcp: lookup automationhub1.testing.ansible.com: no such host

Inspecting the /etc/hosts on the installation, it becomes clear that that's where the `automationhub1.testing.ansible.com comes from:

[ec2-user@myhubonEC2 ~]$ cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

# BEGIN ANSIBLE MANAGED BLOCK
<my hub's external ip address>  automationhub1.testing.ansible.com
xx.xxx.xxx.xx  tower0.testing.ansible.com
xx.xxx.xxx.xx  tower1.testing.ansible.com
xx.xxx.xxx.xx  tower2.testing.ansible.com
xx.xxx.xxx.xx  db1.testing.ansible.com
# END ANSIBLE MANAGED BLOCK
[ec2-user@myhubonEC2 ~]$ 

(ip addresses above expunged)

Of course, this hostname isn't resolvable by any external system, making it impossible to login.

Potential Resolution: pulp_container should accept a setting to configure the address that's used when communicating with container clients like podman or docker.

History

#1 Updated by dkliban@redhat.com 6 months ago

  • Status changed from NEW to CLOSED - NOTABUG

the TOKEN_SERVER setting is set to a hostname that is not resolvable. Whatever install mechanism was used to configure pulp_container needs to properly set TOKEN_SERVER in /etc/pulp/settings.py.

Also available in: Atom PDF