Issue #926
closeddefault value of server_name config is inconsistent between systems
Description
As you can see here [0] the default value for server_name is generated using socket module.
socket.gethostname()
It has come to my attention that the value returned by the above code could sometimes be a short hostname or an FQDN. In order to ensure consistency we should start using:
socket.getfqdn()
We should also change this line [1] in pulp-get-ca-certificate to:
CN=`hostname --fqdn`
[0] https://github.com/pulp/pulp/blob/master/server/pulp/server/config.py#L74
[1] https://github.com/pulp/pulp/blob/master/server/bin/pulp-gen-ca-certificate#L29
Updated by mhrivnak over 9 years ago
- Priority changed from Normal to High
- Triaged changed from No to Yes
- Tags Easy Fix added
Fix in 2.6 if applicable.
Updated by bmbouter over 9 years ago
This should be done in a Y release and a release note added that certificates may need to be regenerated to use a FQDN and any pulp-admin clients should adjust their admin.conf to use the FQDN.
After some discussion, the change to pulp-gen-ca-certificate should not present any backwards compatibility issues because its a self-signed CA cert. It's also not used to sign the httpd certs.
Updated by rbarlow over 9 years ago
On 05/04/2015 03:04 PM, Pulp wrote:
This should be done in a Y release and a release note added that
certificates may need to be regenerated to use a FQDN.
Alternatively, users who are affected should be able to configure
admin.conf to use the hostname that they had been using before to avoid
regenerating the SSL certificates. This may be worth mentioning in the
release notes as well.
Updated by dkliban@redhat.com over 9 years ago
- Status changed from NEW to ASSIGNED
- Platform Release set to 2.7.0
Updated by dkliban@redhat.com over 9 years ago
- Assignee set to dkliban@redhat.com
Added by dkliban@redhat.com over 9 years ago
Added by dkliban@redhat.com over 9 years ago
Revision dcdb09e0 | View on GitHub
Set server_name to FQDN for default server config
The server_name and the CN in certificates generated by pulp-gen-ca-certificate is the fully qualified domain name (FQDN).
https://pulp.plan.io/issues/926
fixes #926
More docs
Updated by dkliban@redhat.com over 9 years ago
- Status changed from ASSIGNED to MODIFIED
- % Done changed from 0 to 100
Applied in changeset pulp|dcdb09e0c2211e0d458a1ac1dc6b73176de951ec.
Updated by dkliban@redhat.com over 9 years ago
- Status changed from MODIFIED to 5
Updated by dkliban@redhat.com about 9 years ago
There is not currently a good way to see what the default hostname is set to. However, if you modify the client config (/etc/pulp/admin/admin.conf) and set 'host' in 'server' section to 'localhost' then you will get a mismatch between the hostname in the CA and the host that the client is trying to connect to. So then when you attempt to login using pulp-admin you will get a message similar to
The server hostname configured on the client did not match the name found in the
server's SSL certificate. The client attempted to connect to [localhost] but the
server returned [dev.example.com] as its hostname. The expected hostname can be changed in
the client configuration file.
The server should always return the same thing as the output of following command:
hostname -f
This should be tested on multiple operating systems.
Updated by amacdona@redhat.com almost 9 years ago
- Platform Release changed from 2.7.0 to 2.7.1
Updated by amacdona@redhat.com almost 9 years ago
- Platform Release changed from 2.7.1 to 2.7.2
Updated by dkliban@redhat.com almost 8 years ago
- Status changed from ASSIGNED to NEW
Updated by dkliban@redhat.com almost 8 years ago
- Assignee deleted (
dkliban@redhat.com)
Updated by bmbouter over 5 years ago
- Status changed from NEW to CLOSED - WONTFIX
Updated by bmbouter over 5 years ago
Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.
Set server_name to FQDN for default server config
The server_name and the CN in certificates generated by pulp-gen-ca-certificate is the fully qualified domain name (FQDN).
https://pulp.plan.io/issues/926
fixes #926
More docs