Project

Profile

Help

Issue #926

closed

default value of server_name config is inconsistent between systems

Added by dkliban@redhat.com over 9 years ago. Updated over 5 years ago.

Status:
CLOSED - WONTFIX
Priority:
High
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
2.7.2
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Easy Fix, Pulp 2
Sprint:
Quarter:

Description

As you can see here [0] the default value for server_name is generated using socket module.

socket.gethostname()

It has come to my attention that the value returned by the above code could sometimes be a short hostname or an FQDN. In order to ensure consistency we should start using:

socket.getfqdn()

We should also change this line [1] in pulp-get-ca-certificate to:

CN=`hostname --fqdn`

[0] https://github.com/pulp/pulp/blob/master/server/pulp/server/config.py#L74
[1] https://github.com/pulp/pulp/blob/master/server/bin/pulp-gen-ca-certificate#L29

Actions #6

Updated by mhrivnak over 9 years ago

  • Priority changed from Normal to High
  • Triaged changed from No to Yes
  • Tags Easy Fix added

Fix in 2.6 if applicable.

Actions #7

Updated by bmbouter over 9 years ago

This should be done in a Y release and a release note added that certificates may need to be regenerated to use a FQDN and any pulp-admin clients should adjust their admin.conf to use the FQDN.

After some discussion, the change to pulp-gen-ca-certificate should not present any backwards compatibility issues because its a self-signed CA cert. It's also not used to sign the httpd certs.

Actions #8

Updated by rbarlow over 9 years ago

On 05/04/2015 03:04 PM, Pulp wrote:

This should be done in a Y release and a release note added that
certificates may need to be regenerated to use a FQDN.

Alternatively, users who are affected should be able to configure
admin.conf to use the hostname that they had been using before to avoid
regenerating the SSL certificates. This may be worth mentioning in the
release notes as well.

Actions #9

Updated by dkliban@redhat.com over 9 years ago

  • Status changed from NEW to ASSIGNED
  • Platform Release set to 2.7.0
Actions #10

Updated by dkliban@redhat.com over 9 years ago

  • Assignee set to dkliban@redhat.com

Added by dkliban@redhat.com over 9 years ago

Revision dcdb09e0 | View on GitHub

Set server_name to FQDN for default server config

The server_name and the CN in certificates generated by pulp-gen-ca-certificate is the fully qualified domain name (FQDN).

https://pulp.plan.io/issues/926

fixes #926

More docs

Added by dkliban@redhat.com over 9 years ago

Revision dcdb09e0 | View on GitHub

Set server_name to FQDN for default server config

The server_name and the CN in certificates generated by pulp-gen-ca-certificate is the fully qualified domain name (FQDN).

https://pulp.plan.io/issues/926

fixes #926

More docs

Actions #11

Updated by dkliban@redhat.com over 9 years ago

  • Status changed from ASSIGNED to MODIFIED
  • % Done changed from 0 to 100
Actions #12

Updated by dkliban@redhat.com over 9 years ago

  • Status changed from MODIFIED to 5
Actions #13

Updated by dkliban@redhat.com over 9 years ago

There is not currently a good way to see what the default hostname is set to. However, if you modify the client config (/etc/pulp/admin/admin.conf) and set 'host' in 'server' section to 'localhost' then you will get a mismatch between the hostname in the CA and the host that the client is trying to connect to. So then when you attempt to login using pulp-admin you will get a message similar to

The server hostname configured on the client did not match the name found in the
server's SSL certificate. The client attempted to connect to [localhost] but the
server returned [dev.example.com] as its hostname. The expected hostname can be changed in
the client configuration file.

The server should always return the same thing as the output of following command:

hostname -f

This should be tested on multiple operating systems.

Actions #15

Updated by Skullman over 9 years ago

  • Status changed from 5 to ASSIGNED
Actions #18

Updated by amacdona@redhat.com about 9 years ago

  • Platform Release changed from 2.7.0 to 2.7.1
Actions #19

Updated by amacdona@redhat.com almost 9 years ago

  • Platform Release changed from 2.7.1 to 2.7.2
Actions #20

Updated by dkliban@redhat.com almost 8 years ago

  • Status changed from ASSIGNED to NEW
Actions #21

Updated by dkliban@redhat.com almost 8 years ago

  • Assignee deleted (dkliban@redhat.com)
Actions #22

Updated by bmbouter over 5 years ago

  • Status changed from NEW to CLOSED - WONTFIX
Actions #23

Updated by bmbouter over 5 years ago

Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.

Actions #24

Updated by bmbouter over 5 years ago

  • Tags Pulp 2 added

Also available in: Atom PDF