Signo_url modification

Hi all,

Due to DNS architecture modification, we modified the resolv.conf on all
our server, FQDN are not modified.

After a restart of the httpd service, the access to foreman-proxy is no
more possible: "Unable to communicate with the proxy: No such file or
directory - servername.domain.new.pem Please check the proxy is configured
and running on the host."
The domain "domain.new" is the first domain in the resolv.conf search
field, but it is NOT the FQDN (still domain.old)

Checking in the settings / Auth tab, it seems the signo_url is changed to
domain.new too.

Is that a normal behaviour ?
Could it be possible to use FQDN (as specified by hostname -f) rather ?

Best regards
Yannig

> Hi all,
>
> Due to DNS architecture modification, we modified the resolv.conf on all
> our server, FQDN are not modified.
>
> After a restart of the httpd service, the access to foreman-proxy is no
> more possible: "Unable to communicate with the proxy: No such file or
> directory - servername.domain.new.pem Please check the proxy is
> configured and running on the host."
> The domain "domain.new" is the first domain in the resolv.conf search
> field, but it is NOT the FQDN (still domain.old)

This sounds like the SSL configuration, as it's talking about a pem file.

Check the ssl_certificate and ssl_priv_key settings under Adminster >
Settings > Provisioning, ensure they point to files that exist - usually
Puppet certificates, which probably didn't change.

> Checking in the settings / Auth tab, it seems the signo_url is changed
> to domain.new too.

This isn't really used any more, don't worry about it.

> Is that a normal behaviour ?
> Could it be possible to use FQDN (as specified by hostname -f) rather ?

The domain resolution is probably coming from Facter and depends a lot
on the version and your OS. We have quite an old version in our yum
repos, so if you're on an EL6/7 OS then we might need to update it to
prevent this happening.

Cheers,

··· On 09/10/14 16:17, yannig rousseau wrote:


Dominic Cleal
Red Hat Engineering

Hi Dominic,

I redid operation to check and I confirm the settings named
"ssl_certificate" & "ssl_priv_key" do change to servername.domain.NEW.pem

No facts are raised with the new domain name (neither fqdn nor anything
else).

The issue is raised on a RHEL6 with foreman 1.4.1. An attempt on a 1.6
environment didn't seem to have any impact.
Do you think it would be useful to raise a bug or this is a version too old
?

Nevertheless, we'll program a change to upgrade our production platform to
1.6.
Thanks a lot for your help
Yannig

··· On Friday, October 10, 2014 2:39:44 PM UTC+2, Dominic Cleal wrote: > > On 09/10/14 16:17, yannig rousseau wrote: > > Hi all, > > > > Due to DNS architecture modification, we modified the resolv.conf on all > > our server, FQDN are not modified. > > > > After a restart of the httpd service, the access to foreman-proxy is no > > more possible: "Unable to communicate with the proxy: No such file or > > directory - servername.domain.new.pem Please check the proxy is > > configured and running on the host." > > The domain "domain.new" is the first domain in the resolv.conf search > > field, but it is NOT the FQDN (still domain.old) > > This sounds like the SSL configuration, as it's talking about a pem file. > > Check the ssl_certificate and ssl_priv_key settings under Adminster > > Settings > Provisioning, ensure they point to files that exist - usually > Puppet certificates, which probably didn't change. > > > Checking in the settings / Auth tab, it seems the signo_url is changed > > to domain.new too. > > This isn't really used any more, don't worry about it. > > > Is that a normal behaviour ? > > Could it be possible to use FQDN (as specified by hostname -f) rather ? > > The domain resolution is probably coming from Facter and depends a lot > on the version and your OS. We have quite an old version in our yum > repos, so if you're on an EL6/7 OS then we might need to update it to > prevent this happening. > > Cheers, > > -- > Dominic Cleal > Red Hat Engineering >

Oops, my bad.
Issue is still present in a 1.6.1 foreman server.

Should I create an issue ?

Regards
Yannig

··· On Monday, October 13, 2014 3:03:10 PM UTC+2, yannig rousseau wrote: > > Hi Dominic, > > I redid operation to check and I confirm the settings named > "ssl_certificate" & "ssl_priv_key" do change to servername.domain.NEW.pem > > No facts are raised with the new domain name (neither fqdn nor anything > else). > > The issue is raised on a RHEL6 with foreman 1.4.1. An attempt on a 1.6 > environment didn't seem to have any impact. > Do you think it would be useful to raise a bug or this is a version too > old ? > > Nevertheless, we'll program a change to upgrade our production platform to > 1.6. > Thanks a lot for your help > Yannig > > On Friday, October 10, 2014 2:39:44 PM UTC+2, Dominic Cleal wrote: >> >> On 09/10/14 16:17, yannig rousseau wrote: >> > Hi all, >> > >> > Due to DNS architecture modification, we modified the resolv.conf on >> all >> > our server, FQDN are not modified. >> > >> > After a restart of the httpd service, the access to foreman-proxy is no >> > more possible: "Unable to communicate with the proxy: No such file or >> > directory - servername.domain.new.pem Please check the proxy is >> > configured and running on the host." >> > The domain "domain.new" is the first domain in the resolv.conf search >> > field, but it is NOT the FQDN (still domain.old) >> >> This sounds like the SSL configuration, as it's talking about a pem file. >> >> Check the ssl_certificate and ssl_priv_key settings under Adminster > >> Settings > Provisioning, ensure they point to files that exist - usually >> Puppet certificates, which probably didn't change. >> >> > Checking in the settings / Auth tab, it seems the signo_url is changed >> > to domain.new too. >> >> This isn't really used any more, don't worry about it. >> >> > Is that a normal behaviour ? >> > Could it be possible to use FQDN (as specified by hostname -f) rather ? >> >> The domain resolution is probably coming from Facter and depends a lot >> on the version and your OS. We have quite an old version in our yum >> repos, so if you're on an EL6/7 OS then we might need to update it to >> prevent this happening. >> >> Cheers, >> >> -- >> Dominic Cleal >> Red Hat Engineering >> >

Sure, please do and we can update the ruby193-facter package.

http://projects.theforeman.org/projects/rpms/issues/new

Cheers,

··· -- Dominic Cleal Red Hat Engineering

On 13/10/14 14:16, yannig rousseau wrote:

Oops, my bad.
Issue is still present in a 1.6.1 foreman server.

Should I create an issue ?

Regards
Yannig

On Monday, October 13, 2014 3:03:10 PM UTC+2, yannig rousseau wrote:

Hi Dominic,

I redid operation to check and I confirm the settings named
"ssl_certificate" & "ssl_priv_key" do change to
servername.domain.NEW.pem

No facts are raised with the new domain name (neither fqdn nor
anything else).

The issue is raised on a RHEL6 with foreman 1.4.1. An attempt on a
1.6 environment didn't seem to have any impact.
Do you think it would be useful to raise a bug or this is a version
too old ?

Nevertheless, we'll program a change to upgrade our production
platform to 1.6.
Thanks a lot for your help
Yannig

On Friday, October 10, 2014 2:39:44 PM UTC+2, Dominic Cleal wrote:

    On 09/10/14 16:17, yannig rousseau wrote:
    > Hi all,
    >
    > Due to DNS architecture modification, we modified the
    resolv.conf on all
    > our server, FQDN are not modified.
    >
    > After a restart of the httpd service, the access to
    foreman-proxy is no
    > more possible: "Unable to communicate with the proxy: No such
    file or
    > directory - servername.domain.new.pem Please check the proxy is
    > configured and running on the host."
    > The domain "domain.new" is the first domain in the resolv.conf
    search
    > field, but it is NOT the FQDN (still domain.old)

    This sounds like the SSL configuration, as it's talking about a
    pem file.

    Check the ssl_certificate and ssl_priv_key settings under
    Adminster >
    Settings > Provisioning, ensure they point to files that exist -
    usually
    Puppet certificates, which probably didn't change.

    > Checking in the settings / Auth tab, it seems the signo_url is
    changed
    > to domain.new too.

    This isn't really used any more, don't worry about it.

    > Is that a normal behaviour ?
    > Could it be possible to use FQDN (as specified by hostname -f)
    rather ?

    The domain resolution is probably coming from Facter and depends
    a lot
    on the version and your OS.  We have quite an old version in our
    yum
    repos, so if you're on an EL6/7 OS then we might need to update
    it to
    prevent this happening.

    Cheers,

    -- 
    Dominic Cleal
    Red Hat Engineering


You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com
mailto:foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com
mailto:foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.

Ah, don't worry - we opened a ticket for the same thing after a similar
issue in #theforeman today:

http://projects.theforeman.org/issues/7974

··· -- Dominic Cleal Red Hat Engineering

On 13/10/14 14:16, yannig rousseau wrote:

Oops, my bad.
Issue is still present in a 1.6.1 foreman server.

Should I create an issue ?

Regards
Yannig

On Monday, October 13, 2014 3:03:10 PM UTC+2, yannig rousseau wrote:

Hi Dominic,

I redid operation to check and I confirm the settings named
"ssl_certificate" & "ssl_priv_key" do change to
servername.domain.NEW.pem

No facts are raised with the new domain name (neither fqdn nor
anything else).

The issue is raised on a RHEL6 with foreman 1.4.1. An attempt on a
1.6 environment didn't seem to have any impact.
Do you think it would be useful to raise a bug or this is a version
too old ?

Nevertheless, we'll program a change to upgrade our production
platform to 1.6.
Thanks a lot for your help
Yannig

On Friday, October 10, 2014 2:39:44 PM UTC+2, Dominic Cleal wrote:

    On 09/10/14 16:17, yannig rousseau wrote:
    > Hi all,
    >
    > Due to DNS architecture modification, we modified the
    resolv.conf on all
    > our server, FQDN are not modified.
    >
    > After a restart of the httpd service, the access to
    foreman-proxy is no
    > more possible: "Unable to communicate with the proxy: No such
    file or
    > directory - servername.domain.new.pem Please check the proxy is
    > configured and running on the host."
    > The domain "domain.new" is the first domain in the resolv.conf
    search
    > field, but it is NOT the FQDN (still domain.old)

    This sounds like the SSL configuration, as it's talking about a
    pem file.

    Check the ssl_certificate and ssl_priv_key settings under
    Adminster >
    Settings > Provisioning, ensure they point to files that exist -
    usually
    Puppet certificates, which probably didn't change.

    > Checking in the settings / Auth tab, it seems the signo_url is
    changed
    > to domain.new too.

    This isn't really used any more, don't worry about it.

    > Is that a normal behaviour ?
    > Could it be possible to use FQDN (as specified by hostname -f)
    rather ?

    The domain resolution is probably coming from Facter and depends
    a lot
    on the version and your OS.  We have quite an old version in our
    yum
    repos, so if you're on an EL6/7 OS then we might need to update
    it to
    prevent this happening.

    Cheers,

    -- 
    Dominic Cleal
    Red Hat Engineering


You received this message because you are subscribed to the Google
Groups “Foreman users” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to foreman-users+unsubscribe@googlegroups.com
mailto:foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com
mailto:foreman-users@googlegroups.com.
Visit this group at http://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.