plugin not working on new foreman install
Closed this issue · 11 comments
new foreman install on centos 6.
installed yum install rubygem-smart_proxy_pulp from the nightly foreman repo after trying it from the stable foreman repo and having no luck. In both instances the provisioning kicks off , and when it gets to the create A record DNS entry it fails and rolls back.
I created an IAM user that is assigned to ec2fullaccess and route53fullaccess roles.
I added
:use_provider: dns_route53
to the dns.yml so it looks like
# DNS management
:enabled: true
# valid providers:
# dnscmd (Microsoft Windows native implementation)
# nsupdate
# nsupdate_gss (for GSS-TSIG support)
# virsh (simple implementation for libvirt)
#:dns_provider: nsupdate
# use this setting if you are managing a dns server which is not localhost though this proxy
:use_provider: dns_route53
:dns_server: 127.0.0.1
# use this setting if you want to override default TTL setting (86400)
:dns_ttl: 86400
# use dns_tsig_* for GSS-TSIG updates using Kerberos. Required for Windows MS DNS with
# Secure Dynamic Updates, or BIND as used in FreeIPA. Set dns_provider to nsupdate_gss.
:dns_key: /etc/rndc.key
#:dns_tsig_keytab: /usr/share/foreman-proxy/dns.keytab
#:dns_tsig_principal: DNS/host.example.com@EXAMPLE.COM
and then I created a dns_route53.yml and added the below
---
#
# Configuration file for 'dns_route53' DNS provider
#
# Set the following keys for the AWS credentials in use:
:aws_access_key: "MYACCESSKEY"
:aws_secret_key: "MYSECRETKEY"
The gui fails with
Unable to save
Create DNS record for test5.env.domain.internal task failed with the following error: ERF12-2357 [ProxyAPI::ProxyException]: Unable to set DNS entry ([RestClient::BadRequest]: 400 Bad Request) for proxy https://puppetmaster.env.domain.internal:8443/dns
production.log shows
Failed to save: Create DNS record for test4.perf.nba.internal task failed with the following error: ERF12-2357 [ProxyAPI::ProxyException]: Unable to set DNS entry ([RestClient::BadRequest]: 400 Bad Request) for proxy https://puppetmaster.env.domain.internal:8443/dns
The instructions on the github page are not clear as I would assume the
:dns_key: /etc/rndc.key
:dns_server: 127.0.0.1
are either wrong or not needed at all. Perhaps some config options are still needed that are missing? Any assistance would be helpful.
adding markdown
That looks like the foreman production.log. I'd be interested in the foreman_proxy log file.
@ekohl
The foreman_proxy log I assume you mean proxy.log at /var/log/foreman-proxy
That shows
E, [2015-07-23T15:36:22.397815 #3403] ERROR -- : Connection refused - recvfrom(2)
192.168.1.1 - - [23/Jul/2015 15:36:22] "POST / HTTP/1.1" 400 32 0.0664
the 192 address is the IP of the foreman server itself.
Not sure what the issue is but seems it is not configured correctly .
dns.yml
---
# DNS management
:enabled: true
# valid providers:
# dnscmd (Microsoft Windows native implementation)
# nsupdate
# nsupdate_gss (for GSS-TSIG support)
# virsh (simple implementation for libvirt)
#:dns_provider: nsupdate
# use this setting if you are managing a dns server which is not localhost though this proxy
:use_provider: dns_route53
:dns_server: 127.0.0.1
# use this setting if you want to override default TTL setting (86400)
:dns_ttl: 3600
# use dns_tsig_* for GSS-TSIG updates using Kerberos. Required for Windows MS DNS with
# Secure Dynamic Updates, or BIND as used in FreeIPA. Set dns_provider to nsupdate_gss.
:dns_key: /etc/rndc.key
#:dns_tsig_keytab: /usr/share/foreman-proxy/dns.keytab
#:dns_tsig_principal: DNS/host.example.com@EXAMPLE.COM
dns_route53.yml
---
#
# Configuration file for 'dns_route53' DNS provider
#
# Set the following keys for the AWS credentials in use:
:aws_access_key: "MYACCESSKEY"
:aws_secret_key: "MYSECRETKEY"
not sure if pulp and pulpnode yml files need to be examined as well. Also is the dns_address supposed to be set to the foreman server itself (127.0.0.1)?
ERROR -- : Connection refused - recvfrom(2)
This sounds like an issue performing DNS lookups, which I think it'll do from the locally configured resolver - perhaps check that's working. It needs rewriting to use the Route 53 API, if possible.
not sure if pulp and pulpnode yml files need to be examined as well
Pulp's entirely unrelated, you didn't need that plugin to use Route 53.
Thanks @domcleal for suggestion.
The foreman server is in aws vpc and it resolves public dns lookups just fine.
the local resolver is set to search ec2.internal and the nameserver is set to the route53 IP inside of the vpc.
Not sure I understand your comment about " It needs rewriting to use the Route 53 API, if possible."
I guess I am not clear how to actually install and use this particular plugin.
Can you look up any hosts from the Route 53 zone that you're managing with Foreman? e.g. if it was route53.example.com, and you were adding host01, try running:
ruby -rresolv -e 'p Resolv::DNS.new.getaddress("host01.route53.example.com").to_s'
The comment about the API was just me noting that the plugin ought to use the API to check if a record already exists rather than looking it up in DNS.
I think you have it installed correctly, it's new though so hasn't been tested in any other environment than mine.
@domcleal yeah I see what you are saying. The foreman box cannot resolve the host1 server inside of the vpc. But oddly the host1 server can resolve the foreman server. Not sure what I am missing here
That is weird, the foreman server can now resolve the host1 server
@haghabozorgi is there any firewall in place that could be in the way?
@ekohl iptables on foreman server has been disabled and stopped
and so has selinux (set to disabled).
so I installed using
gem build smart_proxy_dns_route53.gemspec
gem install --ignore-dependencies smart_proxy_dns_route53-1.0.0.gem
I did --ignore-deps because it complains
nokogiri requires Ruby version >= 1.9.2.
note that the test server host1 was created manually through aws console, and then the A record added to route53 manually through aws console as well.
@domcleal the ruby -rresolv returns the right IP for the host1 server I created in the vpc.
@domcleal is the ruby_route53 gem needed for this gem/plugin?
Also when the readme says
This plugin is compatible with Smart Proxy 1.10 or higher.
I assume my version is too old?
yum list foreman-proxy
Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
* base: linux.cc.lehigh.edu
* epel: mirror.us.leaseweb.net
* extras: linux.cc.lehigh.edu
* updates: cosmos.cites.illinois.edu
Installed Packages
foreman-proxy.noarch 1.8.2-2.el6 @foreman
I added nightly repo to foreman and upgraded the foreman-proxy package to 1.10
yum list foreman-proxy
Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
* base: linux.cc.lehigh.edu
* epel: mirror.us.leaseweb.net
* extras: linux.cc.lehigh.edu
* updates: cosmos.cites.illinois.edu
Installed Packages
foreman-proxy.noarch 1.10.0-0.develop.201507161017gitf11f708.el6 @foreman-new
upon restarting foreman and refreshing smart proxy features in gui the dns piece disappeared. Going to dig into that. If you guys have any suggestions , I would appreciate it.
This has been open for quite a long time and there is now RPM packaging as well I'm going to close this. Please re-open or open a new issue if you're still having a problem with getting this going.