Page MenuHomePhabricator
Create Task
Maniphest T192059

CloudVPS: VMs created with non-allowed characters in the hostname fail to be autosigned by puppet
Open, LowPublic
Actions

Description

Under some conditions, a VM can be created in labs with a mismatch between its "instance name" and its hostname; in those cases, our autosigner fails and puppet never runs.

Steps to reproduce:

  1. Create an instance with an underscore in the name, i.e. "test_autosign"
  2. since test_autosign.projectname.domain is not a valid hostname per RFC 1123, the hostname assigned to the VM will be test-autosign.projectname.domain
  3. Autosign will fail on labspuppetmasters:
# /usr/local/sbin/validatelabsfqdn.py test-autosign.projectname.eqiad.wmflabs && echo OK
certname test-autosign.projectname.eqiad.wmflabs  is not for a real instance

# /usr/local/sbin/validatelabsfqdn.py test_autosign.projectname.eqiad.wmflabs && echo OK
OK

Solutions I see are either:

  • Apply some heuristics when autosigning
  • Return a clear error in horizon when someone tries to create an instance with an invalid hostname

Related Objects
Search...

Event Timeline

Joe created this task.Apr 12 2018, 8:30 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 12 2018, 8:30 AM
aborrero renamed this task from Labs VMs created with non-allowed characters in the hostname fail to be autosigned by puppet to CloudVPS: VMs created with non-allowed characters in the hostname fail to be autosigned by puppet.Apr 12 2018, 9:01 AM
bd808 edited projects, added Horizon; removed Cloud-VPS.Apr 12 2018, 2:40 PM
bd808 subscribed.

Return a clear error in horizon when someone tries to create an instance with an invalid hostname

Figuring out how to keep Horizon from "fixing" the name and instead make it a hard error for the user to handle seems like the right behavior to me. I would expect that this is all in the upstream Horizon codebase.

GTirloni edited projects, added cloud-services-team (Kanban); removed cloud-services-team.Mar 24 2019, 10:10 AM
ema subscribed.Aug 7 2019, 2:52 PM

Not only do they fail to be autosigned, instances with an underscore in the name do not end up in DNS at all.

Please add validation to the instance name and make sure that underscores are not allowed.

aborrero triaged this task as Low priority.Nov 27 2019, 5:01 PM
aborrero added a parent task: T239352: CloudVPS: horizon improvements.
aborrero moved this task from Inbox to Graveyard on the cloud-services-team (Kanban) board.
fnegri edited projects, added cloud-services-team; removed cloud-services-team (Kanban).Jan 18 2023, 6:53 PM
fnegri moved this task from Kanban to Graveyard on the cloud-services-team board.
fnegri moved this task to Inbox on the cloud-services-team board.Jan 18 2023, 9:58 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits