Page MenuHomePhabricator

CloudVPS: VMs created with non-allowed characters in the hostname fail to be autosigned by puppet
Open, LowPublic

Description

Under some conditions, a VM can be created in labs with a mismatch between its "instance name" and its hostname; in those cases, our autosigner fails and puppet never runs.

Steps to reproduce:

  1. Create an instance with an underscore in the name, i.e. "test_autosign"
  2. since test_autosign.projectname.domain is not a valid hostname per RFC 1123, the hostname assigned to the VM will be test-autosign.projectname.domain
  3. Autosign will fail on labspuppetmasters:
# /usr/local/sbin/validatelabsfqdn.py test-autosign.projectname.eqiad.wmflabs && echo OK
certname test-autosign.projectname.eqiad.wmflabs  is not for a real instance

# /usr/local/sbin/validatelabsfqdn.py test_autosign.projectname.eqiad.wmflabs && echo OK
OK

Solutions I see are either:

  • Apply some heuristics when autosigning
  • Return a clear error in horizon when someone tries to create an instance with an invalid hostname

Event Timeline

Joe created this task.Apr 12 2018, 8:30 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 12 2018, 8:30 AM
aborrero renamed this task from Labs VMs created with non-allowed characters in the hostname fail to be autosigned by puppet to CloudVPS: VMs created with non-allowed characters in the hostname fail to be autosigned by puppet.Apr 12 2018, 9:01 AM
bd808 edited projects, added Horizon; removed Cloud-VPS.Apr 12 2018, 2:40 PM
bd808 added a subscriber: bd808.

Return a clear error in horizon when someone tries to create an instance with an invalid hostname

Figuring out how to keep Horizon from "fixing" the name and instead make it a hard error for the user to handle seems like the right behavior to me. I would expect that this is all in the upstream Horizon codebase.

ema added a subscriber: ema.Aug 7 2019, 2:52 PM

Not only do they fail to be autosigned, instances with an underscore in the name do not end up in DNS at all.

Please add validation to the instance name and make sure that underscores are not allowed.

aborrero triaged this task as Low priority.Nov 27 2019, 5:01 PM
aborrero moved this task from Inbox to Graveyard on the cloud-services-team (Kanban) board.