Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

improve ovirt.org -> www.ovirt.org redirect

Description

Currently http://ovirt.org points at a server that redirects users to https://www.ovirt.org
Trying to point the DNS directly at the OpenShift instance hosting the website does not work.

We need to fix this in order to avoid the intermediary redirect server.

Activity

Show:

Marc Dequènes (Duck) December 12, 2016 at 4:43 PM

We have to handle the disappearance of OS1 anyway :-/.

We could use let's encrypt for both vhost indeed. Nevertheless, Python 2.7 is not available, so I guess using the certtoll-auto script would help (using pip I guess). This is not gonna be the clean install we're used to.

Former user December 12, 2016 at 3:22 PM

Thank you for the explanation! So to have this working normally we can try moving the website to a less dynamic location at some point. We should also manage the https://ovirt.org redirect (using Let's Encrypt maybe?)

Marc Dequènes (Duck) December 12, 2016 at 3:03 PM

IIRC this is related to the SOA A record being used when there is no MX, but it's true we have proper MX so it should not be a problem. Nevertheless this is not possible to do what seem logical at first glance because this is related to the protocol itself, as explained in RFC1912 chapter 2.4: « A CNAME record is not allowed to coexist with any other data. ». The rest of the chapter explain you cannot combine CNAME and MX or NS, so this is de facto not possible on the SOA RR.

Former user December 12, 2016 at 2:52 PM
Edited

Doesn't this only affect MX records?
I mean MX records must point to A records (true in our case as the MX points to lists.phx.ovirt.org) but this has no relation to other records in the zone file. I do not think the master A record is used anywhere in the SMTP process - it all works over MX.

Not even mentioning that the A record for ovirt.org now points at the wrong server (MM3) which is not used for anything at the moment and not participating in mail exchange.

Marc Dequènes (Duck) December 12, 2016 at 2:28 PM

Here is some documentation with RFC numbers: http://cr.yp.to/im/cname.html

Marc Dequènes (Duck) December 12, 2016 at 2:28 PM

My original comment by mail follows:

I would rather let it like this because:
www.ovirt.org is an alias for beta-ovirtweb.rhcloud.com.
beta-ovirtweb.rhcloud.com is an alias for ex-std-node798.prod.rhcloud.com.
ex-std-node798.prod.rhcloud.com is an alias for
ec2-52-23-162-8.compute-1.amazonaws.com.
ec2-52-23-162-8.compute-1.amazonaws.com has address 52.23.162.8

So I don't think we can count on the node to never change, and that's
the magic of the cloud in fact. We cannot have a CNAME for the domain,
only a A record, so a permanent redirect is fine I think.

Done

Details

Assignee

Reporter

Priority

Parent

Created December 12, 2016 at 12:45 PM
Updated April 2, 2017 at 12:51 PM
Resolved March 9, 2017 at 4:01 PM