Content proxy not listing to port 80 anymore

gvde · January 15, 2021, 9:16am

After updating from katello 3.17.2 to 3.18.1 I have noticed that my separate content smart proxy doesn’t listen to port 80 anymore. It’s only serving port 443. Is there a particular reason for that change? I have used http to get the katello-ca-consumer-latest rpm from the proxy and noticed it’s not working.

That change also seems to affect provisioning, when it tries to download the vmlinuz and initrd files from the proxy into /var/lib/tftpboot/boot/.

gvde · January 18, 2021, 6:16am

It seems the change came in with this pull request

As far as I understand the elsif with ‘foreman_proxy_content::pulp’ set applies to my installation which would add the httpd_pub.erb into the https foreman and sets the separate pub_dir.conf file but doesn’t do anything to enable port 80…

ehelms · January 18, 2021, 2:34pm

Could you file an issue https://projects.theforeman.org/projects/puppet-foreman/issues/new while I look into a fix for this for you.

gvde · January 18, 2021, 2:54pm

I have already created Bug #31662: Foreman content proxy doesn't listen on port 80 anymore - Installer - Foreman.

ehelms · January 18, 2021, 4:38pm

I spun up a new Katello 3.18, and the pub directory was working for me. I will try out an upgrade. Can you show me what these display:

grep -r 80 /etc/httpd
grep -r pub /etc/httpd

gvde · January 18, 2021, 5:21pm

Isn’t a new katello using pulp3?

Here is the output:

[root@foreman-proxy ~]# grep -r 80 /etc/httpd/
/etc/httpd/conf/httpd.conf:#Listen 80
[root@foreman-proxy ~]# grep -r pub /etc/httpd/
/etc/httpd/conf/magic:# copyright, but this file is "published" as witness the following:
/etc/httpd/conf.d/pulp_content.conf:    XSendFilePath /var/lib/pulp/published
/etc/httpd/conf.d/pulp_rpm.conf:  RewriteRule (.+/pulp/repos/)(.*) /pulp2/content/var/www/pub/yum/https/repos/$2 [DPI]
/etc/httpd/conf.d/pulp_rpm.conf:  RewriteRule (.+/pulp/repos/)(.*) /pulp2/content/var/www/pub/yum/http/repos/$2 [DPI]
/etc/httpd/conf.d/pulp_rpm.conf:Alias /pulp/exports /var/www/pub/yum/https/exports
/etc/httpd/conf.d/pulp_rpm.conf:<Directory /var/www/pub/yum/https>
/etc/httpd/conf.d/pulp_rpm.conf:<Directory /var/www/pub/yum/http>
/etc/httpd/conf.d/pulp_rpm.conf:Alias /pulp/gpg /var/www/pub/gpg
/etc/httpd/conf.d/pulp_rpm.conf:<Directory /var/www/pub/gpg/>
/etc/httpd/conf.d/pulp_deb.conf:  RewriteRule (.+/pulp/deb/)(.*) /pulp2/content/var/www/pub/deb/https/repos/$2 [DPI]
/etc/httpd/conf.d/pulp_deb.conf:  RewriteRule (.+/pulp/deb/)(.*) /pulp2/content/var/www/pub/deb/http/repos/$2 [DPI]
/etc/httpd/conf.d/pulp_deb.conf:<Directory /var/www/pub/deb/https>
/etc/httpd/conf.d/pulp_deb.conf:<Directory /var/www/pub/deb/http>
/etc/httpd/conf.d/pulp_docker.conf:Alias /pulp/docker/v2 /var/www/pub/docker/v2/web
/etc/httpd/conf.d/pulp_docker.conf:<Directory /var/www/pub/docker/v2/web>
/etc/httpd/conf.d/pulp_docker.conf:<Directory /var/www/pub/docker/v2/web/*/manifests/2>
/etc/httpd/conf.d/pulp_docker.conf:<Directory /var/www/pub/docker/v2/web/*/manifests/list>
/etc/httpd/conf.d/pulp_docker.conf:Alias /pulp/docker/v1 /var/www/pub/docker/v1/web
/etc/httpd/conf.d/pulp_docker.conf:<Directory /var/www/pub/docker/v1/web>
/etc/httpd/conf.d/pulp-vhosts80/rpm.conf:Alias /pulp/exports /var/www/pub/yum/http/exports
/etc/httpd/conf.d/pulp-vhosts80/iso.conf:Alias /pulp/isos /var/www/pub/http/isos
/etc/httpd/conf.d/pulp-vhosts80/pub_dir.conf:Alias /pub /var/www/html/pub
/etc/httpd/conf.d/pulp-vhosts80/pub_dir.conf:<Location /pub>
/etc/httpd/conf.d/05-pulp-https.conf:Alias /pub /var/www/html/pub
/etc/httpd/conf.d/05-pulp-https.conf:<Location /pub>
/etc/httpd/conf.d/pulp_iso.conf:Alias /pulp/isos /var/www/pub/https/isos
/etc/httpd/conf.d/pulp_iso.conf:<Directory /var/www/pub/https/isos>
/etc/httpd/conf.d/pulp_iso.conf:<Directory /var/www/pub/http/isos >

ehelms · January 18, 2021, 7:45pm

On my upgrade, I had a vhost for port 80 configured. Looking at the code however, I am wondering, do you have, in /etc/foreman-installer/scenarios.d/foreman-proxy-content-answers.yaml:

foreman_proxy_content:
  enable_puppet: false

As in, do you have puppet content on your content proxy turned off through that setting?

gvde · January 18, 2021, 8:23pm

I don’t have any puppet content. I also don’t run any puppet (except the agent) on the content proxy. So basically, everything puppet related including the setting above is disabled on my content proxy. I want my content proxy to serve content/rpms, only.

ehelms · January 18, 2021, 9:31pm

Seems our code makes some assumptions in that area unfortunately that breaks the pub directory deploying. For now, enabling puppet content is the work around. I will work on a fix for this for that case.

ehelms · January 19, 2021, 1:54pm

I have opened a pull request to address it that can be pulled back for a future 3.18 release:

github.com/theforeman/puppet-foreman_proxy_content

Fixes #31662: Set enable_http to ensure pub dir is deployed to Pulp v…

theforeman:master ← ehelms:fixes-31662

opened 01:20AM - 19 Jan 21 UTC

ehelms

+1 -0

…host This should be cherry picked to 3.18. This affects only content proxies… deployed in Katello 3.18 (or current nightly, all that changes once we go Pulp 3 only) that have `enable_puppet` set to false. The reason is this chunk of code: https://github.com/theforeman/puppet-pulp/blob/master/manifests/apache.pp#L23