Hi,
I have upgraded a test box to Katello 3.0 release, and am testing
installation of a katello capsule into our DMZ. I'm having an issue with
certificates - Bug #15530: Katello 3.0 capsule fails to register - Katello - Foreman - if anyone has
any ideas on that it would be much appreciated! BUT in the meantime I've
connected to the capsule via HTTP. Problem is, if I try and synchronise
content I get the following
[root@wellkatellotst foreman]# hammer capsule content synchronize --id 2
Could not synchronize capsule content:
Action not allowed for the default capsule.
[root@wellkatellotst foreman]#
Same behaviour via the GUI. If I browse to the capsule (Infrastructure >
Smart Proxies > capsule link), under "Content Sync" there is a message "404
resource not found" error
On the capsule, /etc/foreman-proxy/settings.d/pulp.yml is configured as
below
···
---
# Pulp integration
:enabled: true
:pulp_url: https://wellcapsuletst.niwa.co.nz/pulp
# Path to pulp, pulp content and mongodb directories
:pulp_dir: /var/lib/pulp
:pulp_content_dir: /var/lib/pulp/content
:mongodb_dir: /var/lib/mongodb
Any idea whats wrong?
Thanks 
Dylan
Dylan,
Thanks for filing a bug and the thorough explanation. Many devs are out
this week so we may not get to the certs issue right away but will look
soon.
For the capsule - are you sure the capsule with an id of 2 is your capsule
and not the smart proxy in the main katello server? Is it registered with
subscription manager? Any reason to suspect network issues?
Thanks,
John Mitsch
Red Hat Engineering
(860)-967-7285
irc: jomitsch
···
On Tue, Jun 28, 2016 at 9:38 PM, Dylan Baars wrote:
Hi,
I have upgraded a test box to Katello 3.0 release, and am testing
installation of a katello capsule into our DMZ. I’m having an issue with
certificates - Bug #15530: Katello 3.0 capsule fails to register - Katello - Foreman - if anyone
has any ideas on that it would be much appreciated! BUT in the meantime
I’ve connected to the capsule via HTTP. Problem is, if I try and
synchronise content I get the following
[root@wellkatellotst foreman]# hammer capsule content synchronize --id 2
Could not synchronize capsule content:
Action not allowed for the default capsule.
[root@wellkatellotst foreman]#
Same behaviour via the GUI. If I browse to the capsule (Infrastructure >
Smart Proxies > capsule link), under “Content Sync” there is a message “404
resource not found” error
On the capsule, /etc/foreman-proxy/settings.d/pulp.yml is configured as
below
Pulp integration
:enabled: true
:pulp_url: https://wellcapsuletst.niwa.co.nz/pulp
Path to pulp, pulp content and mongodb directories
:pulp_dir: /var/lib/pulp
:pulp_content_dir: /var/lib/pulp/content
:mongodb_dir: /var/lib/mongodb
Any idea whats wrong?
Thanks
Dylan
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
Hi John,
yep I'm sure of the capsule ID. I also thought perhaps it was network
issues, so I built a second capsule on the internal network where there are
no firewalls between the servers (other than the local CentOS firewalld
service - but even then I've tried with it turned off just in case), and
get the same result!
Here's the capsule list and then the synchronize commands…
[root@wellkatellotst foreman-proxy]# hammer capsule list
—|---------------------------|----------------------------------------|--------------------------
ID | NAME | URL |
FEATURES
—|---------------------------|----------------------------------------|--------------------------
3 | hamltestvm1.niwa.local | http://hamltestvm1.niwa.local:8080 |
Templates, Puppet, Pup…
2 | wellcapsuletst.niwa.co.nz | http://wellcapsuletst.niwa.co.nz:8080 |
Templates, Puppet, Pup…
1 | wellkatellotst.niwa.local | https://wellkatellotst.niwa.local:9090 |
Puppet, Puppet CA, Pul…
—|---------------------------|----------------------------------------|--------------------------
[root@wellkatellotst foreman-proxy]# hammer capsule content synchronize
–id 2
Could not synchronize capsule content:
Action not allowed for the default capsule.
[root@wellkatellotst foreman-proxy]# hammer capsule content synchronize
–id 3
Could not synchronize capsule content:
Action not allowed for the default capsule.
[root@wellkatellotst foreman-proxy]#
Both capsules are registered with Katello
[root@wellcapsuletst foreman-proxy]# subscription-manager status
···
+-------------------------------------------+
System Status Details
+-------------------------------------------+
Overall Status: Current
[root@hamltestvm1 foreman-proxy]# subscription-manager status
±------------------------------------------+
System Status Details
±------------------------------------------+
Overall Status: Current
[root@wellkatellotst foreman-proxy]# hammer host list --organization NIWA
—|---------------------------|------------------|---------------------|----------------|------------------
ID | NAME | OPERATING SYSTEM | HOST GROUP |
| IP |
MAC |
| 6 |
hamltestvm1.niwa.local |
| 192.168.224.21 |
00:50:56:85:0b:fa |
| 7 |
wellcapsuletst.niwa.co.nz |
| 192.168.16.3 |
00:50:56:85:31:ed |
| 1 |
wellkatellotst.niwa.local |
| 192.168.59.7 |
00:50:56:85:05:00 |
| — |
--------------------------- |
[root@wellkatellotst foreman-proxy]#
Thanks for your help
Sorted (I think!) I was under the impression that
/etc/foreman-proxy/settings.d/pulp.yml needed to be enabled, BUT from
reading Bug #9209: Repo create on renamed capsule ISEs - Katello - Foreman what I want enabled is
the pulpnode.yml - which was enabled by default. Once I set pulp.yml
":enabled: false" and restarted foreman-proxy, things started working
I've updated the certificate bug - solved/fixed, but I think something
needs to be added in the capsule certificate generation script - some sort
of detection of custom certificates & a prompt the user will need to
supply/update them manually
