Hello,
That is probably a noob question, but I do not manage to use repository on
a capsule probably due to a SSL misconfiguration…
I installed a katello server to manage repository and a separate capsule to
manage a remote datacenter. Both are install with katello 2.4 / foreman
1.10 on RHEL6 servers.
Client side, I run a subscription-manager to register either on katello or
on the capsule. In both case, registration runs smoothly, the content host
do appear on console and client download a redhat.repo file.
The issue is that, in both case, access to the repo runs through https, and
that doesn't seem to function for the capsule. The folder
/etc/pki/entitlement/ contains the expected pem files and on the capsule
/var/log/httpd, only updated log is katello-reverse-proxy_access_ssl.log
which contains no error :
10.212.11.6 - - [20/Jan/2016:17:44:40 +0800] "GET /rhsm/ HTTP/1.1" 200
3766 "-" "RHSM/1.0 (cmd=yum)"10.212.11.6 - - [20/Jan/2016:17:44:42 +0800]
"GET /rhsm/consumers/43973ab4-3562-4433-95a8-6eba4f020e57/content_overrides
HTTP/1.1" 200 848 "-" "RHSM/1.0 (cmd=yum)"
What did I forget ?
Bump with a little bit more information.
I recently upgraded my platforms (katello + capsule) to foreman 1.10.1 with
katello 2.4 on a Oracle Linux 6.7.
Sync between katello and capsule seems to run smoothly for the moment.
I subscribed clients to register as content host on the katello without
issue
I register to capsule by using:
rpm -Uvh
http://<capsuleFQDN>/pub/katello-ca-consumer-latest.noarch.rpmsubscription-manager
register --org="Default_Organization" --activationkey="OL6"
Registration runs ok.
But if I try to run a yum command from this client
Loaded plugins: product-id, security, subscription-manager
https://**/<capsuleFQDN>/pulp/repos/Default_Organization/Library/OL6/custom/EPEL/epel-rhel6/repodata/repomd.xml:
[Errno 14] PYCURL ERROR 7 - "couldn't connect to host"
Trying other mirror.
I tried a wget through http of the repomd.xml and it function (so no issue
in repository build), but it fails as soon as I use https. Default
configuration of the http (/etc/httpd/conf.d/pulp_rpm.conf) indicates
certificate presentation is mandatory.
Katello Certificates provided by rpm (/etc/rhsm/ca/katello-default-ca.pem &
katello-server-ca.pem) are present & signed by the katello server (not by
capsule ?).
/etc/yum.repos.d/redhat.repo file seems to be okay (with all key /
certificate) present on the client, but I still cannot connect.
I don't find any error log.
How may I test this ?
···
On Wednesday, January 20, 2016 at 10:47:23 AM UTC+1, yannig rousseau wrote:
>
> Hello,
>
> That is probably a noob question, but I do not manage to use repository on
> a capsule probably due to a SSL misconfiguration...
>
> I installed a katello server to manage repository and a separate capsule
> to manage a remote datacenter. Both are install with katello 2.4 / foreman
> 1.10 on RHEL6 servers.
> Client side, I run a subscription-manager to register either on katello or
> on the capsule. In both case, registration runs smoothly, the content host
> do appear on console and client download a redhat.repo file.
>
> The issue is that, in both case, access to the repo runs through https,
> and that doesn't seem to function for the capsule. The folder
> /etc/pki/entitlement/ contains the expected pem files and on the capsule
> /var/log/httpd, only updated log is katello-reverse-proxy_access_ssl.log
> which contains no error :
>
> *10.212.11.6 - - [20/Jan/2016:17:44:40 +0800] "GET /rhsm/ HTTP/1.1" 200
> 3766 "-" "RHSM/1.0 (cmd=yum)"10.212.11.6 - - [20/Jan/2016:17:44:42 +0800]
> "GET /rhsm/consumers/43973ab4-3562-4433-95a8-6eba4f020e57/content_overrides
> HTTP/1.1" 200 848 "-" "RHSM/1.0 (cmd=yum)"*
>
> What did I forget ?
>
>
>
>