I have previously imported (the manifest) and used Red Hat products in
Katello 2.4.*. I've recently built a Katello 3.1 server and would like to
do the same.
The manifest imports, but trying to select products returns:
Both Katello servers sit behind Corporate firewalls and use a Corporate
proxy. The local DNS source doesn't know about public domains (so can't
help with cdn.redhat.com).
When syncing the existing 2.4 Red Hat repositories, all requests
successfully use the details provided in:
/etc/pulp/server/plugins.conf.d/yum_importer.json
But browsing the Red Hat product list now returns the same cdn.redhat.com
lookup failure as the 3.1 server.
I've tried creating a host file entry for one of the public IPs for that
site, but that naturally returns:
Connection refused - connect(2)
As that address is not reachable; this is prevented by the firewalls.
I've tried setting the host file entry for cdn.redhat.com to the IP of the
proxy, then added a redirect rule in iptables to send the TCP443 request to
the correct port of the proxy, but then I get an SSL error, as Katello is
expecting a different conversation to the one the proxy wants to have.
From what I can tell, there wouldn't be a problem if there wasn't the
initial DNS lookup and this part solely used the json file.
Have you set these options using foreman-installer?
--katello-proxy-password Proxy password for authentication
(default: nil)
–katello-proxy-port Port the proxy is running on (default:
nil)
–katello-proxy-url URL of the proxy server (default: nil)
–katello-proxy-username Proxy username for authentication
(default: nil)
···
On Tue, Nov 15, 2016 at 10:23 AM, JC wrote:
I have previously imported (the manifest) and used Red Hat products in
Katello 2.4.*. I’ve recently built a Katello 3.1 server and would like to
do the same.
The manifest imports, but trying to select products returns:
Both Katello servers sit behind Corporate firewalls and use a Corporate
proxy. The local DNS source doesn’t know about public domains (so can’t
help with cdn.redhat.com).
When syncing the existing 2.4 Red Hat repositories, all requests
successfully use the details provided in:
/etc/pulp/server/plugins.conf.d/yum_importer.json
But browsing the Red Hat product list now returns the same cdn.redhat.com
lookup failure as the 3.1 server.
I’ve tried creating a host file entry for one of the public IPs for that
site, but that naturally returns:
Connection refused - connect(2)
As that address is not reachable; this is prevented by the firewalls.
I’ve tried setting the host file entry for cdn.redhat.com to the IP of
the proxy, then added a redirect rule in iptables to send the TCP443
request to the correct port of the proxy, but then I get an SSL error, as
Katello is expecting a different conversation to the one the proxy wants to
have.
From what I can tell, there wouldn’t be a problem if there wasn’t the
initial DNS lookup and this part solely used the json file.
I did consider specifying those options with the installer, but my (mis)
understanding <https://access.redhat.com/solutions/1122203> was that this
just set those attributes in /etc/pulp/server/plugins.conf.d/*.json (which
I had done manually after install) However, I then found this
<https://access.redhat.com/discussions/1348283> discussion, which reminded
me about /etc/foreman/plugins/katello.yaml. That thread suggest that both
sets of files should be modified when using the installer, but I found that
only the json files were changed in my case.
···
On 15 November 2016 at 20:41, Sean O'Keeffe wrote:
Have you set these options using foreman-installer?
--katello-proxy-password Proxy password for authentication
(default: nil)
–katello-proxy-port Port the proxy is running on (default:
nil)
–katello-proxy-url URL of the proxy server (default: nil)
–katello-proxy-username Proxy username for authentication
(default: nil)
I have previously imported (the manifest) and used Red Hat products in
Katello 2.4.*. I’ve recently built a Katello 3.1 server and would like to
do the same.
The manifest imports, but trying to select products returns:
Both Katello servers sit behind Corporate firewalls and use a Corporate
proxy. The local DNS source doesn’t know about public domains (so can’t
help with cdn.redhat.com).
When syncing the existing 2.4 Red Hat repositories, all requests
successfully use the details provided in:
/etc/pulp/server/plugins.conf.d/yum_importer.json
But browsing the Red Hat product list now returns the same cdn.redhat.com
lookup failure as the 3.1 server.
I’ve tried creating a host file entry for one of the public IPs for that
site, but that naturally returns:
Connection refused - connect(2)
As that address is not reachable; this is prevented by the firewalls.
I’ve tried setting the host file entry for cdn.redhat.com to the IP of
the proxy, then added a redirect rule in iptables to send the TCP443
request to the correct port of the proxy, but then I get an SSL error, as
Katello is expecting a different conversation to the one the proxy wants to
have.
From what I can tell, there wouldn’t be a problem if there wasn’t the
initial DNS lookup and this part solely used the json file.
