Katello smart proxy problem fetching keys

katello

#1

Problem:

I just installed a katello smart proxy and it syncs up with the main katello server quite happily. Clients can subscribe to products, but when I try to yum install packages I get 404 errors trying to fetch gpg keys. It trying to get https://$CAPSULE/katello/api/v2/repositories/$REPOID/gpg_key_content. Which doesn’t exist.

There’s a proxypass setting in /etc/httpd/conf.d/05-pulp-https.conf for katello/api/repositories but not for v2. If I add a proxypass setting from /katello/api/v2/repositories to the same URL on the main katello server then it just times out (is it expecting client authentication that it isn’t getting?). For now, I just proxypassed the api/v2 urls to the api/ url, which seems to be working:

ProxyPass /katello/api/v2/repositories/ https://wellkatellodmz.niwa.co.nz/katello/api/repositories/
<Location /katello/api/v2/repositories/>
ProxyPassReverse https://wellkatello.niwa.local/

Is there a better way to fix this? Am not sure if the issue is the installer not setting up the proxy correctly or the capsule / client using the wrong url?

Expected outcome:
clients registered to the katello proxy should be able to access GPG repo keys and install packages

Foreman and Proxy versions:
1.17.1

Foreman and Proxy plugin versions:
Katello 3.6.0

Thanks! C.


#2

Same happened in our environment.

^Thanks for the workaround!

Running 1.17.1

Cheers


#3

This is controlled by https://github.com/theforeman/puppet-foreman_proxy_content/blob/master/templates/_pulp_gpg_proxy.erb

Would either of you mind filing a Redmine issue for this?


#4

Bang

https://projects.theforeman.org/issues/24316


#5

We’re also encountering this after upgrading last week.

I noticed that there are 2 bugs reported for this issue (24341, and 24316) but both are closed as duplicates of each other, is this normal?


#6

Hi there,

I have a similar issue after update to Katello 3.11.
On clients some repos use api/ and some other api/v2.
On the capsule, only /katello/api/v2/repositories/ is exposed now.

On clients, after a fresh register:

# grep katello/api/repositories /etc/yum.repos.d/redhat.repo | wc -l
52
# grep katello/api/v2/repositories /etc/yum.repos.d/redhat.repo | wc -l
19

I can’t find related redmine issues. Any thought?


#7

nvm, found it: https://projects.theforeman.org/issues/25823

I’ve upgraded from 3.9 to 3.11 directly (thinking that n+2 is now supported)
Do I miss that katello:upgrades:3.10:update_gpg_key_urls task from 3.10 upgrade?


#8

ok, it works after running katello:upgrades:3.10:update_gpg_key_urls