Hi all,
I'm wondering if Katello is able to sync a repository that is SSL
protected? I see pulp can do it
https://pulp-rpm-user-guide.readthedocs.io/en/2.5-release/recipes.html
I can't see any options in the GUI or via hammer. Is it worth adding a
feature request?
Thanks 
Dylan
Dylan,
We are able to sync ssl-protected repositories, but at this time it is only
red hat ones where the certs come via a manifest. For custom repositories
(which I imagine is what you mean) we don't have this functionality.
By all means open a feature request!
Foreman (be sure to
choose feature in the Tracker dropdown)
John Mitsch
Red Hat Engineering
(860)-967-7285
irc: jomitsch
Hi all,
I’m wondering if Katello is able to sync a repository that is SSL
protected? I see pulp can do ithttps://pulp-rpm-user-guide.readthedocs.io/en/2.5-release/recipes.html
I can’t see any options in the GUI or via hammer. Is it worth adding a
feature request?Thanks
Dylan–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
Thanks John, I've done added a feature request
http://projects.theforeman.org/issues/15068
Dylan,
We are able to sync ssl-protected repositories, but at this time it is
only red hat ones where the certs come via a manifest. For custom
repositories (which I imagine is what you mean) we don’t have this
functionality.By all means open a feature request!
Foreman (be sure to
choose feature in the Tracker dropdown)John Mitsch
Red Hat Engineering
(860)-967-7285
irc: jomitschOn Sun, May 15, 2016 at 8:19 PM, Dylan Baars baarsd@gmail.com wrote:
Hi all,
I’m wondering if Katello is able to sync a repository that is SSL
protected? I see pulp can do ithttps://pulp-rpm-user-guide.readthedocs.io/en/2.5-release/recipes.html
I can’t see any options in the GUI or via hammer. Is it worth adding a
feature request?Thanks
Dylan–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.–
You received this message because you are subscribed to a topic in the
Google Groups “Foreman users” group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/foreman-users/-ZoHAwl1gc0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
So a workaround for this -
yum install pulp-admin-client
actually use pulp-admin
cat /etc/pki/katello/certs/pulp-client.crt
/etc/pki/katello/private/pulp-client.key > ~/.pulp/user-cert.pem
pulp-admin rpm repo create --repo-id=example-repo
–feed=https://rpm.example.com/centos7/x86_64/release
–feed-ca-cert=/etc/yum/certs/example_ca.cert
–feed-cert=/etc/yum/certs/example.cert
–feed-key=/etc/yum/certs/example.key
–serve-http=true
–relative-url example/centos7/x86_64/release
pulp-admin rpm repo sync schedules create --schedule '2016-05-17T00:00/P7D'
–repo-id "example-repo"
pulp-admin rpm repo publish run --repo-id example-repo
With all that done, you can add a new product/repository in Katello and
point it at the above pulp repo - so e.g. the repo above was added with the
following URL
http://katello.server.com/pulp/repos/example-repo/centos7/x86_64/release
I couldn't get Katello to work using a HTTPS URL - does anyone have any
idea why?
> So a workaround for this -
>
> # install the pulp-admin tools
> yum install pulp-admin-client
>
> # As per Bug #12841: Cert mismatch for katello 2.4 RC3 in files /etc/httpd/conf.d/pulp.conf and /etc/pulp/server.conf - Katello - Foreman setup to be able to
> actually use pulp-admin
> # This applies to katello 3.0, 2.4 is different - see the issue
> cat /etc/pki/katello/certs/pulp-client.crt
> /etc/pki/katello/private/pulp-client.key > ~/.pulp/user-cert.pem
>
> # Add the repository using pulp-admin
> pulp-admin rpm repo create --repo-id=example-repo
> --feed=https://rpm.example.com/centos7/x86_64/release
> --feed-ca-cert=/etc/yum/certs/example_ca.cert
> --feed-cert=/etc/yum/certs/example.cert
> --feed-key=/etc/yum/certs/example.key
> --serve-http=true
> --relative-url example/centos7/x86_64/release
>
> # Setup a schedule to sync from the external repo
> pulp-admin rpm repo sync schedules create --schedule
> '2016-05-17T00:00/P7D'
> --repo-id "example-repo"
>
> # Publish the new repo
> pulp-admin rpm repo publish run --repo-id example-repo
>
> With all that done, you can add a new product/repository in Katello and
> point it at the above pulp repo - so e.g. the repo above was added with the
> following URL
> http://katello.server.com/pulp/repos/example-repo/centos7/x86_64/release
>
> I couldn't get Katello to work using a HTTPS URL - does anyone have any
> idea why?
>
See Bug #14916: CDN url is allowed to be "https", which only works for one hostname - Katello - Foreman
–
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.