Problem:
GUI (for my smartproxy) is inaccessible on port 9090. Expected outcome:
Smart Proxy GUI access.
Foreman and Proxy versions:
3.8
All,
I was expecting to access the smart proxy gui for my setup after initial install. I believe the port to access was 9090 as the default, however, the url is not found.
This is my first rodeo with Katello and I’m unsure how to properly manage or access the smart proxy, but it did not have any errors on install. Should I be expected to have some sort of smart proxy GUI access? Are there any pertinent logs I can post that would assist in troubleshooting?
Hi,
you can’t reach a GUI there because there’s no GUI. The smart proxy is configured using configuration files and then it just runs. You point your katello at the proxy and that’s it.
Hm, I guess I thought the smart proxy was a federated way to control Katello content hosts by region – is that not the case since there is no GUI? Maybe I am misunderstanding the purpose of a smartproxy…
If I have a Katello server in Region A, a smart proxy in Region B, and a client host in Region B I would like to register to my smart proxy (the smart proxy mirrors the life cycle environments/ CV/ Repos from the Katello server, correct) is there anything in particular I need to do?
From my understanding, this is how the smart proxy behaves, but I’ve never worked with one before.
It is exactly that. But instead of having to go into a smart proxy’s GUI to manage the hosts registered to it, you manage everything from the central katello server. The katello then just tells the proxies what how to manage the hosts.
As far as I know to register a host you would proceed the same way as when registering it to Katello server, but you would install the certificates rpm from the smart proxy instead. The rest should be the same
I still am unsure how to properly register a client to my smart proxy now. To register clients to my katello server I was using activation keys with the following command:
The foreman-proxy that clients register to is determined by the katello certificate rpm that the client has installed which you will find at http://foreman-proxy-hostname/pub/katello-ca-consumer-latest.noarch.rpm
If a client has this package from the foreman master it will use its resources, same goes if it has the package from the foreman-proxy, it will then use the proxy.
Thanks much - I’ve done as you said and successfully (so it appears) registered my smart proxy client to my smart proxy. Tcpdump shows traffic seems to be between smart proxy and said client, and not to the master server. Is there any other validation I can do?
Just attempting to test my Smart Proxy client that is registered to my Smart Proxy (which is registered to Katello Master) and it does not see the repos from the Katello master:
[root@ksp-client tmp]# subscription-manager status
±------------------------------------------+
System Status Details
±------------------------------------------+
Overall Status: Current
[root@ksp-client tmp]# subscription-manager refresh
3 local certificates have been deleted.
All local data refreshed
[root@ksp-client tmp]# yum repolist
Loaded plugins: enabled_repos_upload, fastestmirror, langpacks, package_upload, product-id, search-disabled-repos, subscription-manager
Determining fastest mirrors https://ksp.blah.local/pulp/repos/blah/dev_LCE/blah_CV/custom/centos-7/centos-7_mirror/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found
Trying other mirror.
To address this issue please refer to the below wiki article
[root@ksp ~]# hammer --show-ids
Could not load the API description from the server: SSL certificate verification failed
Make sure you configured the correct URL and have the server’s CA certificate installed on your system.
You can use hammer to fetch the CA certificate from the server. Be aware that hammer cannot verify whether the certificate is correct and you should verify its authenticity after downloading it.
Just to recap, the main issue at this moment is my smart proxy client is receiving https error 404 on any of the repos it supposedly has access to. I’ve been attempting to tshoot the last few days with no luck.
Hi Les,
Version: Katello 3.9 / Foreman 1.20 (Installed via Katello)
I’ve installed smart proxy in different network ( all required ports are opened in FW ), successfully registered at Katello server. On client installed consumer package from foreman-proxy, but packages can’t be downloaded with the same Error 404 - Not Found as mentioned in this thread. My content download policy is “on demand”
on both server and proxy. Expecting download links will be created dynamic on demand.
Am I missing something?
I noticed the issue (at least mine) stems from the fact that the smart proxy itself cannot sync to my Katello master. It seems to get hung up. I can paste the output from dynflow console…
I tried to sync Katello to smart proxy via CLI
hammer proxy content synchronize --organization-id 3 --id 3
but it’s stuck forever on 9%
In messages:
Jan 3 09:12:32 celforeman pulp: celery.worker.strategy:INFO: Received task: pulp.server.controllers.repository.queue_download_deferred[b244c280-b2ac-479e-98f8-10014b28dafc]
Jan 3 09:12:32 celforeman pulp: celery.worker.strategy:INFO: Received task: pulp.server.controllers.repository.download_deferred[4a31d4c0-80f5-46f4-b864-7406746fbd58]
Jan 3 09:12:32 celforeman pulp: celery.app.trace:INFO: [b244c280] Task pulp.server.controllers.repository.queue_download_deferred[b244c280-b2ac-479e-98f8-10014b28dafc] succeeded in 0.00793341599638s: None
Jan 3 09:12:32 celforeman pulp: celery.app.trace:INFO: [4a31d4c0] Task pulp.server.controllers.repository.download_deferred[4a31d4c0-80f5-46f4-b864-7406746fbd58] succeeded in 0.00802063501033s: None
On smart proxy all tasks like this one:
pulp-admin tasks list
±---------------------------------------------------------------------+
Tasks
±---------------------------------------------------------------------+
I synced the proxy under the Katello server gui -> infrastructure -> smart proxy. I actually have it working now after my sync ran. It looks like it just takes a while…
As “and” just found, you need to do a full sync on any proxy before content will be available from it. After a sync, the published content views should be visible on the “Content” Tab for that Proxy.
You can also check access to content views via the proxy by accessing the URL with a web browser. You can get the URL’s from /etc/yum.repos.d/redhat.repo on any client that has been registered to the proxy.
