Squid Proxy use for unmanaged hosts

svensol · May 20, 2020, 9:55am

Hi all,

I’ve just started my Foreman/Katello journey and was wondering about a few aspects.

I already have many CentOS 7 servers and desktops on my network, and rather than rebuild them all, I’m looking at slowly adding them into it.

In the mean time, my pulp repositories are full of RPMs, so I was wondering if it’s possible to use the foreman squid proxy rather than downloading packages again across each machine.

On the server I commented out the deny all line in the squid.conf

# http_access fragment for all
#http_access deny all

On the guest, I modified /etc/yum.conf and added in the line:

proxy=http://foreman.fqdn:3128

Then, running “yum update” I get many 404 and 405 errors

https://mirrors.ukfast.co.uk/sites/remi/enterprise/7/safe/x86_64/repodata/repomd.xml: [Errno 14] curl#22 - "The requested URL returned error: 405"
Trying other mirror.
https://mirror.pit.teraswitch.com/remi/enterprise/7/safe/x86_64/repodata/repomd.xml: [Errno 14] curl#22 - "The requested URL returned error: 405"
Trying other mirror.
https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/7/safe/x86_64/repodata/repomd.xml: [Errno 14] curl#22 - "The requested URL returned error: 405"
Trying other mirror.
https://mirror.sjc02.svwh.net/remi/enterprise/7/safe/x86_64/repodata/repomd.xml: [Errno 14] curl#22 - "The requested URL returned error: 405"
Trying other mirror.
http://ftp.riken.jp/Linux/remi/enterprise/7/safe/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.
http://remi.conetix.com.au/enterprise/7/safe/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
Trying other mirror.

And on the server:

1589968264.485      0 192.168.0.57 TAG_NONE/405 3821 CONNECT error:method-not-allowed - HIER_NONE/- text/html
1589968264.488      0 192.168.0.57 TAG_NONE/405 3821 CONNECT error:method-not-allowed - HIER_NONE/- text/html
1589968264.491      0 192.168.0.57 TAG_NONE/405 3821 CONNECT error:method-not-allowed - HIER_NONE/- text/html
1589968264.494      0 192.168.0.57 TAG_NONE/405 3821 CONNECT error:method-not-allowed - HIER_NONE/- text/html
1589968264.497      0 192.168.0.57 TAG_NONE/405 3821 CONNECT error:method-not-allowed - HIER_NONE/- text/html
1589968264.504      4 192.168.0.57 TCP_MISS/404 336 GET http://ftp.riken.jp/Linux/remi/enterprise/7/safe/x86_64/repodata/repomd.xml - FIRSTUP_PARENT/127.0.0.1 text/html
1589968264.512      5 192.168.0.57 TCP_MISS/404 336 GET http://remi.conetix.com.au/enterprise/7/safe/x86_64/repodata/repomd.xml - FIRSTUP_PARENT/127.0.0.1 text/html
1589968264.515      0 192.168.0.57 TAG_NONE/405 3821 CONNECT error:method-not-allowed - HIER_NONE/- text/html

Any pointers? Is this even possible?

Cheers,
Sven

lzap · May 20, 2020, 1:39pm

Hello, Foreman plugin called Katello allows you to do proxying and much more. You can, in fact, manage your repositories on very fine-grained detail - filtering out packages, promoting content across environments and things like that. But you can of course use Katello as a simple “proxy” - that’s the default behavior. Read these:

https://docs.theforeman.org/guides/build/doc-Content_Management_Guide/index-foreman.html

When you are ready to install Foreman with Katello, note that it’s completely different installation process as Katello brings many new components:

https://docs.theforeman.org/guides/build/doc-Installing_Server_on_Red_Hat/index-foreman.html

Good luck and give us feedback on the documentation (these are work in progress new books).

svensol · May 21, 2020, 8:09am

Hi lzap,

thanks coming back to me and for those links.

Sorry, a little misunderstanding perhaps. I already have build a Foreman/Katello server. I have it connected to test Ubuntu and CentOS Servers for provisioning CentOS 7 servers under KVM.

I have multiple products created:

Centos7 -> base_x86_64, EPEL7-Server, extras, updates
Elastic 7
Katello Agent
Microsoft RPM repository
Zabbix 4 and 5

All of which are sync’d nightly. All in all, around 63GB of rpms available

My question was how I can use these files for the non managed hosts. I note from the squid.conf file that it uses pulp as an accelerator.

My assumption was that if I were to use this squid for non managed hosts, then they could just download the files directly from Pulp rather than download them directly themselves by setting the proxy= variable on their yum.conf

Is this possible?

lzap · May 21, 2020, 8:48am

Ah ok, if you go into Products - Repositories you will see an URL for each. If you click on Publish via HTTP then Katello will make those repos available without subscription-manager involved. But I remember we were doing something with this flag - maybe removing it? @katello

sajha · May 21, 2020, 2:28pm

@lzap : There aren’t any plans to deprecate the Publish via HTTP feature and it should continue to be supported.

lzap · May 22, 2020, 12:15pm

@Justin_Sherrill I remember you were demoing something in that regard? ^^

svensol · May 25, 2020, 7:44am

Hi all,

it sounds like I need to manually edit each of my repositories on each of the hosts and repoint the base url accordingly to my pulp urls.

So would I be right in thinking that the answer is no? Yes, that would do it, but it’s not quite the same as using the squid cache/pulp as an accelerator.

Thanks again,
Sven.