Upgrading to katello 4.0 breaks RHEL 8 kickstart

After upgrading to katello 4.0, RHEL 8 kickstart fails. It works in 3.18. After investigating it looks like the base url for Appstream Repo is incorrectly generated, which should be http:// instead of https://. The base URL for baseos is fine which is as follows:

Because of https:// installer fails to download repodata.xml because of Self Signed Certificate.

Expected outcome:
The kickstart file should contain http base url for appstream kickstart repo:
repo --name Red_Hat_Enterprise_Linux_8_for_x86_64_-_AppStream_Kickstart_8_3 --baseurl http://foreman.example.com/pulp/repos/Company/DEV/RHEL_8/content/dist/rhel8/8.3/x86_64/appstream/kickstart/

instead of:
repo --name Red_Hat_Enterprise_Linux_8_for_x86_64_-_AppStream_Kickstart_8_3 --baseurl https://foreman.example.com/pulp/repos/Company/DEV/RHEL_8/content/dist/rhel8/8.3/x86_64/appstream/kickstart/

Foreman and Proxy versions:
Foreman 2.4, katello 4.0

Foreman and Proxy plugin versions:
Foreman 2.4, katello 4.0

Distribution and version:
Centos 7.9
Other relevant data:

1 Like

@Justin_Sherrill or @ehelms can you give me a hand a bit here?

Looking in the Katello codebase, it looks like in ManagedContentMediumProvider it puts AppStream repo into Additional Media. That is correct, however it calls content_facet.kickstart_repository method which is a model instance. I think we assumed that an AppStream repository is a kickstart type (not sure how this is called in Katello), meaning it is recognized as kickstart and also published via http alongside https.

However it looks like the repo is not marked as kickstart on CDN, which is correct because it does not contain a kickstart tree. However it is now needed to successfully provision OS (unless it is the minimal installation).

Therefore I think we need to add similar workaround into syncing code - when a repo is recognized as AppStream (I think Katello recognizes it as a “variant repo”), then HTTP must be enabled on the repository as well.

I am not sure I have the know how to do this patch, could you help me with that? I can test the change.

@linuxlad I am assuming that if you go to the RHEL8 Product and find the AppStream repository, Publish HTTP will not be checked only Publish HTTPS. Can you check HTTP and sync? Get back to me if this worked. Another workaround would be changing this line in the kickstart default template:

repo --name AppStream --baseurl <%= medium_uri.to_s.gsub("BaseOS", "AppStream") %>

to something like (untested)

repo --name AppStream --baseurl <%= medium_uri.to_s.gsub("BaseOS", "AppStream").sub(/^https/, "http") %>


Thank you for your response.

“Publish via HTTP” was already set to yes. In fact, I don’t see an option to modify this option as it seems hardcoded.

But one thing I noticed is that the published at url for appstream repo is set to https:// in katello 4.0 but it is http:// in katello 3.18.

Also as an workaround I manually hadcoded the URL in the kickstart template.

Adding this works too:

repo --name AppStream --baseurl <%= medium_uri.to_s.gsub("BaseOS", "AppStream").sub(/^https/, "http") %>

But I had to replace:
repo --name <%= medium[:name] %> --baseurl <%= medium[:url] %> <%= medium[:install] ? ’ --install’ : ‘’ %><%= proxy_string %>



I am filing Bug #32485: CentOS 8 Stream provisioning does not work on 4.0 - Katello - Foreman this needs to be solved.

Any ideas what could cause this regression?

This PR should fix the issue if you apply it as a patch: https://github.com/Katello/katello/pull/9307.patch


Confirmed your patch!

Will this land in Katello 4.1?

1 Like

It looks like 4.0.1 from the issue: Bug #31801: Katello not able to handle kickstarts with multiple variants effectively - Katello - Foreman