Bug #10616
closed
Unable to install custom packages via capsule due to GPG key failure
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1222513
Description of problem:
Systems built through isolated capsule are unable to properly retrieve the GPG key of a custom package repository from the capsule.
Version-Release number of selected component (if applicable):
Client: RHEL 6.6
Capsule: RHEL 7.1 with the following Satellite 6.1 Beta packages:
pulp-katello-0.3-4.el7sat.noarch
katello-ca-consumer-slvdcrvsat02.nfcu.net-1.0-1.noarch
katello-certs-tools-2.2.1-1.el7sat.noarch
katello-debug-2.2.0.8-1.el7sat.noarch
foreman-debug-1.7.2.15-1.el7sat.noarch
katello-installer-base-2.3.5-1.el7sat.noarch
katello-agent-2.2.3-1.el7sat.noarch
katello-default-ca-1.0-1.noarch
katello-server-ca-1.0-1.noarch
foreman-selinux-1.7.2.13-1.el7sat.noarch
foreman-proxy-1.7.2.4-1.el7sat.noarch
Satellite: RHEL 7.1 with Satellite 6.1 Beta
How reproducible:
Everytime
Steps to Reproduce:
1. Configure repository with custom gpg key
2. Publish and Promote repository
3. Build and/or subscribe system via activiation key to the Content View
4. Attempt to install any package from the custom repository
Actual results:
Package fails to install with the following errors
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID 64de1bb2: NOKEY
Retrieving key from https://<CAPSULE SERVER NAME>/katello/api/repositories/10/gpg_key_content
GPG key retrieval failed: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Expected results:
Download of custom GPG key from capsule as well as package installation.
Capsule is running in reverse proxy mode as was suggested via the satellite-beta mailing list
- cat /etc/capsule-installer/answers.capsule-installer.yaml | grep reverse
reverse_proxy: true
Updated by The Foreman Bot over 9 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/Katello/katello-installer/pull/229 added
- Pull request deleted (
)
Updated by Justin Sherrill over 9 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset katello-installer|4a8be016b48e0d810eceb37303967d95440b4e18.
Updated by Justin Sherrill over 9 years ago
- Translation missing: en.field_release set to 55
- Difficulty set to medium
- Triaged changed from No to Yes
Workaround would be to add:
ProxyPass /katello/api/repositories/ https://katello.example.com/katello/api/repositories/
<Location /katello/api/repositories/>
ProxyPassReverse https://katello.example.com/
</Location>
SSLProxyEngine On
to /etc/httpd/conf.d/25-pulp-node-ssl.conf, anywhere within the VirtualHost section.
replacing katello.example.com with the parent katello/foreman server's hostname.
Then just restart httpd.
Updated by Vladimir Stackov over 9 years ago
Vladimir Stackov wrote:
Is there any workaround for 404?
Ah, nvm, already fixed by hand.
Updated by Vladimir Stackov over 9 years ago
Justin Sherrill wrote:
Workaround would be to add:
[...]
to /etc/httpd/conf.d/25-pulp-node-ssl.conf, anywhere within the VirtualHost section.
replacing katello.example.com with the parent katello/foreman server's hostname.
Then just restart httpd.
Hivemind :)
Thanks anyway!