Project

General

Profile

Bug #10616

Unable to install custom packages via capsule due to GPG key failure

Added by Justin Sherrill almost 4 years ago. Updated 8 months ago.

Status:
Closed
Priority:
Normal
Category:
Foreman Proxy Content
Target version:
Difficulty:
medium
Triaged:
Yes
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1222513
Description of problem:
Systems built through isolated capsule are unable to properly retrieve the GPG key of a custom package repository from the capsule.

Version-Release number of selected component (if applicable):
Client: RHEL 6.6
Capsule: RHEL 7.1 with the following Satellite 6.1 Beta packages:
pulp-katello-0.3-4.el7sat.noarch
katello-ca-consumer-slvdcrvsat02.nfcu.net-1.0-1.noarch
katello-certs-tools-2.2.1-1.el7sat.noarch
katello-debug-2.2.0.8-1.el7sat.noarch
foreman-debug-1.7.2.15-1.el7sat.noarch
katello-installer-base-2.3.5-1.el7sat.noarch
katello-agent-2.2.3-1.el7sat.noarch
katello-default-ca-1.0-1.noarch
katello-server-ca-1.0-1.noarch
foreman-selinux-1.7.2.13-1.el7sat.noarch
foreman-proxy-1.7.2.4-1.el7sat.noarch
Satellite: RHEL 7.1 with Satellite 6.1 Beta

How reproducible:
Everytime

Steps to Reproduce:
1. Configure repository with custom gpg key
2. Publish and Promote repository
3. Build and/or subscribe system via activiation key to the Content View
4. Attempt to install any package from the custom repository

Actual results:
Package fails to install with the following errors
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID 64de1bb2: NOKEY
Retrieving key from https://<CAPSULE SERVER NAME>/katello/api/repositories/10/gpg_key_content

GPG key retrieval failed: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"

Expected results:
Download of custom GPG key from capsule as well as package installation.

Additional info:
Capsule is running in reverse proxy mode as was suggested via the satellite-beta mailing list
  1. cat /etc/capsule-installer/answers.capsule-installer.yaml | grep reverse
    reverse_proxy: true

Associated revisions

Revision ca8f489b (diff)
Added by Justin Sherrill almost 4 years ago

Refs #10616 - add ssl virt host fragment type

Revision e063ea46
Added by Justin Sherrill almost 4 years ago

Merge pull request #66 from jlsherrill/10616

Refs #10616 - add ssl virt host fragment type

Revision 963cf00f (diff)
Added by Justin Sherrill almost 4 years ago

Refs #10616 - use new pulp child ssl fragment for gpg key proxy

Revision 963cf00f (diff)
Added by Justin Sherrill almost 4 years ago

Refs #10616 - use new pulp child ssl fragment for gpg key proxy

Revision 4a385f05
Added by Justin Sherrill almost 4 years ago

Merge pull request #47 from jlsherrill/10616

Refs #10616 - use new pulp child ssl fragment for gpg key proxy

Revision 4a385f05
Added by Justin Sherrill almost 4 years ago

Merge pull request #47 from jlsherrill/10616

Refs #10616 - use new pulp child ssl fragment for gpg key proxy

Revision 4a8be016 (diff)
Added by Justin Sherrill almost 4 years ago

fixes #10616 - backport pulp and capsule modules

Revision 191c39f7
Added by Justin Sherrill almost 4 years ago

Merge pull request #229 from jlsherrill/gpg

fixes #10616 - backport pulp and capsule modules

History

#1 Updated by The Foreman Bot almost 4 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/Katello/katello-installer/pull/229 added
  • Pull request deleted ()

#2 Updated by Justin Sherrill almost 4 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#3 Updated by Vladimir Stackov almost 4 years ago

Is there any workaround for 404?

#4 Updated by Justin Sherrill almost 4 years ago

  • Legacy Backlogs Release (now unused) set to 55
  • Difficulty set to medium
  • Triaged changed from No to Yes

Workaround would be to add:

  ProxyPass /katello/api/repositories/ https://katello.example.com/katello/api/repositories/
  <Location /katello/api/repositories/>
    ProxyPassReverse https://katello.example.com/
  </Location>
  SSLProxyEngine On

to /etc/httpd/conf.d/25-pulp-node-ssl.conf, anywhere within the VirtualHost section.

replacing katello.example.com with the parent katello/foreman server's hostname.

Then just restart httpd.

#5 Updated by Vladimir Stackov almost 4 years ago

Vladimir Stackov wrote:

Is there any workaround for 404?

Ah, nvm, already fixed by hand.

#6 Updated by Vladimir Stackov almost 4 years ago

Justin Sherrill wrote:

Workaround would be to add:

[...]

to /etc/httpd/conf.d/25-pulp-node-ssl.conf, anywhere within the VirtualHost section.

replacing katello.example.com with the parent katello/foreman server's hostname.

Then just restart httpd.

Hivemind :)
Thanks anyway!

Also available in: Atom PDF