Project

General

Profile

Actions
Copy link

Bug #14939

closed

Synchronizing repositories that are published via HTTP and HTTPS should always default to the more secure method available.

Added by Justin Sherrill over 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Justin Sherrill
Category:
Repositories
Target version:
Katello 3.0.0
Difficulty:
Triaged:
Bugzilla link:
1332037
Pull request:
https://github.com/Katello/katello/pull/6018
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1332037
Description of problem:
Synchronizing repositories that are published via HTTP and HTTPS should always default to the more secure method available.
After publishing a Content View with a repository that has both HTTP and HTTPS enabled, the capsule will attempt to synchronize over HTTP rather than HTTPS. Because HTTP is blocked between the Parent and the Capsule, the repository will not sync.

Version-Release number of selected component (if applicable):
Sat:
satellite-6.2.0-8.2.beta.el7sat.noarch
pulp-server-2.8.1.3-1.el7sat.noarch
tfm-rubygem-foreman-tasks-0.7.16-1.fm1_11.el7.noarch
Capsule:
satellite-capsule-6.2.0-8.2.beta.el7sat.noarch

How reproducible:
Everytime

Steps to Reproduce:
1 Sync RHEL7 Kickstart , RHEL 7 7Server and a custom channel

2. Assign Library to your capsule # hammer -u <user> -p <pass> capsule content add-lifecycle-environment \
--organization-id 1 --id 4 --environment-id 1
3. Make the capsule to sync the content # hammer -u <user> -p <pass> capsule content synchronize --id 4

Actual results:
Any repository that has HTTPS enabled will synchronize fine. Any repository that has both HTTP and HTTPS enabled will fail as pulp attempts to use HTTP (least secure)
May 01 09:36:40 <capsule name> pulp6243: requests.packages.urllib3.connectionpool:INFO: Starting new HTTP connection (3): <parent name>
May 01 09:36:40 <capsule name> pulp6245: requests.packages.urllib3.connectionpool:WARNING: Retrying (Retry(total=3, connect=3, read=5, redirect=None)) after connection broken by 'ConnectTimeoutError(<requests.packages.urllib3.connection.HTTPConnection object at 0x452e9d0>, 'Connection to <parent name> timed out. (connect timeout=6.05)')': /pulp/repos/Enterprise_Unix_Engineering/LAB/eue-7-server-x86_64/content/dist/rhel/server/7/7.2/x86_64/kickstart
May 01 09:36:40 <capsule name> pulp6245: requests.packages.urllib3.connectionpool:INFO: Starting new HTTP connection (3): <parent name>
May 01 09:36:50 <capsule name> pulp6245: requests.packages.urllib3.connectionpool:WARNING: Retrying (Retry(total=2, connect=2, read=5, redirect=None)) after connection broken by 'ConnectTimeoutError(<requests.packages.urllib3.connection.HTTPConnection object at 0x452e750>, 'Connection to <parent name> timed out. (connect timeout=6.05)')': /pulp/repos/Enterprise_Unix_Engineering/LAB/eue-7-server-x86_64/content/dist/rhel/server/7/7.2/x86_64/kickstart
May 01 09:36:50 <capsule name> pulp6245: requests.packages.urllib3.connectionpool:INFO: Starting new HTTP connection (4): <parent name>
May 01 09:36:50 <capsule name> pulp6243: requests.packages.urllib3.connectionpool:WARNING: Retrying (Retry(total=2, connect=2, read=5, redirect=None)) after connection broken by 'ConnectTimeoutError(<requests.packages.urllib3.connection.HTTPConnection object at 0x4fd2810>, 'Connection to <parent name> timed out. (connect timeout=6.05)')': /pulp/repos/Enterprise_Unix_Engineering/LAB/eue-7-server-x86_64-cv/content/dist/rhel/server/7/7.2/x86_64/kickstart

Expected results:
All repositories that have 'Publish via HTTPS' and 'Publish via HTTP' should default to HTTPS.

Additional info:

Actions
Copy link

Also available in: Atom PDF