Feature #17367
closedCapsule should listen for RHSM requests on port 443, like Satellite does
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1288817
Description of problem:
While Satellite listens for RHSM requests (of clients machine registered to it) on port 443, an external Capsule (offering just a subset of Satellite functionality) has separate port 8443 dedicated for it.
This is confusing and can easily introduce registration issues - in fact it already happened and believe me it is nontrivial to investigate why client host fails to register to Capsule (if trying to connect to port 443 that sounds logically correct but wrong due to wrong rhsm.conf setting).
Moving the listening port back to 443 will gain these pros:
- logical coherence where any client machine within Satellite deployment registers to - this prevents misconfiguration issues due to lack of knowing the exception / rule with port 8443
- simplified firewall setting
- simplified POSTIN script in katello-ca-consumer RPM
Version-Release number of selected component (if applicable):
Sat 6.1.4 (i fact any Sat6)
How reproducible:
100%
Steps to Reproduce:
1. Install Sat, Caps, register content host to Sat and to Caps
2. Check what port the clients use for RHSM communication (i.e. rhsm.conf on clients)
Actual results:
clients registered to Sat talk via port 443
clients registered to Caps talk via port 8443
Expected results:
any client to talk to its "server" (Sat or Caps) via port 443
Additional info:
Once implemented, documentation needs to be updated - at least firewall setting
Updated by Justin Sherrill about 8 years ago
- Subject changed from Capsule should listen for RHSM requests on port 443, like Satellite does to Capsule should listen for RHSM requests on port 443, like Satellite does
- Translation missing: en.field_release set to 114
Updated by Ewoud Kohl van Wijngaarden over 7 years ago
https://github.com/Katello/puppet-foreman_proxy_content/blob/3a1118deb9104e167c754aa57914eb8894cb54e9/manifests/init.pp#L211-L213 does does a similar thing, but only proxies certain URLs. Can't we expand that to include the RHSM URLs? See https://github.com/Katello/puppet-foreman_proxy_content/blob/3a1118deb9104e167c754aa57914eb8894cb54e9/templates/_pulp_gpg_proxy.erb as well.
Updated by Stephen Benjamin over 6 years ago
- Related to Bug #12646: Isolated Reverse proxy exposes all of Katello/Foreman added
Updated by Eric Helms 5 months ago
- Status changed from New to Closed
- Triaged set to No
Updated by Chris Roberts 5 months ago
- Target version deleted (
Katello Backlog) - Triaged changed from No to Yes