Plugins » Katello

I've made an update katello 3.2 to katello 3.3 and the qpid messaging of pulp node stopped working. I've traced the error to the PR of qpid to only listen on localhost. In general that didn't happen for my pulp node:

1. netstat -antp|grep 5671
   tcp 0 0 0.0.0.0:5671 0.0.0.0:* LISTEN 45147/qpidd

its still listening on all interfaces in my setup. What it did achieve is the change of the broker_url in /etc/pulp/server.conf

1. diff /etc/pulp/server.conf server.conf.bkup
   309c309

broker_url: qpid://localhost:5671

---
< broker_url: qpid://pulpnode.tld:5671
This leads to a ssl error.
pulp.server.async.scheduler:ERROR: ("Connection hostname 'localhost' does not match names from peer certificate:...
and
consumer: Cannot connect to qpid://localhost:5671//: ("Connection hostname 'localhost' does n...

I'd say the first step to fix this is fix the upgrade docs to reflect the need to regenerate the certs:
update https://github.com/theforeman/theforeman.org/blob/gh-pages/plugins/katello/nightly/upgrade/smart_proxy.md to include --certs-update-all on foreman-proxy-certs-generate

the wrong qpid listener is because it wasn't changed here:
https://github.com/Katello/puppet-foreman_proxy_content/blob/master/manifests/init.pp
Should it be the same change as in puppet-katello: https://github.com/Katello/puppet-katello/blob/master/manifests/init.pp#L127 ?

If you change that you also need to change the messaging url here:
https://github.com/Katello/puppet-foreman_proxy_content/blob/master/manifests/init.pp#L209

So I can do all that, but my general question is: should the pulp node have its own qpidd or should it use the central qpidd? Does qpidd need to be reachable or is localhost enough?

Greetings
Klaas