Project

General

Profile

Bug #35296

Need to be able to provide custom cert for ISS for Red Hat CDN

Added by Partha Aji 4 months ago. Updated 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Inter Server Sync
Target version:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Description of problem:

Assume we have an Upstream HTTP Server that is serving the extracted CDN ISO content and a Downstream Server that can only talk to that http server.

We need to be able specify custom ca cert (or ca credential) when we change the RedHat CDN url to the upstream url.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Get a content iso extracted in /var/www/html/pub/<myrepo> on some other box
2. Go to Subscriptions => Manage Manifest
3. Change the redhat cdn url to https://&lt;fqdn&gt;/pub/&lt;myrepo&gt;. Notice that you cannot specify the cert in this tab.
4. Go to Redhat Repositories and try expanding the available repositories.

Actual results:

You should get an error along the lines of
2022-07-28T18:01:33 [I|app|37e3cb19] CDN: Requesting path https://&lt;webserver&gt;:443/pub/repos/content/dist/rhel/server/7/listing
/opt/rh/rh-ruby27/root/usr/share/ruby/net/protocol.rb:44: warning: exception in verify_callback is ignored
2022-07-28T18:01:33 [E|app|37e3cb19] Failed at scanning for repository: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)

Expected results:

Ability to see enabled repos from the store.

We may also need to be able to set a SSL CA Credential on the Manage Manifests.

Associated revisions

Revision a0e63cb0 (diff)
Added by Partha Aji 2 months ago

Fixes #35296 - New Custom CDN type (#10217)

  • Fixes #35296 - Include certs in the default trust store when pinging cdn
  • Refs #35296 - Added a new custom cdn type and ui tab

Co-authored-by: Jeremy Lenz <>

Revision 6a47ac35 (diff)
Added by Partha Aji 2 months ago

Refs #35296 - New Custom CDN type (#860)

History

#1 Updated by Partha Aji 4 months ago

  • Bugzilla link set to 2112098

#2 Updated by The Foreman Bot 4 months ago

  • Assignee set to Partha Aji
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/Katello/katello/pull/10217 added

#3 Updated by The Foreman Bot 4 months ago

  • Pull request https://github.com/Katello/hammer-cli-katello/pull/860 added

#4 Updated by Partha Aji 4 months ago

  • Triaged changed from No to Yes
  • Target version set to Katello 4.6.0
  • Category set to Inter Server Sync

#5 Updated by Chris Roberts 3 months ago

  • Target version changed from Katello 4.6.0 to Katello 4.7.0

#6 Updated by The Foreman Bot 2 months ago

  • Fixed in Releases Katello 4.7.0 added

#7 Updated by Partha Aji 2 months ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF