Project

General

Profile

Feature #7745

Client systems should be able to route all RHSM traffic through a Capsule.

Added by dustin tsang over 7 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Foreman Proxy Content
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Related issues

Blocks Katello - Tracker #8172: Isolate Client Communication through a CapsuleNew

Associated revisions

Revision 1772fcbb (diff)
Added by dustin tsang over 7 years ago

Fixes #7745 - allow client cert header through

Revision 077baed1
Added by dustin tsang over 7 years ago

Merge pull request #38 from dustints/reverse_proxy_tweak

Fixes #7745 - allow client cert header through

Revision dacbf2f4 (diff)
Added by Eric Helms over 7 years ago

Refs #7745: Support checking for custom header from RHSM proxied requests.

When using a Capsule in isolation, the reverse proxy on the Capsule
must pass through the originating client's certificate via a custom
header; in this case, HTTP_X_RHSM_SSL_CLIENT_CERT.

Revision 57f483ac (diff)
Added by Eric Helms over 7 years ago

Refs #7745: Deploy client cert bundle specifically for use by the Capsule.

Note this is a bundle since that is required by the reverse proxy
feature being added to the Capsule.

Revision 804e193b (diff)
Added by Eric Helms over 7 years ago

Fixes #7745: Deploy reverse proxy for RHSM traffic.

Revision 804e193b (diff)
Added by Eric Helms over 7 years ago

Fixes #7745: Deploy reverse proxy for RHSM traffic.

Revision a1e0bcea
Added by Eric D Helms over 7 years ago

Merge pull request #45 from ehelms/refs-7745

Refs #7745: Deploy client cert bundle specifically for use by the Capsul...

Revision 578f9f0b
Added by Eric D Helms over 7 years ago

Merge pull request #30 from ehelms/fixes-7745

Fixes #7745: Deploy reverse proxy for RHSM traffic.

Revision 578f9f0b
Added by Eric D Helms over 7 years ago

Merge pull request #30 from ehelms/fixes-7745

Fixes #7745: Deploy reverse proxy for RHSM traffic.

Revision e0edec13
Added by Eric Helms over 7 years ago

Merge pull request #4949 from ehelms/refs-8756

Refs #7745: Support checking for custom header from RHSM proxied request...

Revision 9885e83a (diff)
Added by Stephen Benjamin over 7 years ago

fixes #7745, #8756, #8755, #8991 - rhsm and templates isolation

Revision 7374d61c
Added by Stephen Benjamin over 7 years ago

Merge pull request #169 from stbenjam/isolation

fixes #7745, #8756, #8755, #8991 - rhsm and templates isolation

History

#1 Updated by Eric Helms over 7 years ago

  • Tracker changed from Bug to Feature
  • Subject changed from Access rhsm through a ReverseProxy on Capsules to Client systems should be able to route all RHSM traffic through a Capsule.
  • Legacy Backlogs Release (now unused) set to 14
  • Triaged changed from No to Yes

#2 Updated by Eric Helms over 7 years ago

  • Blocks Tracker #8172: Isolate Client Communication through a Capsule added

#3 Updated by dustin tsang over 7 years ago

https://github.com/Katello/puppet-capsule/pull/22 -- install reverse proxy on capsule
https://github.com/Katello/puppet-katello/pull/38 -- allow cert header pass through katello apache

#4 Updated by dustin tsang over 7 years ago

test scenario

1) install katello like normal
2) generate certs for capsule and copy to capsule like normal
3) using the capsule installer,
bin/capsule-installer --parent-fqdn "kdev.usersys.redhat.com"\
--register-in-foreman "true"\
--foreman-oauth-key "xxxx"\
--foreman-oauth-secret "xxx"\
--pulp-oauth-secret "xx"\
--certs-tar "~/mycerts.tar"\
--puppet "true"\
--puppetca "true"\
—pulp "true" --parent-reverse-proxy "true" --parent-reverse-proxy-port 8443

4) on a new host, rpm -Uvh http://katello/pub/katello-ca-consumer-latest.noarch.rpm

5) update your /etc/rhsm/rhsm.conf

on a separate host with subscription-manager,
[server]
hostname = capsule-hostname
prefix = /rhsm
port = 8443

6) subscription-manager register --organization Default_Organization

#5 Updated by Eric Helms over 7 years ago

  • Legacy Backlogs Release (now unused) changed from 14 to 23

#6 Updated by The Foreman Bot over 7 years ago

  • Status changed from New to Ready For Testing
  • Target version set to 63
  • Pull request https://github.com/Katello/katello/pull/4949 added
  • Pull request deleted ()

#7 Updated by Eric Helms over 7 years ago

  • Target version changed from 63 to 66

#8 Updated by Anonymous over 7 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

Also available in: Atom PDF