Satellite 6: Importing repositories through an HTTP proxy?

Latest response

Folks,
The Pulp yum importer proxy settings don't seem to be working to allow me to import Redhat content into my Satellite 6 server.

I've set the /etc/pulp/server/plugins.conf.d/yum_importer.json file as follows:
{
"proxy_host": "proxy.college.edu",

"proxy_port": 8080,

"proxy_username": "",
"proxy_password": ""

}

Please let me know how I should be setting Satellite 6 up to sync content from Redhat through a standard bluecoat HTTP/S proxy.

For the Hatters here, it should be noted that the latest Install Guide makes no mention of making any of the install / deploy process proxy aware. This is problematic for most larger companies I'd wager, and the documentation should probably be amended.

Thanks!
- Kodiak

Responses

Kodiak,

On Satellite 5.5 we use following approach.
Use reposync via a Proxy on the Satellite server, and a local Channel load from the repository.

Might this workaround for you?

Kind regards,

Jan Gerrit Kootstra

Hi Jan,
Not sure what you mean - this is Satellite 6 which is completely different code from Satellite 5.x which means nothing is similar or comparable.

In Satellite 5.x, http proxy pass-through is actually pretty easily defined in rhn.conf, hate to say it but so far the new satellite 6 system is much more opaque and difficult to set up properly.

Not all customer content was easily synced by Satellite 5.x itself. That is why we created a local "mirror" and pushed that content into the Satellite 5.x server. This approach also works for Satellite 6.

Running katello-installer should give you

"proxy_host": "http://proxy.college.edu"

(or https).

According to the pulp docs the key should be named "proxy_url" but in the puppet-pulp's template for yum_importer.json module (which is used by the katello-installer) it should be "proxy_host"

The link to the pulp doc is broken ... Like most of things to the pulp doc before the latest :-/

The link has moved to https://docs.pulpproject.org/user-guide/index.html

you can specify the proxy settings during the installation process:

katello-installer --help

...
--katello-proxy-password Proxy password for authentication (default: nil)
--katello-proxy-port Port the proxy is running on (default: nil)
--katello-proxy-url URL of the proxy server (default: nil)
--katello-proxy-username Proxy username for authentication (default: nil)
...

The Installation Guide mentions it:

https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.0/html-single/Installation_Guide/index.html#sect-Red_Hat_Satellite-Installation_Guide-Configuring_RednbspHat_Satellite_Manually_with_an_HTTP_Proxy

That works fine for the installation, and this(?) sets the correct parameters in /etc/rhsm/rhsm.conf. However, from within the Satellite UI itself (Content > Red Hat Repositories > RPMs), not everything is honoring the proxy settings in rhsm.conf.

That is, when I drill down, I get an error -

> Red Hat Enterprise Linux 7 Server (RPMs)
 ERRORS
    There was an error attempting to retrieve the repository list:
       Connection refused - connect(2)

Should also mention that the yum command and rhsmcertd run without complaint, ie:

2015-05-31 05:56:40,458 [DEBUG] rhsmcertd-worker @connection.py:420 - Loaded CA certificates from /etc/rhsm/ca/: candlepin-stage.pem, redhat-uep.pem
2015-05-31 05:56:40,458 [DEBUG] rhsmcertd-worker @connection.py:454 - Using proxy: proxy.intranet.xxxxxxx.com:3128
2015-05-31 05:56:40,459 [DEBUG] rhsmcertd-worker @connection.py:469 - Making request: GET https://subscription.rhn.redhat.com:443/subscription/consumers/35a4a850-ed8a-4f18-85bb-8b23d0713ff3/certificates/serials
2015-05-31 05:56:41,109 [DEBUG] rhsmcertd-worker @connection.py:492 - Response: status=200

I apologize if this is in the documentation, but I couldn't find it anywhere. I found the solution by looking at the katello cdn.rb code on github.

I noticed that there are katello proxy configuration parameters cdn_proxy.host and cdn_proxy.port that need to go in /etc/foreman/plugins/katello.yaml:

common:
    ...
    cdn_proxy:
        host: your_proxy_host
        port: your_proxy_port
        user: nil # this is not optional
        password: nil

Then restart foreman and foreman-tasks.

Thanks Richard. This was actually more help than the "best answer" and the installation manual since neither mentioned this particular setting. I just hope people scroll down to the comments and see it.

Cheers Richard, thanks for taking the time to weed this out of the source and post it up here!

Thanks Richard - this helped me out tremendously!!

Is Richard's response in addition to the json files in /etc/pulp/server/plugins.conf.d or do we only need the yaml file updated?

Hello, I do not know the answer but have asked a colleague about this and about Richard's answer as that is not in the Installation Guide. I'll raise a Docs Bug when I know more.

The katello-installer's flags to set the proxy via the --katello-proxy-* flags sole purpose is to modify the files in:

/etc/foreman/plugins/katello.yaml
/etc/pulp/server/plugins.conf.d/yum_importer.json

the katello-installer has no effect on /etc/rhsm/rhsm.conf, that is up to the user to configure.

If you are running katello-installer with the --katello-proxy-* flags set and it is not configuring the files I mention above then there may be an issue with the installer in your environment not working properly.

for example, on an existing Satellite 6.1 server that was not configured to use a proxy I ran the following:

BEFORE:

# grep proxy /etc/foreman/plugins/katello.yaml /etc/pulp/server/plugins.conf.d/yum_importer.json
/etc/pulp/server/plugins.conf.d/yum_importer.json:    "proxy_host": "",
/etc/pulp/server/plugins.conf.d/yum_importer.json:    "proxy_port": null,
/etc/pulp/server/plugins.conf.d/yum_importer.json:    "proxy_username": "",
/etc/pulp/server/plugins.conf.d/yum_importer.json:    "proxy_password": ""

AFTER:

# katello-installer --katello-proxy-username admin --katello-proxy-password testing123 --katello-proxy-port 8888 --katello-proxy-url http://myproxy.example.com
Installing             Done                                               [100%] [..................] 
  Success!

# grep proxy /etc/foreman/plugins/katello.yaml /etc/pulp/server/plugins.conf.d/yum_importer.json
/etc/foreman/plugins/katello.yaml:  cdn_proxy:
/etc/foreman/plugins/katello.yaml:    host: http://myproxy.example.com
/etc/pulp/server/plugins.conf.d/yum_importer.json:    "proxy_host": "http://myproxy.example.com",
/etc/pulp/server/plugins.conf.d/yum_importer.json:    "proxy_port": 8888,
/etc/pulp/server/plugins.conf.d/yum_importer.json:    "proxy_username": "admin",
/etc/pulp/server/plugins.conf.d/yum_importer.json:    "proxy_password": "testing123"

# grep proxy /etc/rhsm/rhsm.conf 
# an http proxy server to use
proxy_hostname =
# port for http proxy server
proxy_port =
# user name for authenticating to an http proxy, if needed
proxy_user =
# password for basic http proxy auth, if needed
proxy_password =

as you can see the katello-installer properly sets these files but does not touch rhsm.conf

All,

I got this to work for Satellite 6.3.1 only via satellite-installer --upgrade --katello-proxy-url "http://10.108.75.227" --katello-proxy-port 8080 -vvvv

Manual settings as mentioned by Richard were ignored by katello-service restart

common:

...

cdn_proxy:

host: your_proxy_host

port: your_proxy_port

user: nil # this is not optional

password: nil

Now they become

:cdn_proxy:

:host: http://your_proxy_host

:port: your_proxy_port

:user:

:password:

Regards,

Jan Gerrit Kootstra

Hello Jan

I am reading the section in the Installation Guide Configuring Satellite Server with HTTP Proxy to try and see what is missing.

I see it does not say that katello-proxy-username= must be set to nill if you do not have to use authentication. Was that the critical part for you?

Thank you

Empty instead of nil was important.

I see in the 6.1 guide katello-proxy-username was said to be optional. So someone removed that but did not say to set it to nill if you have no user name and password.

Hi, If you missed to configure (or) want to do the modification to go through proxy, there is simple thing to rerun the installation script. It will modify the required settings alone in configuration files wherever it needed. Without any mess!!!

satellite-installer --scenario satellite -v --katello-proxy-url=http://xxx.xxx.xxx.xxx --katello-proxy-port=xxxx

Voila, this will fix the issue. Don't forget the restart the satellite service.

If you want to remove the proxy configuration completely then follow the below steps,

satellite-installer --scenario satellite -v --reset-katello-proxy-url= --reset-katello-proxy-port --reset-katello-proxy-username --reset-katello-proxy-password

Restart the satellite service and it will work.