Satellite 6: Importing repositories through an HTTP proxy?

Latest response

Folks,
The Pulp yum importer proxy settings don't seem to be working to allow me to import Redhat content into my Satellite 6 server.

I've set the /etc/pulp/server/plugins.conf.d/yum_importer.json file as follows:
{
"proxy_host": "proxy.college.edu",

"proxy_port": 8080,

"proxy_username": "",
"proxy_password": ""

}

Please let me know how I should be setting Satellite 6 up to sync content from Redhat through a standard bluecoat HTTP/S proxy.

For the Hatters here, it should be noted that the latest Install Guide makes no mention of making any of the install / deploy process proxy aware. This is problematic for most larger companies I'd wager, and the documentation should probably be amended.

Thanks!
- Kodiak

Kodiak Firesmith's picture
Log in to join the conversation

Responses

ir. Jan Gerrit Kootstra's picture Guru 6222 points
12 February 2015 3:24 PM

Kodiak,

On Satellite 5.5 we use following approach.
Use reposync via a Proxy on the Satellite server, and a local Channel load from the repository.

Might this workaround for you?

Kind regards,

Jan Gerrit Kootstra

Kodiak Firesmith's picture Expert 978 points
12 February 2015 3:34 PM

Hi Jan,
Not sure what you mean - this is Satellite 6 which is completely different code from Satellite 5.x which means nothing is similar or comparable.

In Satellite 5.x, http proxy pass-through is actually pretty easily defined in rhn.conf, hate to say it but so far the new satellite 6 system is much more opaque and difficult to set up properly.

ir. Jan Gerrit Kootstra's picture Guru 6222 points
10 October 2018 11:44 AM

Not all customer content was easily synced by Satellite 5.x itself. That is why we created a local "mirror" and pushed that content into the Satellite 5.x server. This approach also works for Satellite 6.

it Newbie 5 points
24 February 2015 9:00 AM

Running katello-installer should give you

"proxy_host": "http://proxy.college.edu"

(or https).

According to the pulp docs the key should be named "proxy_url" but in the puppet-pulp's template for yum_importer.json module (which is used by the katello-installer) it should be "proxy_host"

iC Community Member 67 points
5 July 2016 2:41 AM

The link to the pulp doc is broken ... Like most of things to the pulp doc before the latest :-/

Bryan Kearney's picture Red Hat Pro 755 points
5 July 2016 12:21 PM

The link has moved to https://docs.pulpproject.org/user-guide/index.html

Mike McCune's picture Red Hat Active Contributor 191 points
24 February 2015 1:25 PM

you can specify the proxy settings during the installation process:

katello-installer --help

...
--katello-proxy-password Proxy password for authentication (default: nil)
--katello-proxy-port Port the proxy is running on (default: nil)
--katello-proxy-url URL of the proxy server (default: nil)
--katello-proxy-username Proxy username for authentication (default: nil)
...

The Installation Guide mentions it:

https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.0/html-single/Installation_Guide/index.html#sect-Red_Hat_Satellite-Installation_Guide-Configuring_RednbspHat_Satellite_Manually_with_an_HTTP_Proxy

ri Community Member 40 points
1 June 2015 3:01 PM

That works fine for the installation, and this(?) sets the correct parameters in /etc/rhsm/rhsm.conf. However, from within the Satellite UI itself (Content > Red Hat Repositories > RPMs), not everything is honoring the proxy settings in rhsm.conf.

That is, when I drill down, I get an error -

> Red Hat Enterprise Linux 7 Server (RPMs)
 ERRORS
    There was an error attempting to retrieve the repository list:
       Connection refused - connect(2)

Should also mention that the yum command and rhsmcertd run without complaint, ie:

2015-05-31 05:56:40,458 [DEBUG] rhsmcertd-worker @connection.py:420 - Loaded CA certificates from /etc/rhsm/ca/: candlepin-stage.pem, redhat-uep.pem
2015-05-31 05:56:40,458 [DEBUG] rhsmcertd-worker @connection.py:454 - Using proxy: proxy.intranet.xxxxxxx.com:3128
2015-05-31 05:56:40,459 [DEBUG] rhsmcertd-worker @connection.py:469 - Making request: GET https://subscription.rhn.redhat.com:443/subscription/consumers/35a4a850-ed8a-4f18-85bb-8b23d0713ff3/certificates/serials
2015-05-31 05:56:41,109 [DEBUG] rhsmcertd-worker @connection.py:492 - Response: status=200
ri Community Member 40 points
1 June 2015 7:38 PM

I apologize if this is in the documentation, but I couldn't find it anywhere. I found the solution by looking at the katello cdn.rb code on github.

I noticed that there are katello proxy configuration parameters cdn_proxy.host and cdn_proxy.port that need to go in /etc/foreman/plugins/katello.yaml:

common:
    ...
    cdn_proxy:
        host: your_proxy_host
        port: your_proxy_port
        user: nil # this is not optional
        password: nil

Then restart foreman and foreman-tasks.

RM Newbie 9 points
14 December 2015 6:06 PM

Thanks Richard. This was actually more help than the "best answer" and the installation manual since neither mentioned this particular setting. I just hope people scroll down to the comments and see it.

PS Guru 6494 points
16 December 2015 12:21 PM

Cheers Richard, thanks for taking the time to weed this out of the source and post it up here!

CE Community Member 40 points
28 September 2015 1:47 PM

Thanks Richard - this helped me out tremendously!!

BG Newbie 5 points
7 April 2016 7:29 PM

Is Richard's response in addition to the json files in /etc/pulp/server/plugins.conf.d or do we only need the yaml file updated?

SW Red Hat Guru 4022 points
8 April 2016 7:33 AM

Hello, I do not know the answer but have asked a colleague about this and about Richard's answer as that is not in the Installation Guide. I'll raise a Docs Bug when I know more.

Mike McCune's picture Red Hat Active Contributor 191 points
14 April 2016 4:23 PM

The katello-installer's flags to set the proxy via the --katello-proxy-* flags sole purpose is to modify the files in:

/etc/foreman/plugins/katello.yaml
/etc/pulp/server/plugins.conf.d/yum_importer.json

the katello-installer has no effect on /etc/rhsm/rhsm.conf, that is up to the user to configure.

If you are running katello-installer with the --katello-proxy-* flags set and it is not configuring the files I mention above then there may be an issue with the installer in your environment not working properly.

Mike McCune's picture Red Hat Active Contributor 191 points
14 April 2016 4:34 PM

for example, on an existing Satellite 6.1 server that was not configured to use a proxy I ran the following:

BEFORE:

# grep proxy /etc/foreman/plugins/katello.yaml /etc/pulp/server/plugins.conf.d/yum_importer.json
/etc/pulp/server/plugins.conf.d/yum_importer.json:    "proxy_host": "",
/etc/pulp/server/plugins.conf.d/yum_importer.json:    "proxy_port": null,
/etc/pulp/server/plugins.conf.d/yum_importer.json:    "proxy_username": "",
/etc/pulp/server/plugins.conf.d/yum_importer.json:    "proxy_password": ""

AFTER:

# katello-installer --katello-proxy-username admin --katello-proxy-password testing123 --katello-proxy-port 8888 --katello-proxy-url http://myproxy.example.com
Installing             Done                                               [100%] [..................] 
  Success!

# grep proxy /etc/foreman/plugins/katello.yaml /etc/pulp/server/plugins.conf.d/yum_importer.json
/etc/foreman/plugins/katello.yaml:  cdn_proxy:
/etc/foreman/plugins/katello.yaml:    host: http://myproxy.example.com
/etc/pulp/server/plugins.conf.d/yum_importer.json:    "proxy_host": "http://myproxy.example.com",
/etc/pulp/server/plugins.conf.d/yum_importer.json:    "proxy_port": 8888,
/etc/pulp/server/plugins.conf.d/yum_importer.json:    "proxy_username": "admin",
/etc/pulp/server/plugins.conf.d/yum_importer.json:    "proxy_password": "testing123"

# grep proxy /etc/rhsm/rhsm.conf 
# an http proxy server to use
proxy_hostname =
# port for http proxy server
proxy_port =
# user name for authenticating to an http proxy, if needed
proxy_user =
# password for basic http proxy auth, if needed
proxy_password =

as you can see the katello-installer properly sets these files but does not touch rhsm.conf

ir. Jan Gerrit Kootstra's picture Guru 6222 points
18 May 2018 5:56 PM

All,

I got this to work for Satellite 6.3.1 only via satellite-installer --upgrade --katello-proxy-url "http://10.108.75.227" --katello-proxy-port 8080 -vvvv

Manual settings as mentioned by Richard were ignored by katello-service restart

common:

...

cdn_proxy:

host: your_proxy_host

port: your_proxy_port

user: nil # this is not optional

password: nil

Now they become

:cdn_proxy:

:host: http://your_proxy_host

:port: your_proxy_port

:user:

:password:

Regards,

Jan Gerrit Kootstra

SW Red Hat Guru 4022 points
21 May 2018 9:34 AM

Hello Jan

I am reading the section in the Installation Guide Configuring Satellite Server with HTTP Proxy to try and see what is missing.

I see it does not say that katello-proxy-username= must be set to nill if you do not have to use authentication. Was that the critical part for you?

Thank you

ir. Jan Gerrit Kootstra's picture Guru 6222 points
10 October 2018 11:39 AM

Empty instead of nil was important.

SW Red Hat Guru 4022 points
21 May 2018 9:39 AM

I see in the 6.1 guide katello-proxy-username was said to be optional. So someone removed that but did not say to set it to nill if you have no user name and password.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.