Satellite 6 (Disconnected) Enable RPM's SSL error
Wondering if anyone else has seen this error on Satellite 6(6.1.5). After the initial install of Satellite (default settings as far as certs go) importing our manifest, setting the CDN URL to point to the content and selecting the repositories to enable I run into this SSL error when trying to enable RPM's. "SSL_Connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed"
Looking at the foreman logs it appears that there's a error message about a self signed certificate in the chain. Just curious if anyone else has run in to this. We have to generate custom certs anyway, and hopefully this will resolve it.
Responses
I actually discovered this issue several months ago. Red Hat support created a bug on it. My last update from early December 2015: Hello Lesley, Thank you for your patience with this case. I have escalated this case to our engineering team to look at this issue. Bug 1291435 - Unable to sync ISO contents over HTTPS through Satellite 6.x webUI Will update you as soon as I receive response from them.
Correct, no fix that I'm aware of. According to the tech working the case there may be some hard-coded references back to RHN which is causing issues when your SSL hostname/url is something other than that.
Yep I've recently come across the same issue. Figured it was something to do with having an offline system, but not sure where to go from here yet.
Running RHEL Server 7.2, with Satellite 6.1.5
UPDATE: It seems that changing the Red Hat CDN URL from 'https' to 'http' works around the problem. I can now enable my repositories. Fortunately I don't need https.
Hello, I am working on Satellite Docs. I had a quick look through the Satellite 6.1 chapter Disconnected Satellite. Are you using one of the procedures there? It only uses HTTP in the examples. Do you think that needs to be emphasized?
The bug Bug 1291435 - Unable to sync ISO contents over HTTPS through Satellite 6.x webUI says the `katello-disconnected command' "will be replaced with a new export and import functions".
Yes I was using that procedure, but I was also using your best practices article: https://access.redhat.com/articles/1375133 - so I could have got https from either of those documents.
...Seems both documents now show 'http' in their examples - this wasn't the case last week.
Also, I think the example is wrong (in the main installation document). If we are using /var/www/html/pub/sat-import/ (as in # cp -ruv /mnt/iso/* /var/www/html/pub/sat-import/)
then I think the Red Hat CDN URL should be: http://server.example.com/pub/sat-import/ and not: http://server.example.com/sat-import/
Edit the file /opt/theforeman/tfm/root/usr/share/gems/katello-3.0.0.95/app/models/katello/provider.rb And replace 'cdn.redhat.com' with your own URL.
This work around is to use a https URL other than cdn.redhat.com on Satellite 6.2.8 if you have a requirement to use https over http as written in the redhat satellite documentation ...... To activate run the command katello-service restart.
In order to do a full "inter-satellite sync" as in Satellite 5. The best option is to use hammer to export the entire organization from an upstream server. Then make the export available over https or ssh and copy downstream using wget or rsync. You would then make the export available locally using apache on satellite in /var/www/html/pub/export/. Then import a manifest into your satellite and change the cdn.redhat.com url to localhost and location above using http. After all this has been done, you would select the products you need and setup sync plans to keep them up to date.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.