Why Global Registration method requires the access to port 80 to be opened for the Red Hat Satellite server?

Solution Verified - Updated -

Environment

  • Red Hat Satellite 6

Issue

  • When trying to register a system with Red Hat Satellite using the Global Registration process, The registration completes but

    • Shows one of the following error messages:

      Refreshing subscription data
All local data refreshed
curl: (7) Failed to connect to satellite.example.com port 80: No route to host
Host [host.example.com] successfully configured, but failed to set built status.
Successfully updated the system facts.

      Refreshing subscription data
All local data refreshed
curl: (7) Failed to connect to satellite.example.com port 80: Connection timed out
Host [host.example.com] successfully configured, but failed to set built status.
Successfully updated the system facts.

    • The host profile remains in Build mode.

  • Refering to the Table 1.3. Satellite Server incoming traffic, It suggests that port 80 is required to be opened along with port 443, for registering hosts to the Red Hat Satellite. Why does port 80 need to be opened, since it would result in insecure connectivity?

Resolution

Root Cause

  • The Global Registration method of registration comprises of several underlying actions which are not only responsible for registration but also perform some post-registration work e.g. registering with insights or setting up SSH keys for remote execution etc or installing additional packages etc.

  • To be able to do so, The host profile needs to be put into build mode and at the very end it needs to be put out of build mode.

  • When it's time to put the host out of build mode, the following command would be executed where the /unattended/built endpoint is based on http but not https i.e.

    # curl --silent --show-error -o /dev/null --noproxy '*' 'http://satellite.example.com/unattended/built?token=<build token for the host profile>'

    and hence, the concerned Red Hat Satellite server needs to be able to accept the incoming traffic on port 80 ( i.e. http ).

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments