| Summary: | Subscribing by proxy to RHN mirror appliance fails with Apache 2.4 | ||
|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Nick Carboni <ncarboni> |
| Component: | Appliance | Assignee: | Gregg Tanzillo <gtanzill> |
| Status: | CLOSED WONTFIX | QA Contact: | Jan Krocil <jkrocil> |
| Severity: | low | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.7.0 | CC: | abellott, jhardy, obarenbo |
| Target Milestone: | GA | Flags: | ncarboni:
needinfo?
(jhardy) |
| Target Release: | cfme-future | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | appliance:server_role | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-09-15 13:53:35 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | CFME Core | Target Upstream Version: | |
John, Looking for some input as to how useful this feature is given there are other solutions providing similar, if not identical, functionality (Satellite / Pulp); and also if we know of anyone actively relying on it. Thanks Closing this as the feature was removed in https://github.com/ManageIQ/manageiq/pull/15156 |
Description of problem: The apache config file that exposes the yum repo created for rhn mirroring uses outdated configuration in the "Directory" section. This causes clients to always receive a 403 Forbidden error when trying to access the yum repo. To reproduce you would need to configure one appliance to pull updates from a valid subscription (subscription manager credentials should work fine) and enable the "RHN Mirror" role, which should fetch all the rpms from the selected repos needed for updating cfme-appliance and create a repo at `/repo` on the appliance. Then add a second appliance to the region which should (eventually) subscribe "by proxy" to the rhn mirror appliance, but this process fails with a 403 when trying to access the repo. This can be fixed by changing the permissions in the apache config for the repo virtual host from: Order allow,deny Allow from all to: Require all granted This fixes the issue. I'm marking this as low severity because apache was updated in version 5.5 so it seems like this may not be a particularly in-demand feature. If it is more work to maintain than it is useful maybe we should remove it entirely? This possibility was originally raised as https://bugzilla.redhat.com/show_bug.cgi?id=1388951 Thoughts?