Bug 1807151
Summary: | capsule sync failed on Docker content DKR1008: Could not find registry API at https://satellite.example:5000 (Katello::Errors::PulpError) | ||
---|---|---|---|
Product: | Red Hat Satellite | Reporter: | Ganesh Payelkar <gpayelka> |
Component: | Installation | Assignee: | Eric Helms <ehelms> |
Status: | CLOSED ERRATA | QA Contact: | Devendra Singh <desingh> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.7.0 | CC: | dkliban, ekohlvan, jsherril, zhunting |
Target Milestone: | 6.7.0 | Keywords: | Regression, Triaged |
Target Release: | Unused | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | foreman-installer-1.24.1.20-1 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-14 13:38:54 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ganesh Payelkar
2020-02-25 17:42:25 UTC
It looks like this change broke this: https://projects.theforeman.org/issues/28043 We are configuring crane's CA cert to be the server ca, while we're using an uber cert to authenticate against it generated from the default CA. Ewoud, thoughts on this? That sounds like a misconfiguration and should be configuring Katello to expect the right certificate. The question is what the right certificate is. As a user it makes a lot more sense to me be presented the server certificate because your docker/podman is more likely to have the server certificate present than the default CA. If I'm wrong, I'll gladly hear it. The main apache server is configured with: SSLCertificateChainFile "/etc/pki/katello/certs/katello-server-ca.crt" SSLCACertificateFile "/etc/pki/katello/certs/katello-default-ca.crt" I'd expect crane to be configured similarly ? Unless you mean that that is also wrong? (In reply to Justin Sherrill from comment #10) > The main apache server is configured with: > > SSLCertificateChainFile "/etc/pki/katello/certs/katello-server-ca.crt" > SSLCACertificateFile "/etc/pki/katello/certs/katello-default-ca.crt" > > I'd expect crane to be configured similarly ? Unless you mean that that is > also wrong? This is what I would expect to see for crane as well. Created redmine issue https://projects.theforeman.org/issues/29278 from this bug Upstream bug assigned to ehelms Moving this bug to POST for triage into Satellite 6 since the upstream issue https://projects.theforeman.org/issues/29278 has been resolved. Verification step: Satellite Version: 6.7 Snap16 1. Create a product and then create a docker repo for https://registry.access.redhat.com with Docker upstream rhel 2. Sync the repo, Repository synced completed successfully. 3- Trigger capsule sync and it also completed successfully # hammer capsule content synchronize --id 2 [..........................................................................................................................................................................................................] [100%] Mar 24 03:23:22 capsule-upgrade pulp: urllib3.connectionpool:INFO: [e3a341c5] Starting new HTTPS connection (34): satellite.com Mar 24 03:23:22 capsule-upgrade pulp: nectar.downloaders.threaded:INFO: [e3a341c5] Download succeeded: https://satellite.com:5000/v2/default_organization-dev-test_container_1112-docker_test-docker_repo_test/manifests/7.2-84. Mar 24 03:23:22 capsule-upgrade pulp: nectar.downloaders.threaded:INFO: [e3a341c5] Download succeeded: https://satellite.com:5000/v2/default_organization-dev-test_container_1112-docker_test-docker_repo_test/manifests/7.7. Mar 24 03:23:22 capsule-upgrade pulp: urllib3.connectionpool:INFO: [e3a341c5] Resetting dropped connection: satellite.com Mar 24 03:23:22 capsule-upgrade pulp: nectar.downloaders.threaded:INFO: [e3a341c5] Download succeeded: https://satellite.com:5000/v2/default_organization-dev-test_container_1112-docker_test-docker_repo_test/manifests/**********************************. Mar 24 03:23:22 capsule-upgrade pulp: nectar.downloaders.threaded:INFO: [e3a341c5] Download succeeded: https://satellite.com:5000/v2/default_organization-dev-test_container_1112-docker_test-docker_repo_test/manifests/**********************************. Mar 24 03:23:22 capsule-upgrade pulp: celery.worker.strategy:INFO: Received task: pulp.server.async.tasks._queue_reserved_task[d5a6487c-67b5-4417-acff-f381bedcdb74] Didn't get any error message in satellite's crane logs. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1454 |