Bug 2158959

Summary: Error "Capsule content source not found" when using global registration method to register a system using CNAME\SAN\LB-FQDN
Product: Red Hat Satellite Reporter: Sayan Das <saydas>
Component: RegistrationAssignee: Leos Stejskal <lstejska>
Status: CLOSED ERRATA QA Contact: Shweta Singh <shwsingh>
Severity: high Docs Contact:
Priority: medium    
Version: 6.11.4CC: ahumbe, lstejska, shwsingh, zhunting
Target Milestone: 6.15.0Keywords: Triaged
Target Release: Unused   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-04-23 17:13:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sayan Das 2023-01-07 06:10:49 UTC 
Description of problem:

The Global Registration feature works normally fine but after generating the curl command, If we change the URL to the common name of a capsule, The URL no longer works.

It worked fine on 6.9 and 6.10. 

Version-Release number of selected component (if applicable):

Satellite 6.11 and 6.12 ( all versions )

How reproducible:

Always 100%


Steps to Reproduce:

1. Install a satellite 6.11 with fqdn sat611.example.com 

2. Install a capsule 6.11 with fqdn cap611.example.com and cname capsule.example.com

3. Enable and sync a satellite clients repo for RHEL 7 in Satellite.

4. Sync Library env to the Capsule

5. Create an activation key by the name RHEL7 having Libray and Def Org View selected.

6. Generate the global registration command using hammer_cli or UI --> Hosts --> Register Hosts page while selecting Capsule server as the Capsule.

We will end up in an URL :

curl -sS --insecure 'https://cap611.example.com:9090/register?activation_keys=RHEL7&lifecycle_environment_id=1&location_id=2&organization_id=1&setup_insights=false&setup_remote_execution=false&update_packages=false' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo0LCJpYXQiOjE2NzMwNjI0NjksImp0aSI6IjkzMGIxODQwMGI2Zjg5MjczNzA0ZTk2YzY3NmRjNmQ0NmI5ZmFmMjQ5ZTNhYTczMjgzYjg4MmMxMGU1ZjcyMWUiLCJleHAiOjE2NzMwOTQ4NjksInNjb3BlIjoicmVnaXN0cmF0aW9uI2dsb2JhbCByZWdpc3RyYXRpb24jaG9zdCJ9.mYXL-lMsVnIJ-nK2f3iFHDmc5frkSY2DE5m9XldT6cE' | bash


7. Replace cap611.example.com with capsule.example.com in the URL i.e.


curl -sS --insecure 'https://capsule.example.com:9090/register?activation_keys=RHEL7&lifecycle_environment_id=1&location_id=2&organization_id=1&setup_insights=false&setup_remote_execution=false&update_packages=false' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo0LCJpYXQiOjE2NzMwNjI0NjksImp0aSI6IjkzMGIxODQwMGI2Zjg5MjczNzA0ZTk2YzY3NmRjNmQ0NmI5ZmFmMjQ5ZTNhYTczMjgzYjg4MmMxMGU1ZjcyMWUiLCJleHAiOjE2NzMwOTQ4NjksInNjb3BlIjoicmVnaXN0cmF0aW9uI2dsb2JhbCByZWdpc3RyYXRpb24jaG9zdCJ9.mYXL-lMsVnIJ-nK2f3iFHDmc5frkSY2DE5m9XldT6cE' | bash


8. In /etc/hosts of Satellite, Capsule and a RHEL 7 system, ensure to have the following entry:

<IP of capsule>     cap611.example.com     capsule.example.com

9. Run the modified curl command from Step 7 on the RHEL 7 client system,


Actual results:


On Client system:

~~
echo "ERROR: standard_error";
echo "ERF42-3243 [Foreman::Exception]: Capsule content source not found!";
exit 1
~~

In production.log of satellite:

2023-01-07T11:06:54 [I|app|7f6dbf8b] Started GET "/register?activation_keys=RHEL7&force=true&lifecycle_environment_id=1&location_id=2&organization_id=1&setup_insights=false&setup_remote_execution=false&update_packages=false&url=https%3A%2F%2Fcapsule.example.com%3A9090" for 10.74.195.240 at 2023-01-07 11:06:54 +0530
2023-01-07T11:06:54 [I|app|7f6dbf8b] Processing by Api::V2::RegistrationController#global as HTML
2023-01-07T11:06:54 [I|app|7f6dbf8b]   Parameters: {"activation_keys"=>"RHEL7", "lifecycle_environment_id"=>"1", "location_id"=>"2", "organization_id"=>"1", "setup_insights"=>"false", "setup_remote_execution"=>"false", "update_packages"=>"false", "url"=>"https://capsule.example.com:9090", "registration"=>{}}
2023-01-07T11:06:54 [I|app|7f6dbf8b] Authorized user admin(Admin User)
2023-01-07T11:06:54 [W|app|7f6dbf8b] Action failed
2023-01-07T11:06:54 [I|app|7f6dbf8b] Backtrace for 'Action failed' error (Foreman::Exception): ERF42-3243 [Foreman::Exception]: Capsule content source not found!
 7f6dbf8b | /usr/share/gems/gems/katello-4.3.0.50/app/controllers/katello/concerns/api/v2/registration_controller_extensions.rb:40:in `smart_proxy'
 7f6dbf8b | /usr/share/gems/gems/katello-4.3.0.50/app/controllers/katello/concerns/api/v2/registration_controller_extensions.rb:31:in `context_urls'
 7f6dbf8b | /usr/share/foreman/app/controllers/concerns/foreman/controller/registration.rb:41:in `global_registration_vars'


Expected results:

No such errors and We should be able to use the CNAME or SAN of the Capsule server. 


Additional info:

* It works fine on 6.9 and 6.10 but fails on 6.11 and 6.12

* Failure happens here: https://github.com/Katello/katello/blob/KATELLO-4.3/app/controllers/katello/concerns/api/v2/registration_controller_extensions.rb#L36-L44

* I understand that It worked before in 6.9 or 6.10 as registration_controller_extensions.rb did not have any checks in place to find or validate the smart-proxy. And Yes, We never really officially said that, CNAME\SAN would work with Gloabal Registration.

* Once the rhsm helper was introduced via https://projects.theforeman.org/issues/32841 and PR https://github.com/Katello/katello/pull/9417 in Satellite 6.11, That caused the issue for both 6.11 and 6.12.

* With the implementation of https://projects.theforeman.org/issues/35627 ( and related fixes ), The Foreman 3.5.1 ( Satellite 6.13 ) works fine.
Comment 1 Sayan Das 2023-01-07 06:17:59 UTC 
I confirm that 6.13 works fine due to https://github.com/Katello/katello/pull/10315 and https://github.com/theforeman/foreman/pull/9464 ( and some other fixes )

Feature #35627: Use proxy template URL in registration - Katello - Foreman
https://projects.theforeman.org/issues/35627

Feature #35626: Use registration_url setting exposed by the Smart Proxy - Foreman
https://projects.theforeman.org/issues/35626

Feature #35639: registration_url setting for Registration module - Smart Proxy - Foreman
https://projects.theforeman.org/issues/35639


I thought I could at least get the curl part working using https://github.com/Katello/katello/pull/10315.patch but for some really odd reasons, Satellite 6.11 and 6.12 is unable to detect or use "auth_smart_proxy" from Foreman::Controller::SmartProxyAuth when called inside "registration_controller_extensions" 


2023-01-07T11:17:04 [W|app|33bf406b] Action failed
2023-01-07T11:17:04 [I|app|33bf406b] Backtrace for 'Action failed' error (NameError): undefined local variable or method `auth_smart_proxy' for #<Api::V2::RegistrationController:0x00007f84842a5728>
 33bf406b | Did you mean?  auth_source_path
 33bf406b | /usr/share/gems/gems/katello-4.5.0.20/app/controllers/katello/concerns/api/v2/registration_controller_extensions.rb:49:in `find_smart_proxy'
 33bf406b | /usr/share/gems/gems/katello-4.5.0.20/app/controllers/katello/concerns/api/v2/registration_controller_extensions.rb:39:in `smart_proxy'
 33bf406b | /usr/share/gems/gems/katello-4.5.0.20/app/controllers/katello/concerns/api/v2/registration_controller_extensions.rb:32:in `context_urls'
 33bf406b | /usr/share/foreman/app/controllers/concerns/foreman/controller/registration.rb:41:in `global_registration_vars'
 33bf406b | /usr/share/foreman/app/controllers/concerns/foreman/controller/registration.rb:7:in `find_global_registration'
 33bf406b | /usr/share/foreman/app/controllers/api/v2/registration_controller.rb:29:in `global'


The request from the end-user is to provide them with a workaround that they can use on Satellite 6.11 ( or 6.12 ) to be able to use CNAME or else, It affects their existing automation workflow.
Comment 2 Brad Buckingham 2023-01-09 14:40:33 UTC 
Hi Leos,

Can you take a look at this bugzilla?
If the issue is resolved by the fixes cited above, can you link the appropriate redmine issue(s) and update the status accordingly?

(We didn't want to change the status during triage without knowing which change would be needed to resolve the issue, as it may be desirable to include in the zstream).

Thanks!
Comment 3 Leos Stejskal 2023-01-10 08:03:17 UTC 
Hi Sayan,
can you share with me your 6.11 site where you tried to apply the patch https://github.com/Katello/katello/pull/10315.patch?
I'd like to investigate why that patch didn't helped,
from what I've seen it should be enough to make it work.
Comment 5 Leos Stejskal 2023-01-30 11:59:51 UTC 
I suggest to remove the issue from SAT 6.13 and keep it only in 6.12.
In SAT 6.13 we introduce load balancing as a feature for registration and it's fully supported there.

For 6.12 these two PRs needs to be cherry-picked:
https://github.com/Katello/katello/pull/10315
https://github.com/Katello/katello/pull/10409
Comment 7 Shweta Singh 2024-02-07 18:28:20 UTC 
Verified.

Version Tested: Satellite 6.15.0 Snap 8.0

Verification Steps:
1. Configure Satellite with FQDN and Capsule with FQDN and CNAME.
2. Generate global registration command selecting Capsule server as the Capsule.
3. Replace capsule FQDN with Capsule CNAME in the URL.
4. Update /etc/hosts for capsule FQDN and CNAME and run the modified command on host.


Result:
Command works without error.
Comment 10 errata-xmlrpc 2024-04-23 17:13:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.15.0 release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:2010