Bug 543879

Event posted on 12-03-2009 07:07am EST by vgaikwad

Hello Paresh,

I think I've found what the issue is and this indeed looks like a bug to
me. Following is what I understood looking at the code flow and I've also
proposed the possible fix.

For baremetal kickstarts we do the following:
com.redhat.rhn.frontend.action.kickstart.KickstartIpRangeAction:

//Create the kickstart urls to display

        String host = helper.getKickstartHost();
        KickstartUrlHelper urlHelper = new
KickstartUrlHelper(cmd.getKickstartData(), host);

        request.setAttribute(URL, urlHelper.getKickstartFileUrl());
        request.setAttribute(URLRANGE,
urlHelper.getKickstartFileUrlIpRange());

        request.setAttribute(RANGES, displayList);

        return
strutsDelegate.forwardParams(mapping.findForward("default"),
                params);

KickstartHelper and KickstartUrlHelper are responsible for changing the
Kickstart URLs. 

com/redhat/rhn/frontend/action/kickstart/KickstartHelper.java:

/**
     * Get the kickstart host to use. Will use the host of the proxy if
the header is 
     * present. If not the code then resorts to getting the cobbler
hostname from our
     * rhn.conf Config.
     * 
     * @return String representing the Kickstart Host
     */
    public String getKickstartHost() {
        log.debug("KickstartHelper.getKickstartHost()");

        // Example proxy header:
        // X-RHN-Proxy-Auth : 1006681409::1151513167.96:21600.0:VV/xF
        // NEmCYOuHxEBAs7BEw==:fjs-0-08.rhndev.redhat.com,1006681408
        // ::1151513034.3:21600.0:w2lm+XWSFJMVCGBK1dZXXQ==:fjs-0-11.
        // rhndev.redhat.com,1006678487::1152567362.02:21600.0:t15l
        // gsaTRKpX6AxkUFQ11A==:fjs-0-12.rhndev.redhat.com

        String proxyHeader = request.getHeader(XRHNPROXYAUTH);
        log.debug("X-RHN-Proxy-Auth : " + proxyHeader);

getKickstartHost() - checks for the 'X-RHN-Proxy-Auth' header coming
from the HTTP request, if you are trying to access the URL from a RHN
Proxy it will substitute all the ksurls with the RHN Proxy FQDN, if the
header is null it will user the getCobblerHost() which is our RHN
Satellite server FQDN.

Now, coming to the Cobbler Kickstart Profiles:

code/src/com/redhat/rhn/manager/kickstart/KickstartUrlHelper.java:

/**
     * Get the cobbler profile url
     * @param data the kickstart data
     * @return the url
     */
    public static String getCobblerProfileUrl(KickstartData data) {
        Profile prof = Profile.lookupById(
                CobblerXMLRPCHelper.getAutomatedConnection(),
                        data.getCobblerId());
        return "http://" + Config.get().getCobblerHost() +
COBBLER_URL_BASE_PATH +
                    prof.getName();
    }

The getCobblerProfileUrl() doesnt check for the RHN Proxy header and it
uses the getCobblerHost() call which is the cobbler server i.e your RHN
Satellite FQDN.

I think we should call the getKickstartHost() here instead of
getCobblerHost().

Or another approach would be to:

code/src/com/redhat/rhn/frontend/action/kickstart/KickstartFileDownloadAction.java:

 protected void setupFormValues(RequestContext ctx,
            DynaActionForm form, BaseKickstartCommand cmdIn) {
        HttpServletRequest request = ctx.getRequest();
        KickstartFileDownloadCommand cmd = (KickstartFileDownloadCommand)
cmdIn;
        KickstartData data = cmd.getKickstartData();

        KickstartUrlHelper urlHelper = new KickstartUrlHelper(
                data, Config.get().getCobblerHost());
        KickstartHelper helper = new KickstartHelper(request);

In setupFormValues() instead of calling 'Config.get().getCobblerHost()'
we should call 'KickstartHelper.getKickstartHost()'

Sending this to engineering for their opinion.

regards,


This event sent from IssueTracker by vgaikwad  [SEG - RHN]
 issue 371237

So this is a tad complicated because /cblr/svc/op/ks/* do not go through satellite code at all, it goes straight to cobbler. The best solution would probably be to intercept this on the proxy and redirect to a different URL on the satellite.  Will think about this a bit more.

So I've got a fix for this.  It requires two changes, one to the java code and other to the proxy's http config files.  Since there's no way to update the proxy's config files automatically, once the fix is released for 5.3 it will require the customer to either 

a) re-install the proxy (or install a new one)
b) modify a http config file on the proxy manually

The file needing modification is /etc/httpd/conf.d/cobbler-proxy.conf

Simply add the following line to the *top* of the file (NOT THE BOTTOM):

RewriteRule ^/cblr/svc/op/ks/(.*)$ /download/$0 [P,L]


Basically what this does is rewrites all /cblr/svc/op/ks/FOO urls to /download/cblr/svc/op/ks/FOO.  This then gets redirected to the satellite which fetches /cblr/svc/op/ks/FOO from the cobbler server and does the rewrite.  


 
Fixed in Spacewalk master:
4020f83a33f6a4ecb332b0af67f956810ba9fab3
a11267710081ed3d70f41d67b631e8dc053ce625

# VERIFIED

The fix goes okey now:
HTTP access to the http://<FQDN_proxy>/cblr/svc/op/ks/profile/profile-name>:<org ID>:<orgname> now brings the ks file correctly with the URLs replaced by the proxy's FQDN.

provisioning of the systems through this URL works correctly as well: systems get provisioned and registered to the satellite correctly.

Checked against RHEL 4 AS, RHEL 5 servers.

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2010-0105.html