Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1114083 - [RFE] Capsule should support running behind a proxy
Summary: [RFE] Capsule should support running behind a proxy
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Foreman Proxy
Version: 6.0.3
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: Unspecified
Assignee: Eric Helms
QA Contact: Katello QA List
David O'Brien
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-06-27 16:41 UTC by Corey Welton
Modified: 2019-07-11 08:02 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-02-16 18:26:47 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Corey Welton 2014-06-27 16:41:49 UTC 
Description of problem:
Similar to bug# 1083818, we probably need proxy config flags for capsule-installer.

Version-Release number of selected component (if applicable):
Satellite-6.0.3-RHEL-6-20140626.1


Steps to Reproduce:
1. katello-installer --help|grep proxy
2. capsule-installer --help|grep proxy
3. view results

Actual results:
[root@qeblade6 ~]# katello-installer --help|grep proxy
    --capsule-foreman-proxy-port  Port on which will foreman proxy listen (default: 9090)
    --capsule-realm-keytab        Kerberos keytab path to authenticate realm updates (default: "/etc/foreman-proxy/freeipa.keytab")
    --capsule-realm-principal     Kerberos principal for realm updates (default: "realm-proxy")
    --capsule-register-in-foreman  Register proxy back in Foreman (default: true)
    --katello-proxy-password      Proxy password for authentication (default: nil)
    --katello-proxy-port          Port the proxy is running on (default: nil)
    --katello-proxy-url           URL of the proxy server (default: nil)
    --katello-proxy-username      Proxy username for authentication (default: nil)

[root@cloud-qe-22 ~]# capsule-installer --help |grep proxy
    --foreman-proxy-port          Port on which will foreman proxy listen (default: 9090)
    --realm-keytab                Kerberos keytab path to authenticate realm updates (default: "/etc/foreman-proxy/freeipa.keytab")
    --realm-principal             Kerberos principal for realm updates (default: "realm-proxy")
    --register-in-foreman         Register proxy back in Foreman (default: true)


Expected results:
capsule-installer should have proxy flags too, perhaps

Additional info:
WORKAROUND: Sync capsule stuff on a satellite and install from there.  it seems unlikely a customer would need to proxy on their internal network?  Product Management feedback welcome.  In any case, though, installing capsule from content synced onto a satellite is a known entity and works pretty well.
Comment 2 Mike McCune 2014-08-14 14:04:31 UTC 
WORKAROUND:

The user can manually configure the Pulp proxy settings if they have a http proxy between their Capsule and their Satellite.
Comment 3 Mike McCune 2014-08-27 01:38:09 UTC 
WORKAROUND2 WITH MORE DETAIL:

The capsule can be configured to use a specific proxy for all repositories by adding the following settings to the following files:

/etc/pulp/server/plugins.conf.d/iso_importer.json
/etc/pulp/server/plugins.conf.d/puppet_importer.json
/etc/pulp/server/plugins.conf.d/yum_importer.json


{
 "proxy_host" : "<url>",
 "proxy_port" : <port>,
 "proxy_username" : "<username>",
 "proxy_password" : "<password>"
}

Note:

These are a JSON files, so care must be taken when editing these fields.  The file must also contain *ALL* the above values even if the proxy does not require a username or password.  If it does not require a username or password just use:

 "proxy_username" : "",
 "proxy_password" : ""

Once these files are created in the above location the user must restart all capsule related services
Comment 5 Eric Helms 2014-10-29 12:56:52 UTC 
Support for this requires a full feature implementation. If we were to provide proxy options for a Capsule for just the Pulp part, and a user were to lockdown their Capsule's communication to only outbound port 80 they could break other functionality. I have outlined this feature here - http://projects.theforeman.org/projects/katello/wiki/CapsuleCommunication
Comment 6 Mike McCune 2014-10-31 16:02:43 UTC 
Note: Even with the WORKAROUND in comment #3 if the user's capsule has restricted communications between the Capsule and the Satellite the settings outlined in #3 are not sufficient to have a proxy sit between the Capsule and the Satellite.

See comment #5 for more information.
Comment 7 Justin Sherrill 2015-03-20 14:37:16 UTC 
My vote is to close this as WONT_FIX IMHO.  The whole premise is that the capsule can communicate with the Satellite.  We really don't want to go down this road.
Comment 8 David O'Brien 2015-06-16 05:50:28 UTC 
Does this still require a rel note for 6.1 and if so has it changed at all from what's listed here?

thanks
Comment 9 Bryan Kearney 2016-02-16 18:26:47 UTC 
We are not planning to fix this. If this is an issue, please feel free to re-open with a specific business justification.
Note You need to log in before you can comment on or make changes to this bug.