Description of problem: Similar to bug# 1083818, we probably need proxy config flags for capsule-installer. Version-Release number of selected component (if applicable): Satellite-6.0.3-RHEL-6-20140626.1 Steps to Reproduce: 1. katello-installer --help|grep proxy 2. capsule-installer --help|grep proxy 3. view results Actual results: [root@qeblade6 ~]# katello-installer --help|grep proxy --capsule-foreman-proxy-port Port on which will foreman proxy listen (default: 9090) --capsule-realm-keytab Kerberos keytab path to authenticate realm updates (default: "/etc/foreman-proxy/freeipa.keytab") --capsule-realm-principal Kerberos principal for realm updates (default: "realm-proxy") --capsule-register-in-foreman Register proxy back in Foreman (default: true) --katello-proxy-password Proxy password for authentication (default: nil) --katello-proxy-port Port the proxy is running on (default: nil) --katello-proxy-url URL of the proxy server (default: nil) --katello-proxy-username Proxy username for authentication (default: nil) [root@cloud-qe-22 ~]# capsule-installer --help |grep proxy --foreman-proxy-port Port on which will foreman proxy listen (default: 9090) --realm-keytab Kerberos keytab path to authenticate realm updates (default: "/etc/foreman-proxy/freeipa.keytab") --realm-principal Kerberos principal for realm updates (default: "realm-proxy") --register-in-foreman Register proxy back in Foreman (default: true) Expected results: capsule-installer should have proxy flags too, perhaps Additional info: WORKAROUND: Sync capsule stuff on a satellite and install from there. it seems unlikely a customer would need to proxy on their internal network? Product Management feedback welcome. In any case, though, installing capsule from content synced onto a satellite is a known entity and works pretty well.
WORKAROUND: The user can manually configure the Pulp proxy settings if they have a http proxy between their Capsule and their Satellite.
WORKAROUND2 WITH MORE DETAIL: The capsule can be configured to use a specific proxy for all repositories by adding the following settings to the following files: /etc/pulp/server/plugins.conf.d/iso_importer.json /etc/pulp/server/plugins.conf.d/puppet_importer.json /etc/pulp/server/plugins.conf.d/yum_importer.json { "proxy_host" : "<url>", "proxy_port" : <port>, "proxy_username" : "<username>", "proxy_password" : "<password>" } Note: These are a JSON files, so care must be taken when editing these fields. The file must also contain *ALL* the above values even if the proxy does not require a username or password. If it does not require a username or password just use: "proxy_username" : "", "proxy_password" : "" Once these files are created in the above location the user must restart all capsule related services
Support for this requires a full feature implementation. If we were to provide proxy options for a Capsule for just the Pulp part, and a user were to lockdown their Capsule's communication to only outbound port 80 they could break other functionality. I have outlined this feature here - http://projects.theforeman.org/projects/katello/wiki/CapsuleCommunication
Note: Even with the WORKAROUND in comment #3 if the user's capsule has restricted communications between the Capsule and the Satellite the settings outlined in #3 are not sufficient to have a proxy sit between the Capsule and the Satellite. See comment #5 for more information.
My vote is to close this as WONT_FIX IMHO. The whole premise is that the capsule can communicate with the Satellite. We really don't want to go down this road.
Does this still require a rel note for 6.1 and if so has it changed at all from what's listed here? thanks
We are not planning to fix this. If this is an issue, please feel free to re-open with a specific business justification.