This reads more like a question that should be sent to satellite6-list and not a bug since you are more interested in knowing how to configure this to get it working.  

I'd recommend asking either the upstream list:

https://groups.google.com/forum/?fromgroups#!forum/foreman-dev

or the internal satellite-tech or satellite6 lists.

Feel free to re-open if you think this is an actual bug in the code vs a configuration question.

The idea is to raise bugs and have at-least release notes with proper information if there is change in functionality from Sat6.0 to sat6.1

For Sat6.0 as there was no encryption enabled and for sat6.1 as encryption is required to access consoles and no documentation exists even in upstream I thought this qualifies for a bug.


It looks to me like users when moving from Sat6.0 to Sat6.1 would no longer be able to access the Hosts unless they perform some steps.

I am sure this will come as a surprise to the users and needs to be documented.

solution: https://dhcp201-160.englab.pnq.redhat.com/pub/katello-server-ca.crt needs to be imported in the browser.

for Firefox :

Edit --> Preferences --> advanced --> certificates --> View ceritifcates --> Server tab --> Import the above cert

Lets get the above added to the documentation that in order to access the console you are required to import the CA cert into your browser.

BK has set the severity to medium. As PM and Devs know, we have already planned out what content is going to go into 6.1. I cannot promise that this is possible.

Having said that though, we'll see what we can do.

Can we have more information on this? How does one "access" the console? Kedar, you said "1. provision host and try accessing it via the "console" button." Where is the console button located?

Are there any other documentation or SME we can contact to find out more about this?

We can see the console button as soon as we provide all the information needed in the respective fields while provisioning a "New Host". 

Otherwise,

1) Provision a "New Host"
2) Go to "ALL Hosts" --> click on a HOST to see the console button on the 'right hand', 'top side'.

The upstream foreman has updated it's documentation after this bug was raised.

http://theforeman.org/manuals/1.7/index.html#7.1NoVNC

Please refer "Encrypted Web Sockets" section along with "Known issues" section.

Update for "Encrypted Web Sockets" section for satellite6.1 :

# Websockets
:websockets_encrypt: true
:websockets_ssl_key: /etc/pki/katello/private/katello-apache.key
:websockets_ssl_cert: /etc/pki/katello/certs/katello-apache.crt

Question) How to access the provisioned host's console with encryption?

solution): Import the CA certificate located at http://<sat6-server>/pub/katello-server-ca.crt  in the web browser

Yeah, Docs Release Notes could help here.

Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

This is in the rel notes but I'm changing this to a Provisioning Guide doc bug because we really need this to be part of the formal doc soon.

Assigning to Byron for review.

Byron - we need to rework the content from '⁠BZ 1194288: Accessing a provisioned host's console using an encrypted connection' in [1] below into the Provisioning Guide.

I would imagine a sentence or two describing that encryption is enabled by default, and a procedure outlining how to accept the certificate.

[1] https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.1/html-single/Release_Notes/index.html#sect-Red_Hat_Satellite-Release_Notes-Provisioning_Issues

Hello


See also

Bug 1173183 - [RFE] Add instructions for configuring VNC Console

This content is now live on the Customer Portal.

Closing.