Description of problem: Looks like we cannot view the Hosts console any more as it now uses encryption. By default "encryption" is now enabled. I disabled websocket's encryption by moving to /etc/foreman/settings.yaml file and updating the file as below. # Websockets :websockets_encrypt: false #:websockets_ssl_key: /etc/pki/katello/private/katello-apache.key #:websockets_ssl_cert: /etc/pki/katello/certs/katello-apache.crt Restart foreman service "service foreman restart" So now I am interested in knowing, What is the right way to access the Hosts console with encryption enabled? Version-Release number of selected component (if applicable): Sat6.1 Beta snap3 compose1 How reproducible: always Steps to Reproduce: 1. provision host and try accessing it via the "console" button. 2. 3. Actual results: unable to view the hosts console Expected results: We should be able to view the host's console. Additional info: Also currently the below link still says "Currently only unencrypted connections are possible". http://theforeman.org/manuals/1.7/index.html#7.1NoVNC Document URL: Section Number and Name: Describe the issue: Suggestions for improvement: Additional information:
This reads more like a question that should be sent to satellite6-list and not a bug since you are more interested in knowing how to configure this to get it working. I'd recommend asking either the upstream list: https://groups.google.com/forum/?fromgroups#!forum/foreman-dev or the internal satellite-tech or satellite6 lists. Feel free to re-open if you think this is an actual bug in the code vs a configuration question.
The idea is to raise bugs and have at-least release notes with proper information if there is change in functionality from Sat6.0 to sat6.1 For Sat6.0 as there was no encryption enabled and for sat6.1 as encryption is required to access consoles and no documentation exists even in upstream I thought this qualifies for a bug. It looks to me like users when moving from Sat6.0 to Sat6.1 would no longer be able to access the Hosts unless they perform some steps.
I am sure this will come as a surprise to the users and needs to be documented.
solution: https://dhcp201-160.englab.pnq.redhat.com/pub/katello-server-ca.crt needs to be imported in the browser. for Firefox : Edit --> Preferences --> advanced --> certificates --> View ceritifcates --> Server tab --> Import the above cert
Lets get the above added to the documentation that in order to access the console you are required to import the CA cert into your browser.
BK has set the severity to medium. As PM and Devs know, we have already planned out what content is going to go into 6.1. I cannot promise that this is possible. Having said that though, we'll see what we can do. Can we have more information on this? How does one "access" the console? Kedar, you said "1. provision host and try accessing it via the "console" button." Where is the console button located? Are there any other documentation or SME we can contact to find out more about this?
We can see the console button as soon as we provide all the information needed in the respective fields while provisioning a "New Host". Otherwise, 1) Provision a "New Host" 2) Go to "ALL Hosts" --> click on a HOST to see the console button on the 'right hand', 'top side'. The upstream foreman has updated it's documentation after this bug was raised. http://theforeman.org/manuals/1.7/index.html#7.1NoVNC Please refer "Encrypted Web Sockets" section along with "Known issues" section. Update for "Encrypted Web Sockets" section for satellite6.1 : # Websockets :websockets_encrypt: true :websockets_ssl_key: /etc/pki/katello/private/katello-apache.key :websockets_ssl_cert: /etc/pki/katello/certs/katello-apache.crt Question) How to access the provisioned host's console with encryption? solution): Import the CA certificate located at http://<sat6-server>/pub/katello-server-ca.crt in the web browser
Yeah, Docs Release Notes could help here.
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release.
This is in the rel notes but I'm changing this to a Provisioning Guide doc bug because we really need this to be part of the formal doc soon.
Assigning to Byron for review. Byron - we need to rework the content from 'BZ 1194288: Accessing a provisioned host's console using an encrypted connection' in [1] below into the Provisioning Guide. I would imagine a sentence or two describing that encryption is enabled by default, and a procedure outlining how to accept the certificate. [1] https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.1/html-single/Release_Notes/index.html#sect-Red_Hat_Satellite-Release_Notes-Provisioning_Issues
Hello See also Bug 1173183 - [RFE] Add instructions for configuring VNC Console
This content is now live on the Customer Portal. Closing.