Bug 1194288 - [doc] Need docs to access the provisioned host's console with encryption
Summary: [doc] Need docs to access the provisioned host's console with encryption
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Docs Provisioning Guide
Version: 6.1.0
Hardware: Unspecified
OS: Unspecified
medium
medium vote
Target Milestone: Unspecified
Assignee: Byron Gravenorst
QA Contact: David O'Brien
URL:
Whiteboard:
Depends On:
Blocks: sat61-release-notes
TreeView+ depends on / blocked
 
Reported: 2015-02-19 13:37 UTC by Kedar Bidarkar
Modified: 2019-04-01 20:26 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-04-28 00:05:52 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1173183 None None None Never

Internal Links: 1173183

Description Kedar Bidarkar 2015-02-19 13:37:42 UTC
Description of problem:
Looks like we cannot view the Hosts console any more as it now uses encryption.

By default "encryption" is now enabled.

I disabled websocket's encryption by moving to /etc/foreman/settings.yaml file 
and updating the file as below.

# Websockets
:websockets_encrypt: false
#:websockets_ssl_key: /etc/pki/katello/private/katello-apache.key
#:websockets_ssl_cert: /etc/pki/katello/certs/katello-apache.crt

Restart foreman service "service foreman restart"

So now I am interested in knowing, What is the right way to access the Hosts console with encryption enabled?



Version-Release number of selected component (if applicable):
Sat6.1 Beta snap3 compose1

How reproducible:
always

Steps to Reproduce:
1. provision host and try accessing it via the "console" button.
2.
3.

Actual results:
unable to view the hosts console

Expected results:
We should be able to view the host's console.

Additional info:

Also currently the below link still says "Currently only unencrypted connections are possible".
http://theforeman.org/manuals/1.7/index.html#7.1NoVNC 



Document URL: 

Section Number and Name: 

Describe the issue: 

Suggestions for improvement: 

Additional information:

Comment 1 Mike McCune 2015-02-20 05:20:52 UTC
This reads more like a question that should be sent to satellite6-list and not a bug since you are more interested in knowing how to configure this to get it working.  

I'd recommend asking either the upstream list:

https://groups.google.com/forum/?fromgroups#!forum/foreman-dev

or the internal satellite-tech or satellite6 lists.

Feel free to re-open if you think this is an actual bug in the code vs a configuration question.

Comment 2 Kedar Bidarkar 2015-02-20 06:21:12 UTC
The idea is to raise bugs and have at-least release notes with proper information if there is change in functionality from Sat6.0 to sat6.1

For Sat6.0 as there was no encryption enabled and for sat6.1 as encryption is required to access consoles and no documentation exists even in upstream I thought this qualifies for a bug.


It looks to me like users when moving from Sat6.0 to Sat6.1 would no longer be able to access the Hosts unless they perform some steps.

Comment 3 Kedar Bidarkar 2015-02-20 06:59:04 UTC
I am sure this will come as a surprise to the users and needs to be documented.

Comment 4 Kedar Bidarkar 2015-02-20 09:08:08 UTC
solution: https://dhcp201-160.englab.pnq.redhat.com/pub/katello-server-ca.crt needs to be imported in the browser.

for Firefox :

Edit --> Preferences --> advanced --> certificates --> View ceritifcates --> Server tab --> Import the above cert

Comment 5 Mike McCune 2015-02-20 18:10:18 UTC
Lets get the above added to the documentation that in order to access the console you are required to import the CA cert into your browser.

Comment 6 Athene Chan 2015-02-22 23:48:29 UTC
BK has set the severity to medium. As PM and Devs know, we have already planned out what content is going to go into 6.1. I cannot promise that this is possible.

Having said that though, we'll see what we can do.

Can we have more information on this? How does one "access" the console? Kedar, you said "1. provision host and try accessing it via the "console" button." Where is the console button located?

Are there any other documentation or SME we can contact to find out more about this?

Comment 7 Kedar Bidarkar 2015-02-23 12:19:07 UTC
We can see the console button as soon as we provide all the information needed in the respective fields while provisioning a "New Host". 

Otherwise,

1) Provision a "New Host"
2) Go to "ALL Hosts" --> click on a HOST to see the console button on the 'right hand', 'top side'.

The upstream foreman has updated it's documentation after this bug was raised.

http://theforeman.org/manuals/1.7/index.html#7.1NoVNC

Please refer "Encrypted Web Sockets" section along with "Known issues" section.

Update for "Encrypted Web Sockets" section for satellite6.1 :

# Websockets
:websockets_encrypt: true
:websockets_ssl_key: /etc/pki/katello/private/katello-apache.key
:websockets_ssl_cert: /etc/pki/katello/certs/katello-apache.crt

Question) How to access the provisioned host's console with encryption?

solution): Import the CA certificate located at http://<sat6-server>/pub/katello-server-ca.crt  in the web browser

Comment 9 Kedar Bidarkar 2015-02-24 06:43:14 UTC
Yeah, Docs Release Notes could help here.

Comment 11 RHEL Product and Program Management 2015-04-21 16:06:06 UTC
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

Comment 13 David O'Brien 2015-06-09 20:23:31 UTC
This is in the rel notes but I'm changing this to a Provisioning Guide doc bug because we really need this to be part of the formal doc soon.

Comment 14 Andrew Dahms 2016-01-04 06:33:08 UTC
Assigning to Byron for review.

Byron - we need to rework the content from '⁠BZ 1194288: Accessing a provisioned host's console using an encrypted connection' in [1] below into the Provisioning Guide.

I would imagine a sentence or two describing that encryption is enabled by default, and a procedure outlining how to accept the certificate.

[1] https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.1/html-single/Release_Notes/index.html#sect-Red_Hat_Satellite-Release_Notes-Provisioning_Issues

Comment 16 Stephen Wadeley 2016-04-27 20:08:03 UTC
Hello


See also

Bug 1173183 - [RFE] Add instructions for configuring VNC Console

Comment 17 Andrew Dahms 2016-04-28 00:05:52 UTC
This content is now live on the Customer Portal.

Closing.


Note You need to log in before you can comment on or make changes to this bug.