Description of problem: Systems built through isolated capsule are unable to properly retrieve the GPG key of a custom package repository from the capsule. Version-Release number of selected component (if applicable): Client: RHEL 6.6 Capsule: RHEL 7.1 with the following Satellite 6.1 Beta packages: pulp-katello-0.3-4.el7sat.noarch katello-ca-consumer-slvdcrvsat02.nfcu.net-1.0-1.noarch katello-certs-tools-2.2.1-1.el7sat.noarch katello-debug-2.2.0.8-1.el7sat.noarch foreman-debug-1.7.2.15-1.el7sat.noarch katello-installer-base-2.3.5-1.el7sat.noarch katello-agent-2.2.3-1.el7sat.noarch katello-default-ca-1.0-1.noarch katello-server-ca-1.0-1.noarch foreman-selinux-1.7.2.13-1.el7sat.noarch foreman-proxy-1.7.2.4-1.el7sat.noarch Satellite: RHEL 7.1 with Satellite 6.1 Beta How reproducible: Everytime Steps to Reproduce: 1. Configure repository with custom gpg key 2. Publish and Promote repository 3. Build and/or subscribe system via activiation key to the Content View 4. Attempt to install any package from the custom repository Actual results: Package fails to install with the following errors warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID 64de1bb2: NOKEY Retrieving key from https://<CAPSULE SERVER NAME>/katello/api/repositories/10/gpg_key_content GPG key retrieval failed: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found" Expected results: Download of custom GPG key from capsule as well as package installation. Additional info: Capsule is running in reverse proxy mode as was suggested via the satellite-beta mailing list # cat /etc/capsule-installer/answers.capsule-installer.yaml | grep reverse reverse_proxy: true
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release.
Hey Will, Was the Satellite a fresh install or did you try the upgrade from 6.0? Try running this on the Satellite and see if it resolves the problem: foreman-rake katello:upgrades:2.2:update_gpg_key_urls
This was a fresh installation of Satellite 6.1 beta as well as the capsules. rake execution output # foreman-rake katello:upgrades:2.2:update_gpg_key_urls Importing GPG Key Urls to support Capsule Communication Same result on a client built/subscribed to the capsule. Is this ok [y/N]: y Downloading Packages: warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID 64de1bb2: NOKEY Retrieving key from https://slvdclvprx02.nfcutest.net/katello/api/repositories/10/gpg_key_content GPG key retrieval failed: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 404 Not Found"
Created redmine issue http://projects.theforeman.org/issues/10616 from this bug
Relevant module PRS: https://github.com/Katello/puppet-pulp/pull/66 https://github.com/Katello/puppet-capsule/pull/47
Moving to POST since upstream bug http://projects.theforeman.org/issues/10616 has been closed ------------- Justin Sherrill Applied in changeset commit:katello-installer|4a8be016b48e0d810eceb37303967d95440b4e18.
fixed PR here: https://gitlab.sat.lab.tlv.redhat.com/satellite6/katello-installer/merge_requests/18
Verified with sat6.1 GA snap8 (RC1) GPG key URLs updated and pointing to isolated capsule not to satellite server. I can fetch/install the packages from capsule to client host. [Default_Organization_fake_fake_zoo1] metadata_expire = 1 sslclientcert = /etc/pki/entitlement/5528938802549671068.pem baseurl = https://sat61-capsule-rhel66.usersys.redhat.com/pulp/repos/Default_Organization/dev/cv_rhel66_sat61/custom/fake/fake_zoo1 sslverify = 1 name = fake_zoo1 sslclientkey = /etc/pki/entitlement/5528938802549671068-key.pem gpgkey = https://sat61-capsule-rhel66.usersys.redhat.com/katello/api/repositories/40/gpg_key_content enabled = 1 sslcacert = /etc/rhsm/ca/katello-server-ca.pem gpgcheck = 1 [root@sat6-client-rhel66 yum.repos.d]# yum install cow -y Loaded plugins: product-id, security, subscription-manager Setting up Install Process Default_Organization_fake_fake_zoo1 | 2.1 kB 00:00 Default_Organization_rhel6_custom_rhel66 | 2.5 kB 00:00 Default_Organization_sat61_capsule_sat61_capsule_rhel66 | 2.1 kB 00:00 Default_Organization_sat61_tools_sat61_tools_rhel66 | 2.1 kB 00:00 Resolving Dependencies --> Running transaction check ---> Package cow.noarch 0:2.2-3 will be installed --> Finished Dependency Resolution Dependencies Resolved ====================================================================================================================================================== Package Arch Version Repository Size ====================================================================================================================================================== Installing: cow noarch 2.2-3 Default_Organization_fake_fake_zoo1 2.4 k Transaction Summary ====================================================================================================================================================== Install 1 Package(s) Total download size: 2.4 k Installed size: 42 Downloading Packages: cow-2.2-3.noarch.rpm | 2.4 kB 00:00 warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID f78fb195: NOKEY Retrieving key from https://sat61-capsule-rhel66.usersys.redhat.com/katello/api/repositories/40/gpg_key_content Importing GPG key 0xF78FB195: Userid: "Dummy Packages Generator <admin.com>" From : https://sat61-capsule-rhel66.usersys.redhat.com/katello/api/repositories/40/gpg_key_content Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Warning: RPMDB altered outside of yum. Installing : cow-2.2-3.noarch 1/1 Default_Organization_rhel6_custom_rhel66/productid | 1.6 kB 00:00 Verifying : cow-2.2-3.noarch 1/1 Installed: cow.noarch 0:2.2-3 Complete! [root@sat6-client-rhel66 yum.repos.d]# rpm -qa | grep cow cow-2.2-3.noarch [root@sat6-client-rhel66 yum.repos.d]#
This bug is slated to be released with Satellite 6.1.
This bug was fixed in version 6.1.1 of Satellite which was released on 12 August, 2015.