Bug 1273806 - Capsule http port always enabled
Capsule http port always enabled
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Capsule (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified (vote)
: Unspecified
: --
Assigned To: Katello Bug Bin
Katello QA List
: Triaged
Depends On:
Blocks: 1122832
  Show dependency treegraph
Reported: 2015-10-21 05:35 EDT by Peter Vreman
Modified: 2015-11-17 10:04 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-11-17 10:04:38 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Peter Vreman 2015-10-21 05:35:35 EDT
Description of problem:
Our company has the policy to disable HTTP when possible. Currently the HTTP port 8000 is always enabled on the capsule:

[crash] root@li-lc-1578:~# lsof -P -n | grep 'foreman-proxy.*TCP'
ruby      12159 foreman-proxy    5u     IPv4            4013285        0t0        TCP *:8000 (LISTEN)
ruby      12159 foreman-proxy    6u     IPv4            4013295        0t0        TCP *:9090 (LISTEN)

This comes from the smart-proxy configuration that is generated by the katello-installer:

[crash] root@li-lc-1017:~# grep http_port /etc/foreman-proxy/settings.yml
# http is disabled by default. To enable, uncomment 'http_port' setting
:http_port: 8000

In the katello-installer there is also no option to disable it.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install Sat6
2. Check foreman proxy ports with 'lsof'
3. Check foreman proxy settings

Actual results:
Foreman proxy is using port 8000

Expected results:
HTTP is disabled by default
Option to enable HTTP

Additional info:
Comment 1 Brad Buckingham 2015-11-17 09:50:18 EST
Port 8000 is currently used by the templates feature to support provisioning as well as capsule isolation.  Until all anaconda versions support https, we need to support serving the templates over http.  We may be able to change this in the future.

If provisioning is not desired, the port could be turned off by using the following installer options:
--capsule-foreman-proxy-http=false --capsule-templates=off
Comment 3 Peter Vreman 2015-11-17 10:04:38 EST
Ok, i see the option in the katello-installer of Sat6.1.3.
BZ be closed as it is supported to disable during the installation.

Note You need to log in before you can comment on or make changes to this bug.