Bug 1288817 - [RFE] Capsule should listen for RHSM requests on port 443, like Satellite does
[RFE] Capsule should listen for RHSM requests on port 443, like Satellite does
Status: NEW
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Installer (Show other bugs)
x86_64 All
medium Severity high (vote)
: GA
: --
Assigned To: satellite6-bugs
Katello QA List
: FutureFeature, Improvement, PrioBumpGSS, Triaged
Depends On:
Blocks: 1353215
  Show dependency treegraph
Reported: 2015-12-06 04:20 EST by Pavel Moravec
Modified: 2018-04-27 17:25 EDT (History)
17 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Foreman Issue Tracker 17367 None None None 2016-11-16 11:08 EST
Red Hat Knowledge Base (Solution) 2076813 None None None Never

  None (edit)
Description Pavel Moravec 2015-12-06 04:20:07 EST
Description of problem:
While Satellite listens for RHSM requests (of clients machine registered to it) on port 443, an external Capsule (offering just a subset of Satellite functionality) has separate port 8443 dedicated for it.

This is confusing and can easily introduce registration issues - in fact it already happened and believe me it is nontrivial to investigate why client host fails to register to Capsule (if trying to connect to port 443 that sounds logically correct but wrong due to wrong rhsm.conf setting).

Moving the listening port back to 443 will gain these pros:
- logical coherence where _any_ client machine within Satellite deployment registers to - this prevents misconfiguration issues due to lack of knowing the exception / rule with port 8443
- simplified firewall setting
- simplified POSTIN script in katello-ca-consumer RPM

Version-Release number of selected component (if applicable):
Sat 6.1.4 (i fact any Sat6)

How reproducible:

Steps to Reproduce:
1. Install Sat, Caps, register content host to Sat and to Caps
2. Check what port the clients use for RHSM communication (i.e. rhsm.conf on clients)

Actual results:
clients registered to Sat talk via port 443
clients registered to Caps talk via port 8443

Expected results:
any client to talk to its "server" (Sat or Caps) via port 443

Additional info:
Once implemented, documentation needs to be updated - at least firewall setting
Comment 2 Pavel Moravec 2015-12-06 09:02:40 EST
To make the picture little bit more confusing: port 8443 is set only when using pulp or reverse proxy feature on the Capsule. If neither one is used, then client machines communicate to the Capsule via port 443.

This is non-sense. Why port number of communication depends on the type of deployment?

Further, this fact makes communication matrix invalid.

(to check I am right: see /usr/share/katello-installer/modules/capsule/manifests/init.pp:

  $reverse_proxy_real = $pulp or $reverse_proxy

  $rhsm_port = $reverse_proxy_real ? {
    true  => $reverse_proxy_port,
    false => '443'

where reverse_proxy_port defaults to 8443)
Comment 3 Stephen Benjamin 2016-03-17 15:10:33 EDT
After talking to the team, we're going to move this to 6.3.  We plan to look at simplifying the ports required for the capsule, and can take care of this as part of that.
Comment 5 Bryan Kearney 2016-08-04 16:17:40 EDT
Moving 6.2 bugs out to sat-backlog.
Comment 7 Stephen Benjamin 2016-11-16 11:08:30 EST
Created redmine issue http://projects.theforeman.org/issues/17367 from this bug

Note You need to log in before you can comment on or make changes to this bug.