Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1288817 - [RFE] Capsule should listen for RHSM requests on port 443, like Satellite does
Summary: [RFE] Capsule should listen for RHSM requests on port 443, like Satellite does
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Installation
Version: 6.1.4
Hardware: x86_64
OS: All
medium
high
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Devendra Singh
URL:
Whiteboard:
Depends On:
Blocks: 1353215
TreeView+ depends on / blocked
 
Reported: 2015-12-06 09:20 UTC by Pavel Moravec
Modified: 2024-10-01 16:02 UTC (History)
20 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-01-15 20:30:31 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 17367 0 Normal New Capsule should listen for RHSM requests on port 443, like Satellite does 2021-02-02 01:35:37 UTC
Red Hat Knowledge Base (Solution) 2076813 0 None None None Never

Description Pavel Moravec 2015-12-06 09:20:07 UTC 
Description of problem:
While Satellite listens for RHSM requests (of clients machine registered to it) on port 443, an external Capsule (offering just a subset of Satellite functionality) has separate port 8443 dedicated for it.

This is confusing and can easily introduce registration issues - in fact it already happened and believe me it is nontrivial to investigate why client host fails to register to Capsule (if trying to connect to port 443 that sounds logically correct but wrong due to wrong rhsm.conf setting).

Moving the listening port back to 443 will gain these pros:
- logical coherence where _any_ client machine within Satellite deployment registers to - this prevents misconfiguration issues due to lack of knowing the exception / rule with port 8443
- simplified firewall setting
- simplified POSTIN script in katello-ca-consumer RPM


Version-Release number of selected component (if applicable):
Sat 6.1.4 (i fact any Sat6)


How reproducible:
100%


Steps to Reproduce:
1. Install Sat, Caps, register content host to Sat and to Caps
2. Check what port the clients use for RHSM communication (i.e. rhsm.conf on clients)


Actual results:
clients registered to Sat talk via port 443
clients registered to Caps talk via port 8443


Expected results:
any client to talk to its "server" (Sat or Caps) via port 443


Additional info:
Once implemented, documentation needs to be updated - at least firewall setting
Comment 2 Pavel Moravec 2015-12-06 14:02:40 UTC 
To make the picture little bit more confusing: port 8443 is set only when using pulp or reverse proxy feature on the Capsule. If neither one is used, then client machines communicate to the Capsule via port 443.

This is non-sense. Why port number of communication depends on the type of deployment?

Further, this fact makes communication matrix invalid.

(to check I am right: see /usr/share/katello-installer/modules/capsule/manifests/init.pp:

  $reverse_proxy_real = $pulp or $reverse_proxy

  $rhsm_port = $reverse_proxy_real ? {
    true  => $reverse_proxy_port,
    false => '443'
  }

where reverse_proxy_port defaults to 8443)
Comment 3 Stephen Benjamin 2016-03-17 19:10:33 UTC 
After talking to the team, we're going to move this to 6.3.  We plan to look at simplifying the ports required for the capsule, and can take care of this as part of that.
Comment 5 Bryan Kearney 2016-08-04 20:17:40 UTC 
Moving 6.2 bugs out to sat-backlog.
Comment 7 Stephen Benjamin 2016-11-16 16:08:30 UTC 
Created redmine issue http://projects.theforeman.org/issues/17367 from this bug
Comment 16 Bryan Kearney 2019-12-03 16:34:45 UTC 
The Satellite Team is attempting to provide an accurate backlog of bugzilla requests which we feel will be resolved in the next few releases. We do not believe this bugzilla will meet that criteria, and have plans to close it out in 1 month. This is not a reflection on the validity of the request, but a reflection of the many priorities for the product. If you have any concerns about this, feel free to contact Red Hat Technical Support or your account team. If we do not hear from you, we will close this bug out. Thank you.
Comment 19 Bryan Kearney 2020-01-15 20:30:31 UTC 
Thank you for your interest in Satellite 6. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this, please do not reopen. Instead, feel free to contact Red Hat Technical Support. Thank you.
Note You need to log in before you can comment on or make changes to this bug.