Bug 1316598 - [RFE] Satellite 6.2 Remote Execution provider not based on SSH-keys
Summary: [RFE] Satellite 6.2 Remote Execution provider not based on SSH-keys
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Remote Execution
Version: 6.2.0
Hardware: Unspecified
OS: Unspecified
high vote
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Peter Ondrejka
: 1362309 1393470 1615758 (view as bug list)
Depends On:
Blocks: 1353215 1124977
TreeView+ depends on / blocked
Reported: 2016-03-10 14:52 UTC by Benjamin Chardi
Modified: 2021-12-10 14:36 UTC (History)
26 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Last Closed: 2020-05-22 14:50:09 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 24714 0 Normal New Support for non-ssh agent provider 2021-02-19 15:09:47 UTC
Red Hat Bugzilla 1131296 1 None None None 2021-08-30 13:31:14 UTC
Red Hat Bugzilla 1416167 0 medium CLOSED [RFE] Host collection package installation via katello-agent shows no failed tasks 2021-12-10 15:10:28 UTC
Red Hat Bugzilla 1418993 0 unspecified CLOSED [RFE] Bulk actions does not create task for updating packages via katello-agent 2021-09-09 12:06:55 UTC

Internal Links: 1131296 1416167 1418993

Description Benjamin Chardi 2016-03-10 14:52:45 UTC
Dear Friends,

As puppetlabs and Red Hat announced in the following releases of puppet, "puppet kick" will be deprecated and no more puppetruns will able to be pushed from Satellite 6 on clients. Indeed in Satellite 6.1.X puppetruns executed via Satellite are disabled.

For one of our biggest customer in Spain this is a big issue because now we are running on demand puppetruns via satellite6 using puppet kick method. Now we have 1 Satellite 6.0.8 central server (+1 DR), 8 capsules 6.0.8 and around 4000 clients.

The solution for this issue is the use of "Remote Execution" feature provided on Satellite 6.2 so we are planing to migrate our satellite 6.0.8 infra to satellite 6.2, but again we have faced another problem, in the first implementation of "Remote Execution" in Satellite 6.2.X only SSH will be used as provider and oir customer has completely forbidden to use ssh keys between servers (keep in mind that this is a bank).  So again we are blocked, we must wait to satellite 6.3 to be able to use Remote Execution with AMPQ or Salt Stack as providers (because SSH and Ansible are using SSH-Keys) so the questions for as are the following:

* Can you certify to us that AMPQ or Salt Stack Remote execution providers are not using SSH-keys ?

* Is any chance to implement AMPQ or Salt Stack Remote execution providers on Satellite 6.2.X in order to do not wait until Satellite 6.3 ? (Our satellite 6 infra upgrade is blocked because of this issue)

Many thanks in advence

Comment 3 Ivan Necas 2016-08-02 12:53:23 UTC
*** Bug 1362309 has been marked as a duplicate of this bug. ***

Comment 11 Ivan Necas 2017-04-13 10:05:05 UTC
Based on other priorities, work on this has been postponed during the last few months, but the engineering team plans to start looking into this again in next weeks time and we should have better estimates on when it's realistic to deliver based on that. I expect it would not be part of 6.3 GA, but should be possible to backport in 6.3.z stream, depending on when the 6.3 will be released. Anyway, this is quite rough estimation: we will know better after we get more into details, also taking into account some scalability improvements, that are related to this

Comment 12 Bryan Kearney 2017-05-10 12:55:10 UTC
As Ivan said, I would not expect to see this any earlier than a 6.3 zStream.

Comment 13 Bryan Kearney 2017-08-11 12:50:49 UTC
Reudcing from Urgent. PM, copied, is aware of the priority of this request.

Comment 14 Johan Bergström 2017-10-05 13:07:50 UTC
Also need this, ssh from capsules/satellite server towards hosts is prohibited from a network security policy point of view, need a "more secure" transport. AMPQ as in an already existing message queue would be preffered I guess.

Comment 15 Bryan Kearney 2018-01-18 19:50:29 UTC
*** Bug 1393470 has been marked as a duplicate of this bug. ***

Comment 20 Martin Juhl 2018-03-13 10:08:41 UTC
+1 on this from a security POV

Comment 22 Adam Ruzicka 2018-08-14 08:10:34 UTC
*** Bug 1615758 has been marked as a duplicate of this bug. ***

Comment 23 Ivan Necas 2018-08-27 10:53:04 UTC
Connecting redmine issue https://projects.theforeman.org/issues/24714 from this bug

Comment 31 Bryan Kearney 2020-05-22 14:50:09 UTC
Thank you for your interest in Satellite 6. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this, please do not reopen. Instead, feel free to contact Red Hat Technical Support. Thank you.

Note You need to log in before you can comment on or make changes to this bug.