Bug 1326186 - [RFE] Capsule should serve /pub on ports 80 and 443 as Satellite does
Summary: [RFE] Capsule should serve /pub on ports 80 and 443 as Satellite does
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Capsule
Version: 6.1.8
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-12 06:04 UTC by Evgeni Golov
Modified: 2020-04-15 14:26 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-07-17 20:01:32 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Evgeni Golov 2016-04-12 06:04:03 UTC
Description of problem:
While Satellite serves /pub to clients on port 80 and 443, an external Capsule (offering just a subset of Satellite functionality) has the same served via 80 and 8443.

While serving /pub via HTTPS is probably not the most important feature of Satellite/Capsule, it is a nice way to distribute files to the clients.

Moving the listening port back to 443 will gain these pros:
- logical coherence where _any_ client machine within Satellite deployment talks to
- simplified firewall setting


Version-Release number of selected component (if applicable):
Sat 6.1.8 (in fact any Sat6)


How reproducible:
100%

Comment 1 Evgeni Golov 2016-04-12 08:08:50 UTC
thinking again: no, proxying /pub is wrong as the capsule will drop own RPMs there.

Comment 2 Bryan Kearney 2016-07-26 18:59:46 UTC
Moving 6.2 bugs out to sat-backlog.

Comment 4 Evgeni Golov 2017-02-10 06:00:46 UTC
Hey,

so it is not as easy as I initially thought, but I still think that the feature is valuable.

We use /pub for e.g. serving bootstrap.py in an easy accessible manner to the clients. Now we also install katello-client-bootstrap on capsules, so the vanilla version will be served equally at http://sat/pub/ and on http://caps/pub/.

Now bootstrap is a thing that customers might want to adjust to their specific needs (and not all of them just send PRs upstream ;)). This would then mean that they have to place bootstrap-hacked.py on every capsule (if the satellite is not reachable from the client).

A solution for the customer might be using the (not very documented) proxy on https://caps:8443/ to reach the satellite. But then they have to distinguish whether to access caps:8443 or sat:80 if they have clients on the satellite directly.

Having the client fetch http://whatever/pub-global/ which is always proxied to /pub on the satellite (= on the satellite it is just an alias) would allow the customer not to care much what "whatever" is in terms of running Satellite component.

Does that make sense?

Comment 5 Bryan Kearney 2017-02-10 13:19:21 UTC
It does, thanks. Moving this to an RFE per your description, but keeping it.

Comment 6 Bryan Kearney 2018-07-17 20:01:32 UTC
This has been available since 6.3. Closing this out as Current Release.


Note You need to log in before you can comment on or make changes to this bug.