Bug 1393564 - Subscribing by proxy to RHN mirror appliance fails with Apache 2.4 [NEEDINFO]
Summary: Subscribing by proxy to RHN mirror appliance fails with Apache 2.4
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Appliance
Version: 5.7.0
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: GA
: cfme-future
Assignee: Gregg Tanzillo
QA Contact: Jan Krocil
URL:
Whiteboard: appliance:server_role
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-09 21:20 UTC by Nick Carboni
Modified: 2018-01-05 23:49 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-09-15 13:53:35 UTC
Category: ---
Cloudforms Team: CFME Core
Target Upstream Version:
ncarboni: needinfo? (jhardy)


Attachments (Terms of Use)

Description Nick Carboni 2016-11-09 21:20:01 UTC
Description of problem:
The apache config file that exposes the yum repo created for rhn mirroring uses outdated configuration in the "Directory" section.

This causes clients to always receive a 403 Forbidden error when trying to access the yum repo.


To reproduce you would need to configure one appliance to pull updates from a valid subscription (subscription manager credentials should work fine) and enable the "RHN Mirror" role, which should fetch all the rpms from the selected repos needed for updating cfme-appliance and create a repo at `/repo` on the appliance.

Then add a second appliance to the region which should (eventually) subscribe "by proxy" to the rhn mirror appliance, but this process fails with a 403 when trying to access the repo.

This can be fixed by changing the permissions in the apache config for the repo virtual host from:
    Order allow,deny
    Allow from all
to:
    Require all granted

This fixes the issue.

I'm marking this as low severity because apache was updated in version 5.5 so it seems like this may not be a particularly in-demand feature. If it is more work to maintain than it is useful maybe we should remove it entirely? This possibility was originally raised as https://bugzilla.redhat.com/show_bug.cgi?id=1388951

Thoughts?

Comment 2 Nick Carboni 2016-11-09 21:26:07 UTC
John,

Looking for some input as to how useful this feature is given there are other solutions providing similar, if not identical, functionality (Satellite / Pulp); and also if we know of anyone actively relying on it.

Thanks

Comment 3 Nick Carboni 2017-09-15 13:53:35 UTC
Closing this as the feature was removed in https://github.com/ManageIQ/manageiq/pull/15156


Note You need to log in before you can comment on or make changes to this bug.