Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2158959 - Error "Capsule content source not found" when using global registration method to register a system using CNAME\SAN\LB-FQDN
Summary: Error "Capsule content source not found" when using global registration metho...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Registration
Version: 6.11.4
Hardware: All
OS: All
medium
high
Target Milestone: 6.15.0
Assignee: Leos Stejskal
QA Contact: Shweta Singh
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-01-07 06:10 UTC by Sayan Das
Modified: 2024-04-23 17:13 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2024-04-23 17:13:03 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 35926 0 Normal Closed Include SmartProxyAuth into RegistrationController 2024-02-01 15:47:45 UTC
Github Katello katello pull 10315 0 None Merged Fixes #35627 - Use proxy registration_url from Proxy in registration 2023-01-11 15:33:06 UTC
Github Katello katello pull 10409 0 None Merged Fixes #35926 - Include SmartProxyAuth into RegistrationController 2023-01-30 15:50:12 UTC
Red Hat Issue Tracker SAT-14822 0 None None None 2023-01-09 14:17:45 UTC
Red Hat Product Errata RHSA-2024:2010 0 None None None 2024-04-23 17:13:04 UTC

Description Sayan Das 2023-01-07 06:10:49 UTC 
Description of problem:

The Global Registration feature works normally fine but after generating the curl command, If we change the URL to the common name of a capsule, The URL no longer works.

It worked fine on 6.9 and 6.10. 

Version-Release number of selected component (if applicable):

Satellite 6.11 and 6.12 ( all versions )

How reproducible:

Always 100%


Steps to Reproduce:

1. Install a satellite 6.11 with fqdn sat611.example.com 

2. Install a capsule 6.11 with fqdn cap611.example.com and cname capsule.example.com

3. Enable and sync a satellite clients repo for RHEL 7 in Satellite.

4. Sync Library env to the Capsule

5. Create an activation key by the name RHEL7 having Libray and Def Org View selected.

6. Generate the global registration command using hammer_cli or UI --> Hosts --> Register Hosts page while selecting Capsule server as the Capsule.

We will end up in an URL :

curl -sS --insecure 'https://cap611.example.com:9090/register?activation_keys=RHEL7&lifecycle_environment_id=1&location_id=2&organization_id=1&setup_insights=false&setup_remote_execution=false&update_packages=false' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo0LCJpYXQiOjE2NzMwNjI0NjksImp0aSI6IjkzMGIxODQwMGI2Zjg5MjczNzA0ZTk2YzY3NmRjNmQ0NmI5ZmFmMjQ5ZTNhYTczMjgzYjg4MmMxMGU1ZjcyMWUiLCJleHAiOjE2NzMwOTQ4NjksInNjb3BlIjoicmVnaXN0cmF0aW9uI2dsb2JhbCByZWdpc3RyYXRpb24jaG9zdCJ9.mYXL-lMsVnIJ-nK2f3iFHDmc5frkSY2DE5m9XldT6cE' | bash


7. Replace cap611.example.com with capsule.example.com in the URL i.e.


curl -sS --insecure 'https://capsule.example.com:9090/register?activation_keys=RHEL7&lifecycle_environment_id=1&location_id=2&organization_id=1&setup_insights=false&setup_remote_execution=false&update_packages=false' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo0LCJpYXQiOjE2NzMwNjI0NjksImp0aSI6IjkzMGIxODQwMGI2Zjg5MjczNzA0ZTk2YzY3NmRjNmQ0NmI5ZmFmMjQ5ZTNhYTczMjgzYjg4MmMxMGU1ZjcyMWUiLCJleHAiOjE2NzMwOTQ4NjksInNjb3BlIjoicmVnaXN0cmF0aW9uI2dsb2JhbCByZWdpc3RyYXRpb24jaG9zdCJ9.mYXL-lMsVnIJ-nK2f3iFHDmc5frkSY2DE5m9XldT6cE' | bash


8. In /etc/hosts of Satellite, Capsule and a RHEL 7 system, ensure to have the following entry:

<IP of capsule>     cap611.example.com     capsule.example.com

9. Run the modified curl command from Step 7 on the RHEL 7 client system,


Actual results:


On Client system:

~~
echo "ERROR: standard_error";
echo "ERF42-3243 [Foreman::Exception]: Capsule content source not found!";
exit 1
~~

In production.log of satellite:

2023-01-07T11:06:54 [I|app|7f6dbf8b] Started GET "/register?activation_keys=RHEL7&force=true&lifecycle_environment_id=1&location_id=2&organization_id=1&setup_insights=false&setup_remote_execution=false&update_packages=false&url=https%3A%2F%2Fcapsule.example.com%3A9090" for 10.74.195.240 at 2023-01-07 11:06:54 +0530
2023-01-07T11:06:54 [I|app|7f6dbf8b] Processing by Api::V2::RegistrationController#global as HTML
2023-01-07T11:06:54 [I|app|7f6dbf8b]   Parameters: {"activation_keys"=>"RHEL7", "lifecycle_environment_id"=>"1", "location_id"=>"2", "organization_id"=>"1", "setup_insights"=>"false", "setup_remote_execution"=>"false", "update_packages"=>"false", "url"=>"https://capsule.example.com:9090", "registration"=>{}}
2023-01-07T11:06:54 [I|app|7f6dbf8b] Authorized user admin(Admin User)
2023-01-07T11:06:54 [W|app|7f6dbf8b] Action failed
2023-01-07T11:06:54 [I|app|7f6dbf8b] Backtrace for 'Action failed' error (Foreman::Exception): ERF42-3243 [Foreman::Exception]: Capsule content source not found!
 7f6dbf8b | /usr/share/gems/gems/katello-4.3.0.50/app/controllers/katello/concerns/api/v2/registration_controller_extensions.rb:40:in `smart_proxy'
 7f6dbf8b | /usr/share/gems/gems/katello-4.3.0.50/app/controllers/katello/concerns/api/v2/registration_controller_extensions.rb:31:in `context_urls'
 7f6dbf8b | /usr/share/foreman/app/controllers/concerns/foreman/controller/registration.rb:41:in `global_registration_vars'


Expected results:

No such errors and We should be able to use the CNAME or SAN of the Capsule server. 


Additional info:

* It works fine on 6.9 and 6.10 but fails on 6.11 and 6.12

* Failure happens here: https://github.com/Katello/katello/blob/KATELLO-4.3/app/controllers/katello/concerns/api/v2/registration_controller_extensions.rb#L36-L44

* I understand that It worked before in 6.9 or 6.10 as registration_controller_extensions.rb did not have any checks in place to find or validate the smart-proxy. And Yes, We never really officially said that, CNAME\SAN would work with Gloabal Registration.

* Once the rhsm helper was introduced via https://projects.theforeman.org/issues/32841 and PR https://github.com/Katello/katello/pull/9417 in Satellite 6.11, That caused the issue for both 6.11 and 6.12.

* With the implementation of https://projects.theforeman.org/issues/35627 ( and related fixes ), The Foreman 3.5.1 ( Satellite 6.13 ) works fine.
Comment 1 Sayan Das 2023-01-07 06:17:59 UTC 
I confirm that 6.13 works fine due to https://github.com/Katello/katello/pull/10315 and https://github.com/theforeman/foreman/pull/9464 ( and some other fixes )

Feature #35627: Use proxy template URL in registration - Katello - Foreman
https://projects.theforeman.org/issues/35627

Feature #35626: Use registration_url setting exposed by the Smart Proxy - Foreman
https://projects.theforeman.org/issues/35626

Feature #35639: registration_url setting for Registration module - Smart Proxy - Foreman
https://projects.theforeman.org/issues/35639


I thought I could at least get the curl part working using https://github.com/Katello/katello/pull/10315.patch but for some really odd reasons, Satellite 6.11 and 6.12 is unable to detect or use "auth_smart_proxy" from Foreman::Controller::SmartProxyAuth when called inside "registration_controller_extensions" 


2023-01-07T11:17:04 [W|app|33bf406b] Action failed
2023-01-07T11:17:04 [I|app|33bf406b] Backtrace for 'Action failed' error (NameError): undefined local variable or method `auth_smart_proxy' for #<Api::V2::RegistrationController:0x00007f84842a5728>
 33bf406b | Did you mean?  auth_source_path
 33bf406b | /usr/share/gems/gems/katello-4.5.0.20/app/controllers/katello/concerns/api/v2/registration_controller_extensions.rb:49:in `find_smart_proxy'
 33bf406b | /usr/share/gems/gems/katello-4.5.0.20/app/controllers/katello/concerns/api/v2/registration_controller_extensions.rb:39:in `smart_proxy'
 33bf406b | /usr/share/gems/gems/katello-4.5.0.20/app/controllers/katello/concerns/api/v2/registration_controller_extensions.rb:32:in `context_urls'
 33bf406b | /usr/share/foreman/app/controllers/concerns/foreman/controller/registration.rb:41:in `global_registration_vars'
 33bf406b | /usr/share/foreman/app/controllers/concerns/foreman/controller/registration.rb:7:in `find_global_registration'
 33bf406b | /usr/share/foreman/app/controllers/api/v2/registration_controller.rb:29:in `global'


The request from the end-user is to provide them with a workaround that they can use on Satellite 6.11 ( or 6.12 ) to be able to use CNAME or else, It affects their existing automation workflow.
Comment 2 Brad Buckingham 2023-01-09 14:40:33 UTC 
Hi Leos,

Can you take a look at this bugzilla?
If the issue is resolved by the fixes cited above, can you link the appropriate redmine issue(s) and update the status accordingly?

(We didn't want to change the status during triage without knowing which change would be needed to resolve the issue, as it may be desirable to include in the zstream).

Thanks!
Comment 3 Leos Stejskal 2023-01-10 08:03:17 UTC 
Hi Sayan,
can you share with me your 6.11 site where you tried to apply the patch https://github.com/Katello/katello/pull/10315.patch?
I'd like to investigate why that patch didn't helped,
from what I've seen it should be enough to make it work.
Comment 5 Leos Stejskal 2023-01-30 11:59:51 UTC 
I suggest to remove the issue from SAT 6.13 and keep it only in 6.12.
In SAT 6.13 we introduce load balancing as a feature for registration and it's fully supported there.

For 6.12 these two PRs needs to be cherry-picked:
https://github.com/Katello/katello/pull/10315
https://github.com/Katello/katello/pull/10409
Comment 7 Shweta Singh 2024-02-07 18:28:20 UTC 
Verified.

Version Tested: Satellite 6.15.0 Snap 8.0

Verification Steps:
1. Configure Satellite with FQDN and Capsule with FQDN and CNAME.
2. Generate global registration command selecting Capsule server as the Capsule.
3. Replace capsule FQDN with Capsule CNAME in the URL.
4. Update /etc/hosts for capsule FQDN and CNAME and run the modified command on host.


Result:
Command works without error.
Comment 10 errata-xmlrpc 2024-04-23 17:13:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.15.0 release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:2010
Note You need to log in before you can comment on or make changes to this bug.