Escalated to Bugzilla from IssueTracker
Event posted on 12-03-2009 07:07am EST by vgaikwad Hello Paresh, I think I've found what the issue is and this indeed looks like a bug to me. Following is what I understood looking at the code flow and I've also proposed the possible fix. For baremetal kickstarts we do the following: com.redhat.rhn.frontend.action.kickstart.KickstartIpRangeAction: //Create the kickstart urls to display String host = helper.getKickstartHost(); KickstartUrlHelper urlHelper = new KickstartUrlHelper(cmd.getKickstartData(), host); request.setAttribute(URL, urlHelper.getKickstartFileUrl()); request.setAttribute(URLRANGE, urlHelper.getKickstartFileUrlIpRange()); request.setAttribute(RANGES, displayList); return strutsDelegate.forwardParams(mapping.findForward("default"), params); KickstartHelper and KickstartUrlHelper are responsible for changing the Kickstart URLs. com/redhat/rhn/frontend/action/kickstart/KickstartHelper.java: /** * Get the kickstart host to use. Will use the host of the proxy if the header is * present. If not the code then resorts to getting the cobbler hostname from our * rhn.conf Config. * * @return String representing the Kickstart Host */ public String getKickstartHost() { log.debug("KickstartHelper.getKickstartHost()"); // Example proxy header: // X-RHN-Proxy-Auth : 1006681409::1151513167.96:21600.0:VV/xF // NEmCYOuHxEBAs7BEw==:fjs-0-08.rhndev.redhat.com,1006681408 // ::1151513034.3:21600.0:w2lm+XWSFJMVCGBK1dZXXQ==:fjs-0-11. // rhndev.redhat.com,1006678487::1152567362.02:21600.0:t15l // gsaTRKpX6AxkUFQ11A==:fjs-0-12.rhndev.redhat.com String proxyHeader = request.getHeader(XRHNPROXYAUTH); log.debug("X-RHN-Proxy-Auth : " + proxyHeader); getKickstartHost() - checks for the 'X-RHN-Proxy-Auth' header coming from the HTTP request, if you are trying to access the URL from a RHN Proxy it will substitute all the ksurls with the RHN Proxy FQDN, if the header is null it will user the getCobblerHost() which is our RHN Satellite server FQDN. Now, coming to the Cobbler Kickstart Profiles: code/src/com/redhat/rhn/manager/kickstart/KickstartUrlHelper.java: /** * Get the cobbler profile url * @param data the kickstart data * @return the url */ public static String getCobblerProfileUrl(KickstartData data) { Profile prof = Profile.lookupById( CobblerXMLRPCHelper.getAutomatedConnection(), data.getCobblerId()); return "http://" + Config.get().getCobblerHost() + COBBLER_URL_BASE_PATH + prof.getName(); } The getCobblerProfileUrl() doesnt check for the RHN Proxy header and it uses the getCobblerHost() call which is the cobbler server i.e your RHN Satellite FQDN. I think we should call the getKickstartHost() here instead of getCobblerHost(). Or another approach would be to: code/src/com/redhat/rhn/frontend/action/kickstart/KickstartFileDownloadAction.java: protected void setupFormValues(RequestContext ctx, DynaActionForm form, BaseKickstartCommand cmdIn) { HttpServletRequest request = ctx.getRequest(); KickstartFileDownloadCommand cmd = (KickstartFileDownloadCommand) cmdIn; KickstartData data = cmd.getKickstartData(); KickstartUrlHelper urlHelper = new KickstartUrlHelper( data, Config.get().getCobblerHost()); KickstartHelper helper = new KickstartHelper(request); In setupFormValues() instead of calling 'Config.get().getCobblerHost()' we should call 'KickstartHelper.getKickstartHost()' Sending this to engineering for their opinion. regards, This event sent from IssueTracker by vgaikwad [SEG - RHN] issue 371237
So this is a tad complicated because /cblr/svc/op/ks/* do not go through satellite code at all, it goes straight to cobbler. The best solution would probably be to intercept this on the proxy and redirect to a different URL on the satellite. Will think about this a bit more.
So I've got a fix for this. It requires two changes, one to the java code and other to the proxy's http config files. Since there's no way to update the proxy's config files automatically, once the fix is released for 5.3 it will require the customer to either a) re-install the proxy (or install a new one) b) modify a http config file on the proxy manually The file needing modification is /etc/httpd/conf.d/cobbler-proxy.conf Simply add the following line to the *top* of the file (NOT THE BOTTOM): RewriteRule ^/cblr/svc/op/ks/(.*)$ /download/$0 [P,L] Basically what this does is rewrites all /cblr/svc/op/ks/FOO urls to /download/cblr/svc/op/ks/FOO. This then gets redirected to the satellite which fetches /cblr/svc/op/ks/FOO from the cobbler server and does the rewrite. Fixed in Spacewalk master: 4020f83a33f6a4ecb332b0af67f956810ba9fab3 a11267710081ed3d70f41d67b631e8dc053ce625
# VERIFIED The fix goes okey now: HTTP access to the http://<FQDN_proxy>/cblr/svc/op/ks/profile/profile-name>:<org ID>:<orgname> now brings the ks file correctly with the URLs replaced by the proxy's FQDN. provisioning of the systems through this URL works correctly as well: systems get provisioned and registered to the satellite correctly. Checked against RHEL 4 AS, RHEL 5 servers.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2010-0105.html