Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-13964

Error "no certificate or crl found" when using a http proxy as "Default Http Proxy" for content syncing or manifest operations in Satellite 6.12

XMLWordPrintable

    • Sprint 108, Sprint 109, Sprint 110, Sprint 111, Sprint 112, Sprint 113, Sprint 114, Sprint 115, Sprint 116
    • Critical
    • Yes

      Description of problem:

      Satellite 6.12 cannot work with an http proxy whereas the same proxy can be used with Satellite 6.11.4 and works great.

      Version-Release number of selected component (if applicable):

      Satellite 6.12.0

      How reproducible:

      100%

      Steps to Reproduce:

      1. Install a squid proxy server and run it on http://10.74.XXX.XX:3128

      2. Install a Satellite 6.12

      3. Import a subscription manifest

      4. Create an HTTP proxy inside the Infrastructure --> HttP Proxies page using http://10.74.XXX.XX:3128 as the URL.

      5. Set that as a "Default HTTP Proxy" in Administer --> Settings --> Content Tab

      6. Access the Content --> Subscriptions page

      7. Try expanding \ checking any repository set from Content --> Red Hat Repositories page

      Actual results:

      Step 6

      • UI Shows "no certificate or crl found"
      • Satellite never even connects to proxy
      • Production.log has this traceback

      2022-11-19T00:11:19 [E|app|ee15f1b2] Katello::HttpErrors::BadRequest: no certificate or crl found
      ee15f1b2 | /usr/share/gems/gems/katello-4.5.0.20/app/controllers/katello/api/v2/api_controller.rb:271:in `rescue in check_upstream_connection'
      ee15f1b2 | /usr/share/gems/gems/katello-4.5.0.20/app/controllers/katello/api/v2/api_controller.rb:268:in `check_upstream_connection'
      ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:428:in `block in make_lambda'
      ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:200:in `block (2 levels) in halting'
      ee15f1b2 | /usr/share/gems/gems/actionpack-6.0.4.7/lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>'
      ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:201:in `block in halting'
      ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:513:in `block in invoke_before'

      Step 7

      • UI shows "No Repositories available"
      • Satellite never even connects to the proxy
      • production.log shows the following traceback for the Actions::Katello::RepositorySet::ScanCdn task

      2022-11-19T00:12:25 [E|bac|8732f73b] no certificate or crl found (OpenSSL::X509::StoreError)
      8732f73b | /usr/share/foreman/lib/foreman/util.rb:37:in `add_file'
      8732f73b | /usr/share/foreman/lib/foreman/util.rb:37:in `block in add_ca_bundle_to_store'
      8732f73b | /usr/share/ruby/tempfile.rb:291:in `open'
      8732f73b | /usr/share/foreman/lib/foreman/util.rb:34:in `add_ca_bundle_to_store'
      8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/katello/resources/cdn.rb:53:in `initialize'
      8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/katello/resources/cdn.rb:67:in `new'
      8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/katello/resources/cdn.rb:67:in `create'
      8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/models/katello/product.rb:219:in `cdn_resource'
      8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/actions/katello/repository_set/scan_cdn.rb:38:in `cdn_var_substitutor'
      8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/actions/katello/repository_set/scan_cdn.rb:30:in `fetch_results'
      8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/actions/katello/repository_set/scan_cdn.rb:24:in `run'
      8732f73b | /usr/share/gems/gems/dynflow-1.6.4/lib/dynflow/action.rb:582:in `block (3 levels) in execute_run'
      8732f73b | /usr/share/gems/gems/dynflow-1.6.4/lib/dynflow/middleware/stack.rb:27:in `pass'
      8732f73b | /usr/share/gems/gems/dynflow-1.6.4/lib/dynflow/middleware.rb:19:in `pass'

      Expected results:

      No such issues

      Additional info:

              rhn-engineering-paji Partha Aji
              satellite-focaccia-bot Focaccia Bot
              Ian Ballou Ian Ballou
              Vladimír Sedmík Vladimír Sedmík
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: