[Satellite6] How to configure candlepin to accept requests from command line?

Solution Verified - Updated

Environment

  • Red Hat Satellite 6
  • candlepin (any version)

Issue

  • need to debug/replay some particular GET/PUT request against candlepin
  • how to configure it to accept client connections other than OAuth from katello or virt-who?

Resolution

Follow this procedure only in case being advised by Red Hat Support, and revert back the configuration changes once done. Unauthorized access to candlepin could have severe impact to subscription information kept by Satellite.

The procedure itself:

  • add admin:admin credentials to candlepin's postgres DB:
su - postgres -c "psql candlepin -c \"insert into cp_user ( id, hashedpassword, superadmin, username ) values ('1','e3e80f61a902ceca245e22005dffb4219ac1c5f7','t','admin');\""

  • for security reasons, it makes sense to create user with different password and different hash. If you are concerned by this, please contact Red Hat Support to provide a valid pair of password/hash instead of the above one.

  • reconfigure candlepin to authenticate that user by changing in /etc/candlepin/candlepin.conf (set *.enable=true on 2 places and comment out one line):

candlepin.auth.basic.enable=true
candlepin.auth.trusted.enable=true
..
#module.config.adapter_module=org.candlepin.katello.KatelloModule
  • apply the change by restarting Tomcat:
service tomcat restart
  • try it (use proper consumer's / katello system's UUID or any other valid URI):
curl -u admin:admin -ks https://127.0.0.1:23443/candlepin/consumers/e456cc6d-7638-48c5-8bec-184e5f588ab7

(some older candlepin versions listen on port 8443 instead of 23443)

For more KB articles/solutions related to Red Hat Satellite 6.x Candlepin Issues, please refer to the Consolidated Troubleshooting Article for Red Hat Satellite 6.x Candlepin Issues

SBR
Product(s)
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.