"Oops, we're sorry but something went wrong A backend service [ Candlepin ] is unreachable" error in Satellite's web UI when using customized cryptographic policy on Red Hat Satellite 6.11 server
Environment
- Red Hat Satellite 6.11
- Red Hat Linux 8.x
Issue
After setting a customized cryptographic policy DEFAULT:EXAMPLE on Red Hat Satellite 6.11 server, where EXAMPLE is defined in /usr/share/crypto-policies/policies/modules/EXAMPLE.pmod:
hash = -SHA1
mac = -HMAC-SHA1
cipher@SSH = -*-CBC
and rebooting the server, login to Satellite's web UI fails with the following error:
Oops, we're sorry but something went wrong A backend service [ Candlepin ] is unreachable
Resolution
-
Set back the cryptographic policy to
DEFAULT:# update-crypto-policies --set DEFAULT -
Reboot the Satellite server to apply the
DEFAULTcryptographic policy. -
Remove the following line from
/usr/share/crypto-policies/policies/modules/EXAMPLE.pmod:mac = -HMAC-SHA1so that
/usr/share/crypto-policies/policies/modules/EXAMPLE.pmodwill look like:# cat /usr/share/crypto-policies/policies/modules/EXAMPLE.pmod hash = -SHA1 cipher@SSH = -*-CBC -
Set the cryptographic policy to
DEFAULT:EXAMPLE:# update-crypto-policies --set DEFAULT:RAPID7 -
Reboot the Satellite server to apply the
DEFAULT:EXAMPLEcryptographic policy.
For more KB articles/solutions related to Red Hat Satellite 6.x Candlepin Issues, please refer to the Consolidated Troubleshooting Article for Red Hat Satellite 6.x Candlepin Issues
Root Cause
Red Hat Satellite uses the HMAC-SHA1 algorithm for message authentication.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.