Bug 1168268

Summary: 'atomic upgrade' should use proxy defined in /etc/rhsm.conf
Product: Red Hat Enterprise Linux 7 Reporter: Karl Hastings <kasmith>
Component: subscription-managerAssignee: candlepin-bugs
Status: CLOSED ERRATA QA Contact: John Sefler <jsefler>
Severity: low Docs Contact:
Priority: unspecified    
Version: 7.0CC: alikins, crog, jmolet, kasmith
Target Milestone: rcKeywords: Extras
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 11:48:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1121117, 1133060    

Description Karl Hastings 2014-11-26 14:37:08 UTC 
Description of problem:
If I've configured an atomic host to use a proxy for subscription-manager, atomic/rpm-ostree should use this proxy to download updates.

Version-Release number of selected component (if applicable):
rpm-ostree-client-2014.108-2.atomic.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. configure required proxy in /etc/rhnsm/rhsm.conf
2. 'atomic upgrade'
3.

Actual results:
Updating from: rhel-atomic-host-beta-ostree:rhel-atomic-host/7/x86_64/standard


error: Error resolving 'cdn.redhat.com': Name or service not known

Expected results:
Updating from: rhel-atomic-host-beta-ostree:rhel-atomic-host/7/x86_64/standard


Copying /etc changes: 14 modified, 1 removed, 16 added
Transaction complete; bootconfig swap: no deployment count change: 0
Changed:
  audit-2.4-1.el7.x86_64
  audit-libs-2.4-1.el7.x86_64
  audit-libs-python-2.4-1.el7.x86_64
  docker-1.2.0-1.8.el7.x86_64
  kernel-3.10.0-123.9.2.el7.x86_64
  kubernetes-0.4-368.0.git8e1d416.el7.x86_64
  ostree-2014.9-3.atomic.el7.x86_64
  ostree-grub2-2014.9-3.atomic.el7.x86_64
  python-rhsm-1.13.6-1.el7.x86_64
  rpm-ostree-client-2014.109-2.atomic.el7.x86_64
  subscription-manager-1.13.7-1.el7.x86_64
  subscription-manager-plugin-ostree-1.13.7-1.el7.x86_64
  tzdata-2014i-1.el7.noarch
Removed:
  redhat-release-atomic-host-7.0-20140925.0.atomic.el7.x86_64
Added:
  docker-storage-setup-0.0.3-1.el7.noarch
  keyutils-1.5.8-3.el7.x86_64
  libnfsidmap-0.25-9.el7.x86_64
  libtirpc-0.2.4-0.3.el7.x86_64
  nfs-utils-1:1.3.0-0.el7.x86_64
  quota-1:4.01-11.el7.x86_64
  quota-nls-1:4.01-11.el7.noarch
  redhat-release-atomic-host-beta-7.0-20141024.0.atomic.el7.1.x86_64
  rpcbind-0.2.0-23.el7.x86_64
  subscription-manager-plugin-container-1.13.7-1.el7.x86_64
  tcp_wrappers-7.6-77.el7.x86_64
Updates prepared for next boot; run "systemctl reboot" to start a reboot


Additional info:
It *does* honor the http_proxy environment variable, but configuration should be consistent.
Comment 1 Karl Hastings 2014-11-26 14:39:16 UTC 
*** Bug 1168265 has been marked as a duplicate of this bug. ***
Comment 3 Colin Walters 2015-03-18 15:04:22 UTC 
subman can write out the "proxy=" key in the repository configuration for this.
Comment 4 Karl Hastings 2015-08-04 21:05:24 UTC 
considering this only has pm_ack+ what's the likelihood it's going to make 7.2?
Comment 5 Adrian Likins 2015-09-21 20:27:09 UTC 
github master pr at https://github.com/candlepin/subscription-manager/pull/1301
Comment 6 Adrian Likins 2015-09-24 18:19:20 UTC 
github master:
commit e58e8bda598bd4dcc06163cf7342f7372d6fadb2
Author: Adrian Likins <alikins>
Date:   Mon Sep 21 16:10:53 2015 -0400

    1168268: Add rhsm.conf proxy info to ostree repo
    
    This extract the proxy port, hostname, username, password
    from rhsm.conf to the ostree repo's 'proxy' setting.
Comment 8 J.C. Molet 2015-10-05 15:50:11 UTC 
This works as far as I can tell, using the latest atomic image (20151001.4) with subscription manager 1.15.9-13.el7 and this fix:

# cat /etc/rhsm/rhsm.conf | grep proxy | grep -v \#
proxy_hostname = auto-services.usersys.redhat.com
proxy_port = 3128
proxy_user = redhat
proxy_password = redhat

# subscription-manager register
Username:
Password:
Registering to: subscription.rhn.redhat.com:443/subscription
The system has been registered with ID: 1d27eec1-4913-4bed-b5ae-82fa3d4c7857

# subscription-manger list --available --all

... snip ...

Subscription Name:   OpenShift Enterprise, Standard (1-2 Sockets)
Provides:            Red Hat Beta
                     Red Hat OpenShift Enterprise
                     Red Hat OpenShift Enterprise Application Node
                     Red Hat Software Collections (for RHEL Server)
                     JBoss Enterprise Web Server
                     Oracle Java (for RHEL Server)
                     Red Hat OpenShift Enterprise Client Tools
                     Red Hat Enterprise Linux Server
                     Red Hat Enterprise Linux Atomic Host
                     Red Hat Software Collections Beta (for RHEL Server)
SKU:                 MCT2863
Contract:            10725799
Pool ID:             8a85f9814e0ab1b0014e2660c6231b43
Provides Management: No
Available:           Unlimited
Suggested:           1
Service Level:       Standard
Service Type:        L1-L3
Subscription Type:   Stackable
Ends:                06/24/2016
System Type:         Virtual

... snip ...

# subscription-manager attach --pool=8a85f9814e0ab1b0014e2660c6231b43
Successfully attached a subscription for: OpenShift Enterprise, Standard (1-2 Sockets)

# cat /etc/ostree/remotes.d/redhat.conf 
[remote "rhel-atomic-host-ostree"]
url = https://cdn.redhat.com/content/dist/rhel/atomic/7/7Server/x86_64/ostree/repo
gpg-verify = false
tls-client-cert-path = /etc/pki/entitlement/3387804783801015369.pem
tls-client-key-path = /etc/pki/entitlement/3387804783801015369-key.pem
tls-ca-path = /etc/rhsm/ca/redhat-uep.pem
proxy = http://redhat:redhat@auto-services.usersys.redhat.com:3128


This shows that subscription-manager wrote out the proxy it used to the ostree config file properly.  It does not show that the atomic upgrade actually uses this proxy  as atomic upgrade seems to be broken on this build.  I would recommend that an atomic QE team perform a full end to end test to assure that this is properly working and will make it in an actual atomic release.
Comment 9 J.C. Molet 2015-10-05 19:18:48 UTC 
Marking this verified as the subman piece seems to be working, Placing a NEEDINFO on it so this can be tested doing a real atomic upgrade to see if it fully works.
Comment 11 errata-xmlrpc 2015-11-19 11:48:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2122.html