Bug 1302894
Summary: | [behind proxy] 'oc rsh' and 'oc exec' fail behind an authenticated proxy | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Michael A. Cleverly <michael.cleverly> | ||||||||
Component: | oc | Assignee: | Fabiano Franz <ffranz> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | Wei Sun <wsun> | ||||||||
Severity: | medium | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | 3.1.0 | CC: | aos-bugs, Brandon.Richins, ederevea, erich, jokerman, michael.cleverly, mmccomas, tdawson, veer, xtian, xxia, yapei | ||||||||
Target Milestone: | --- | ||||||||||
Target Release: | --- | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2016-05-12 16:27:30 UTC | Type: | Bug | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Attachments: |
|
Description
Michael A. Cleverly
2016-01-28 22:07:52 UTC
Created attachment 1119496 [details] localhost proxy to add missing Proxy-Authorization header Usage: Modify lines 8-10 of bug-1302894-workaround.tcl with your authenticated proxy information, then run ./bug-1302894-workaround.tcl In another Window: export set http_proxy=http://localhost:8080 export set https_proxy=http://localhost:8080 Then run: oc rsh $POD This will take the credentials provided from oc's first CONNECT request and include them with the second allowing the 'oc rsh' (or 'oc exec') command to work. Comment on attachment 1119496 [details] localhost proxy to add missing Proxy-Authorization header Usage: Edit lines 8-10 of bug-1302894-workaround.tcl to specify your authenticated proxy Run ./bug-1302894-workaround.tcl In another window, run: export set http_proxy=http://user:pass@localhost:8080 export set https_proxy=http://user:pass@localhost:8080 oc rsh $POD Created attachment 1119500 [details]
--v=9 level logging with workaround in place
Created attachment 1119501 [details]
--v=9 level logging WITHOUT workaround
Verified against latest Origin, the bug is fixed. The latest version of OSE has not yet merged the fix in. Will verify against OSE when it merged. Verified against latest OSE, versions are: oc v3.1.1.905 kubernetes v1.2.0-alpha.7-703-gbc4550d Verification steps: 1. (If there is no existing one) prepare a proxy server that needs authentication 1> $ sudo yum install squid 2> $ sudo htpasswd -c /etc/squid/passwd xxia 3> $ sudo vi /etc/squid/squid.conf # Add the following lines in proper places: auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd acl SSL_ports port 8443 acl squid_user proxy_auth xxia http_access allow squid_user 4> $ sudo service squid restart 2. oc login and create project 3. Create pod (from new app) $ oc new-app -f origin/examples/sample-app/application-template-stibuild.json 4. Check `oc rsh`, `oc exec` behind authenticated proxy 1> $ export http_proxy=xxia:<password>@<proxy server>:3128 $ export https_proxy=xxia:<password>@<proxy server>:3128 2> $ oc rsh database-1-uqnvn bash-4.2$ $ oc exec database-1-uqnvn ls /etc/hosts /etc/hosts Actual results: 4.2 Both `oc rsh`, `oc exec` commands succeed. The bug is fixed, so move it to VERIFIED. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2016:1064 |