Bug 1314835

Summary: [RFE] add proxy support to azure-armrest
Product: Red Hat CloudForms Management Engine Reporter: Chris Pelland <cpelland>
Component: ProvidersAssignee: Daniel Berger <dberger>
Status: CLOSED ERRATA QA Contact: Jeff Teehan <jteehan>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.5.0CC: bascar, bsorota, carnott, cpelland, dajohnso, dberger, jfrey, jhardy, jprause, mfeifer, ncatling, obarenbo, ptavares, ssainkar
Target Milestone: GAKeywords: FutureFeature, ZStream
Target Release: 5.5.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: azure:proxy
Fixed In Version: 5.5.3.2 Doc Type: Enhancement
Doc Text:
Feature request to add proxy support to azure-armrest as there was no way to specify a proxy for http requests in the azure-armrest gem. Accordingly, http_proxy support has been added for authenticating to Azure.
 Story Points: ---
Clone Of: 1309477 Environment:
Last Closed: 2016-04-13 18:45:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1309477    
Bug Blocks:    
Attachments:
Description Flags
passes proxy settings, if any, when connecting to Azure
none
Latest version of azure-armrest gem
none
Latest version of azure-armrest gem none

Comment 1 Bronagh Sorota 2016-03-07 15:02:18 UTC 
Colin,
Right now the customer would set the http_proxy information in vmdb.tmpl.yml and it is not provider specific. This means that if they add an Amazon provider in the future they would have to use the same http proxy for both Amazon and Azure.

thanks
Comment 2 Bronagh Sorota 2016-03-07 15:22:46 UTC 
What version of the azure-armrest gem is installed on the appliance?
Comment 3 Bronagh Sorota 2016-03-07 18:46:12 UTC 
Colin,
Can you also find out if ENV[‘http_proxy’] is currently being used for anything? Looks like we will need that to be set for the Azure StorageAccounts to use the proxy settings.
Comment 4 CFME Bot 2016-03-07 19:05:32 UTC 
https://github.com/ManageIQ/manageiq/pull/7142
Comment 6 Bronagh Sorota 2016-03-09 13:57:37 UTC 
Created attachment 1134532 [details]
passes proxy settings, if any, when connecting to Azure

Hi Colin,

Attached is a tar file containing a patch. This needs to be opened inside the manageiq directory. It will extract the following file:
app/models/manageiq/providers/azure/cloud_manager.rb

In addition, the customer must install the latest version of the azure-armrest gem (0.1.3).
Comment 7 CFME Bot 2016-03-09 16:41:00 UTC 
New commit detected on ManageIQ/manageiq/master:
https://github.com/ManageIQ/manageiq/commit/9391564d2c99b06c651a120963f6e0fa64c1e0e0

commit 9391564d2c99b06c651a120963f6e0fa64c1e0e0
Author:     Bronagh Sorota <bsorota>
AuthorDate: Mon Mar 7 11:48:55 2016 -0500
Commit:     Bronagh Sorota <bsorota>
CommitDate: Mon Mar 7 13:53:58 2016 -0500

    http_proxy support for authenticating to Azure
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1314835

 app/models/manageiq/providers/azure/cloud_manager.rb | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)
Comment 8 Bronagh Sorota 2016-03-09 19:38:18 UTC 
Created attachment 1134629 [details]
Latest version of azure-armrest gem

This gem is the latest version of the azure-armrest gem with a version set to 0.0.8 for compatibility. It can be installed as follows:

- gem install -i /opt/rh/cfme-gemset —ignore-dependencies -l azure-armrest-0.0.8.gem
- bundle show azure-armrest
- restarting the appliance.
Comment 9 Bronagh Sorota 2016-03-09 19:45:17 UTC 
this patch contains 2 attachments:
1) attachment 1134629 [details] 
2) attachment 1134532 [details]

Both are required. Please refer only to the instructions attached to 1134629 for modifying the azure-armrest gem.
Comment 10 Daniel Berger 2016-03-11 15:38:37 UTC 
Created attachment 1135268 [details]
Latest version of azure-armrest gem

This adds ssl_version and ssl_verify options, and defaults to TLSv1.
Comment 11 Daniel Berger 2016-03-11 18:48:54 UTC 
It turns out that the default SSL version for Ruby's core net-http library (and consequently the rest-client gem) is SSLv23. This version was not supported by the client's proxy, as it is old and considered insecure.

In order to fix this, we needed to explicitly specify SSL version TLSv1 (or later) for the proxy to work.

The client tested the new code and was able to validate the credentials successfully.
Comment 14 Jeff Teehan 2016-03-29 14:44:20 UTC 
I created a Proxy Server using windows and it appeared to work correctly.  Moving to verified based on customer feedback and review of code changes.
Comment 16 errata-xmlrpc 2016-04-13 18:45:49 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:0616