Bug 1475954
Summary: | Proxy configuration does not work in restricted IPV6 only environment | |||
---|---|---|---|---|
Product: | Red Hat CloudForms Management Engine | Reporter: | Pavol Kotvan <pakotvan> | |
Component: | Appliance | Assignee: | Gregg Tanzillo <gtanzill> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Pavol Kotvan <pakotvan> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | 5.8.0 | CC: | abellott, cpelland, dajohnso, jhardy, jkrocil, lcouzens, ncarboni, obarenbo, pakotvan, saali, simaishi, smallamp | |
Target Milestone: | GA | Keywords: | TestOnly, ZStream | |
Target Release: | 5.9.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | proxy | |||
Fixed In Version: | 5.9.0.1 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1496912 (view as bug list) | Environment: | ||
Last Closed: | 2018-03-06 14:50:09 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | Bug | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | CFME Core | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1496912 |
Comment 3
Bo Yao
2017-08-03 18:14:55 UTC
Pavol is right. I can prove his finding in another approach. By comparing ip address with different proxy setting I can confirm the proxy configuration is correct, it's a bug of cfme: # in myappliance2 (10.16.4.131 / fc00:beef::1) [root@myappliance2 ~]# http_proxy="" curl www.google.com curl: (7) Failed to connect to 2607:f8b0:4004:80a::2004: Network is unreachable [root@myappliance2 ~]# http_proxy="" curl ipecho.net/plain && echo; curl: (7) Failed to connect to 146.255.36.1: Network is unreachable [root@myappliance2 ~]# http_proxy="user:redhat@localhost:3128" curl ipecho.net/plain && echo; 66.187.233.202 [root@myappliance2 ~]# curl --socks5-hostname localhost:8081 ipecho.net/plain && echo; 66.187.233.206 [root@myappliance2 ~]# # in jumpbox (10.16.6.102 / fc00:beef::ffff) [root@10-16-6-102 ~]# curl ipecho.net/plain && echo; 66.187.233.206 From above we can get a conclusion: without any proxy the pure ipv6 myappliance2 can not reach any network. With socks5 proxy from jumpbox, it "has" same ip address with jumpbox: 66.187.233.206.[*] With squid proxy it "has" another ipaddress, should be the one using in the squid server (66.187.233.202). As we can't clone repo in cfme ui, the proxy settings is not applied correctly in cfme. [*]: this is, actually the router for jumpbox connecting to internet, but it doesn't affect we get this conclusion because without this proxy myappliance2 cannot reach internet and that router. Same for 66.187.233.202. Hi Pavol, How did you enable embedded ansible server roles before in? You've done that at fc00:beef::294. I tried to turn it on then save at fc00:beef::296 with help of cfme docs and some people in our team, but still can't get EmbeddedAnsible Worker running. Maybe I broke something. Can you help me turn on that and enable me to enter "Add new repository" page? Thanks. I'll look at add amazon or other provider part of this bug first. Regards, Bo Hi Pavol, Thanks for your hint. I reset hostname then restart evm server. The problem for "bad component(expected host component)" disappeared but have problem in starting EmbeddedAnsibleWorker running on nginx: [----] E, [2017-08-10T06:07:18.805790 #21319:601560c] ERROR -- : AwesomeSpawn: /bin/systemctl exit code: 1 [----] E, [2017-08-10T06:07:18.805879 #21319:601560c] ERROR -- : AwesomeSpawn: Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details. [----] E, [2017-08-10T06:07:18.806024 #21319:601560c] ERROR -- : [AwesomeSpawn::CommandResultError]: /bin/systemctl exit code: 1 Method:[rescue in do_before_work_loop] [----] E, [2017-08-10T06:07:18.806123 #21319:601560c] ERROR -- : /opt/rh/cfme-gemset/gems/awesome_spawn-1.4.1/lib/awesom e_spawn.rb:105:in `run!' /opt/rh/cfme-gemset/gems/linux_admin-0.20.2/lib/linux_admin/common.rb:24:in `run!' /opt/rh/cfme-gemset/gems/linux_admin-0.20.2/lib/linux_admin/service/systemd_service.rb:18:in `start' /var/www/miq/vmdb/lib/embedded_ansible.rb:53:in `block in start' /var/www/miq/vmdb/lib/embedded_ansible.rb:53:in `each' /var/www/miq/vmdb/lib/embedded_ansible.rb:53:in `start' /var/www/miq/vmdb/app/models/embedded_ansible_worker/runner.rb:36:in `setup_ansible' /var/www/miq/vmdb/app/models/embedded_ansible_worker/runner.rb:13:in `do_before_work_loop' /var/www/miq/vmdb/app/models/embedded_ansible_worker/runner.rb:7:in `prepare' /var/www/miq/vmdb/app/models/miq_worker/runner.rb:133:in `start' /var/www/miq/vmdb/app/models/miq_worker/runner.rb:21:in `start_worker' And systemctl status nginx.service got: ● nginx.service - The nginx HTTP and reverse proxy server Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2017-08-10 06:13:55 EDT; 12s ago Aug 10 06:13:55 test-proxy systemd[1]: Starting The nginx HTTP and reverse proxy server... Aug 10 06:13:55 test-proxy nginx[13700]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok Aug 10 06:13:55 test-proxy nginx[13700]: nginx: [emerg] open() "/var/log/nginx/access.log" failed (28: No space left on device) Aug 10 06:13:55 test-proxy nginx[13700]: nginx: configuration file /etc/nginx/nginx.conf test failed Aug 10 06:13:55 test-proxy systemd[1]: nginx.service: control process exited, code=exited status=1 Aug 10 06:13:55 test-proxy systemd[1]: Failed to start The nginx HTTP and reverse proxy server. Aug 10 06:13:55 test-proxy systemd[1]: Unit nginx.service entered failed state. Aug 10 06:13:55 test-proxy systemd[1]: nginx.service failed. And when I try to locate code for EmbeddedAnsibleWorker::Runner locally (a daily pulled from manageiq repo), I found this file has changed a lot since 5.8.1.4, does it make sense to setting up a vm running more recent version of cfme and I make changes there? Thanks. *** Bug 1478582 has been marked as a duplicate of this bug. *** Bo and Pavol, Can you try out the solution in https://access.redhat.com/solutions/3127941? If that works we can set up a way to propagate the settings configured for the cfme proxy programatically. Additionally if an ssh bastion host is require (not sure if that's what this bug is about) we may need to set something up similar to what is described here [1], but I'm hoping the config changes in settings.py will do the trick. [1] http://blog.dualspark.com/ansible/configuration-management/aws/ssh/2014/12/19/ansible-tower-ssh-agent-forwarding.html New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/c9ca903e343ab9a0930ba8a87a5e5a44fbc11753 commit c9ca903e343ab9a0930ba8a87a5e5a44fbc11753 Author: Bo Yao <icerove> AuthorDate: Fri Sep 22 13:40:33 2017 -0400 Commit: Bo Yao <icerove> CommitDate: Fri Sep 22 21:34:11 2017 -0400 add http proxy support for embedded ansible tower https://bugzilla.redhat.com/show_bug.cgi?id=1475954 lib/embedded_ansible.rb | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) |