Bug 1572304
| Summary: | Docker registry sync does not use HTTP proxy configuration | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Satellite Program <pm-sat> |
| Component: | Container Management - Runtime | Assignee: | Sebastian Gräßl <sgraessl> |
| Status: | CLOSED ERRATA | QA Contact: | Lukas Pramuk <lpramuk> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.2.0 | CC: | aagrawal, andrew.schofield, anrussel, bbuckingham, bkearney, cmarinea, cwelton, dgross, djoo, ehelms, fwissing, ggatward, gkonda, gray.brandon, greartes, hyu, jbhatia, jpriddy, kabbott, kresar, ktordeur, loeffls1, lpramuk, mhrivnak, michael.hammer, millard.matt, mjankula, mmccune, mmello, mmithaiw, mullens, rajgupta, rbobek, rplevka, ruben, sgraessl, smeyer, syangsao, tomckay, tonay, tonflo, torstein.hansen, tris.hoar, vijsingh, wpinheir, zhunting |
| Target Milestone: | 6.4.0 | Keywords: | PrioBumpGSS, Triaged |
| Target Release: | Unused | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1333595 | Environment: | |
| Last Closed: | 2018-10-16 19:06:01 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Upstream bug assigned to sgraessl OK. The bad strings is the different component therefore I filed BZ 1584698 against Branding and switching this BZ back to ONQA. VERIFIED. @satellite-6.4.0-9.beta.el7sat.noarch (Snap6) foreman-1.18.0.0.7-1.el7sat.noarch tfm-rubygem-runcible-2.8.1-1.el7sat.noarch by the following reproducer/testing: 1) Set setting "HTTP(S) proxy" to authed proxy http://admin:redhat@proxy.example.com:3128 2) Create docker registry and see traffic hitting proxy 3) Set setting "HTTP(S) proxy" to unauthed proxy http://proxy.example.com:3401 4) Create docker registry and see traffic hitting unauthed proxy 5) Set setting "HTTP(S) proxy" to non-existing proxy http://nonononoproxy.example.com:3401 6) Try to create docker registry and see it failed (x) Unable to save Unable to log in to this Docker Registry - Proxied request failed with: getaddrinfo: Name or service not known (SocketError) 7) Check all other stuff is also using proxy (tries to use nonexisting proxy) since this is general http-proxy RFE (ie. not only registries) */compute_resources/1-http docker/edit Proxied request failed with: getaddrinfo: Name or service not known (SocketError) */redhat_access/insights Oops, we're sorry but something went wrong Failed to open TCP connection ... >>> http-proxy is used for all requests But even for candlepin/katello !!! (ultimate breakage) and even if you set valid proxy since request for candlepin (8443/tcp) cannot be proxied and are refused. Any katello page is throwing "403 Forbidden" Unless you specify Satellite FQDN in "HTTP(S) proxy except hosts" which is really really tricky and wouldn't be obvoius to many CUs. Filing new BZ 1585076 with this issue (as discussed with Dev and his Manager) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2927 |
FailedQA. @satellite-6.4.0-9.beta.el7sat.noarch (Snap5) foreman-1.18.0.0.7-1.el7sat.noarch tfm-rubygem-runcible-2.8.1-1.el7sat.noarch In the middle of functionality testing I found there are bad strings for the new setting: Nightly: HTTP(S) proxy Sets a proxy for all outgoing HTTP connections. HTTP(S) proxy except hosts Set hostnames to which requests are not to be proxied vs. Satellite6.4.0: HTTP(S) Capsule Sets a Capsule for all outgoing HTTP connections. HTTP(S) Capsule except hosts Set hostnames to which requests are not to be proxied >>> in downstream http proxy should still read the same "http proxy" instead of wrong "http capsule"