Bug 1825930

Summary: [Regression] RedHat Insights client proxying stopped working due to missing proxy
Product: Red Hat Satellite Reporter: Peter Vreman <peter.vreman>
Component: RH Cloud - InsightsAssignee: Rex White <rexwhite>
Status: CLOSED ERRATA QA Contact: Mirek Długosz <mzalewsk>
Severity: urgent Docs Contact:
Priority: high    
Version: 6.7.0CC: ahuchcha, ahumbe, alsouza, bkearney, bmidwood, ecerqueira, egolov, fratto, janarula, jsherril, ktordeur, mawerner, mmccune, musman, ofalk, ptrivedi, rexwhite, roarora, robwilli, shisingh, sshtein, tonay, will_darton
Target Milestone: 6.8.0Keywords: Patch, PrioBumpGSS, Regression, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: tfm-rubygem-redhat_access-2.2.13 Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of:
: 1832590 (view as bug list) Environment:
Last Closed: 2020-10-27 13:01:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1122832    

Description Peter Vreman 2020-04-20 14:07:42 UTC 
Description of problem:
Clients using insighgts-client connected to Sat6.7 are fialing with sever error 500.
The redhat_access plugin does not use the proxy anymore after the sat6.6 to 6.7 upgrade.

Grepping the source reveals the problem, the redhat-access plugin uses still the obsolete katello.cdn_proxy setting that is removed.




Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Disable Internet, and force proxy for Satellite 
2. Run  insights-client for a hosta connected to satellite
3. 

Actual results:
Failure to checking to cloud.redhat.com

Expected results:
Success


Additional info:
Please make sure there are all system tests that are also execute on a system that is 100% isolated and a http proxy. This is standard Setup for entreprises and the insights proxying a critical functionality if RedHat wants to push cloud.redhat.com SaaS solutions.
Comment 3 Peter Vreman 2020-04-20 14:09:53 UTC 
Based on the code in cdn.rb i created a patch to the new content proxy value.

-------------
--- redhat_access-2.2.11/app/services/redhat_access/telemetry/look_ups.rb.200420-1      2020-02-27 16:35:40.000000000 +0000
+++ redhat_access-2.2.11/app/services/redhat_access/telemetry/look_ups.rb       2020-04-20 13:55:50.796387157 +0000
@@ -201,19 +201,8 @@
       end

       def get_portal_http_proxy
-        proxy = nil
-        if SETTINGS[:katello][:cdn_proxy] && SETTINGS[:katello][:cdn_proxy][:host]
-          proxy_config = SETTINGS[:katello][:cdn_proxy]
-          scheme = URI.parse(proxy_config[:host]).scheme
-          uri = URI('')
-          # Ruby's uri parser doesn't handle encoded characters so Katello added two new schemes to handle proxy
-          # passwords.  See https://github.com/Katello/katello/blob/master/app/lib/katello/util/proxy_uri.rb
-          uri.scheme = 'proxy' if scheme == 'http'
-          uri.scheme = 'proxys' if scheme == 'https'
-          uri.host = URI.parse(proxy_config[:host]).host
-          uri.port = proxy_config[:port] if proxy_config[:port]
-          uri.user =  CGI.escape(proxy_config[:user]) if proxy_config[:user]
-          uri.password = CGI.escape(proxy_config[:password]) if proxy_config[:password]
+        if (proxy = ::HttpProxy.default_global_content_proxy)
+          uri = URI(proxy.url)
           proxy = uri.to_s
         end
         proxy
-------------
Comment 4 Peter Vreman 2020-04-20 14:15:34 UTC 
Bryan,

Can you please have a look at this. The insights-client proxying through satellite, that is normally behind a http-proxy, is a mandatory step to upload data to cloud.redhat.com.

I checked the github iof the plugin at https://github.com/redhataccess/foreman-plugin/blob/e098d28d60c66d78254ef10f6ff50b0a4e02f952/redhat-access/app/services/redhat_access/telemetry/look_ups.rb  but that is also lacking the update for the new proxy setting

Peter
Comment 6 Bryan Kearney 2020-04-20 14:17:48 UTC 
Thanks Peter, I sent it along to Shim to take a look at it. I appreciate the patch.
Comment 9 Justin Sherrill 2020-04-23 12:29:55 UTC 
Wanted to confirm that the proposed patch makes logical sense given the changes in 6.7
Comment 11 Rex White 2020-04-23 20:11:43 UTC 
Careful with the proposed patch - please don't UNDO the fix for proxy passwords with special characters...
Comment 12 Will D 2020-04-24 12:01:00 UTC 
(In reply to Rex White from comment #11)
> Careful with the proposed patch - please don't UNDO the fix for proxy
> passwords with special characters...

It appears in the WebUI its already broken on 6.7.0   Won't accept a password with an @ symbol.  

Works fine from the command line though
# hammer http-proxy create --name test123 --url <url> --username=<username> --password=<password with an @ in it>
Http proxy created.
Comment 30 errata-xmlrpc 2020-10-27 13:01:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.8 release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:4366