Bug 661876

Summary: subscription-manager: cannot connect through a proxy that requires auth
Product: Red Hat Enterprise Linux 6 Reporter: J.C. Molet <jmolet>
Component: subscription-managerAssignee: Adrian Likins <alikins>
Status: CLOSED ERRATA QA Contact: J.C. Molet <jmolet>
Severity: medium Docs Contact:
Priority: low    
Version: 6.1CC: alikins
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-19 13:38:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 639436    

Description J.C. Molet 2010-12-09 20:52:30 UTC 
Description of problem:

Using the subscription-manager cli tool, you cannot connect to the candlepin server if you are configured to connect through a proxy that requires authentication.

Version-Release number of selected component (if applicable):

[jmolet@x2112 ~]$ rpm -qa | egrep "subscription|^python-2|python-rhsm"
python-2.6.4-27.fc13.x86_64
python-rhsm-0.93.3-1.git.0.a79d99d.fc14.noarch
subscription-manager-gnome-0.93.3-1.git.0.a79d99d.fc14.x86_64
subscription-manager-0.93.3-1.git.0.a79d99d.fc14.x86_64

How reproducible:
always

Steps to Reproduce:
1. Find a machine with subscription-manager installed.
2. Configure subscription manager to connect through a proxy that requires auth.
3. try to register with subscription-manager (or do any network actions)
  
Actual results:

[root@x2112 rhsm]# subscription-manager register --username=testuser1 --password=password
Network error, unable to connect to server. Please see /var/log/rhsm/rhsm.log for more information.

log file /var/log/rhsm/rhsm.log:

2010-12-09 14:51:21,567 [INFO] __init__() @connection.py:274 - Using certificate authentication: key = /etc/pki/consumer/key.pem, cert = /etc/pki/consumer/cert.pem, ca = /etc/rhsm/ca/, insecure = False
2010-12-09 14:51:21,567 [INFO] __init__() @connection.py:277 - Connection Established: host: mgmt4.rhq.lab.eng.bos.redhat.com, port: 8443, handler: /candlepin
2010-12-09 14:51:21,570 [INFO] _request() @connection.py:130 - loading ca pem certificates from: /etc/rhsm/ca/
2010-12-09 14:51:21,570 [INFO] _load_ca_certificates() @connection.py:111 - loading ca certificate '/etc/rhsm/ca/candlepin-stage.pem'
2010-12-09 14:51:21,570 [INFO] _load_ca_certificates() @connection.py:111 - loading ca certificate '/etc/rhsm/ca/fakamai-cp1.pem'
2010-12-09 14:51:21,571 [INFO] _load_ca_certificates() @connection.py:111 - loading ca certificate '/etc/rhsm/ca/redhat-uep.pem'
2010-12-09 14:51:21,571 [INFO] _load_ca_certificates() @connection.py:111 - loading ca certificate '/etc/rhsm/ca/candlepin-ca.pem'
2010-12-09 14:51:21,572 [INFO] _request() @connection.py:132 - work in insecure mode ?:False
2010-12-09 14:51:21,572 [INFO] _request() @connection.py:139 - using proxy mgmt5.rhq.lab.eng.bos.redhat.com:3128
2010-12-09 14:51:21,572 [INFO] _request() @connection.py:146 - handler: https://mgmt4.rhq.lab.eng.bos.redhat.com:8443/candlepin/consumers/7a7d2eb9-334c-462e-9dba-3eb5aebc5245
2010-12-09 14:51:22,400 [INFO] _request() @connection.py:160 - status code: 204
2010-12-09 14:51:22,401 [INFO] unregister() @managerlib.py:574 - Successfully un-registered.
2010-12-09 14:51:26,977 [INFO] __init__() @connection.py:274 - Using certificate authentication: key = /etc/pki/consumer/key.pem, cert = /etc/pki/consumer/cert.pem, ca = /etc/rhsm/ca/, insecure = False
2010-12-09 14:51:26,977 [INFO] __init__() @connection.py:277 - Connection Established: host: mgmt4.rhq.lab.eng.bos.redhat.com, port: 8443, handler: /candlepin
2010-12-09 14:51:26,978 [INFO] __init__() @connection.py:263 - Using basic authentication as: testuser1
2010-12-09 14:51:26,978 [INFO] __init__() @connection.py:277 - Connection Established: host: mgmt4.rhq.lab.eng.bos.redhat.com, port: 8443, handler: /candlepin
2010-12-09 14:51:27,088 [INFO] _request() @connection.py:130 - loading ca pem certificates from: /etc/rhsm/ca/
2010-12-09 14:51:27,088 [INFO] _load_ca_certificates() @connection.py:111 - loading ca certificate '/etc/rhsm/ca/candlepin-stage.pem'
2010-12-09 14:51:27,089 [INFO] _load_ca_certificates() @connection.py:111 - loading ca certificate '/etc/rhsm/ca/fakamai-cp1.pem'
2010-12-09 14:51:27,089 [INFO] _load_ca_certificates() @connection.py:111 - loading ca certificate '/etc/rhsm/ca/redhat-uep.pem'
2010-12-09 14:51:27,090 [INFO] _load_ca_certificates() @connection.py:111 - loading ca certificate '/etc/rhsm/ca/candlepin-ca.pem'
2010-12-09 14:51:27,090 [INFO] _request() @connection.py:132 - work in insecure mode ?:False
2010-12-09 14:51:27,090 [INFO] _request() @connection.py:139 - using proxy mgmt5.rhq.lab.eng.bos.redhat.com:3128
2010-12-09 14:51:27,091 [INFO] _request() @connection.py:146 - handler: https://mgmt4.rhq.lab.eng.bos.redhat.com:8443/candlepin/consumers/
2010-12-09 14:51:27,323 [ERROR] handle_exception() @managercli.py:44 - exception caught in subscription-manager
2010-12-09 14:51:27,323 [ERROR] handle_exception() @managercli.py:45 - Proxy connection failed: 407
Traceback (most recent call last):
  File "/usr/sbin/subscription-manager", line 75, in <module>
    sys.exit(abs(main() or 0))
  File "/usr/sbin/subscription-manager", line 66, in main
    return managercli.CLI().main()
  File "/usr/share/rhsm/managercli.py", line 710, in main
    cmd.main()
  File "/usr/share/rhsm/managercli.py", line 146, in main
    self._do_command()
  File "/usr/share/rhsm/managercli.py", line 326, in _do_command
    facts=self.facts.get_facts())
  File "/usr/share/rhsm/connection.py", line 299, in registerConsumer
    return self.conn.request_post('/consumers/', params)
  File "/usr/share/rhsm/connection.py", line 183, in request_post
    return self._request("POST", method, params)
  File "/usr/share/rhsm/connection.py", line 152, in _request
    headers=self.headers)
  File "/usr/lib64/python2.6/httplib.py", line 898, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib64/python2.6/httplib.py", line 935, in _send_request
    self.endheaders()
  File "/usr/share/rhsm/connection.py", line 66, in endheaders
    httpslib.HTTPSConnection.endheaders(self)
  File "/usr/lib64/python2.6/httplib.py", line 892, in endheaders
    self._send_output()
  File "/usr/lib64/python2.6/httplib.py", line 764, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.6/httplib.py", line 723, in send
    self.connect()
  File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 180, in connect
    raise socket.error, "Proxy connection failed: %d" % code
error: Proxy connection failed: 407


Expected results:

The client registers and successfully connects through the proxy.

Additional info:

This is starting to look like possibly a python 2.6 problem, and it doesn't look like it is actually passing the username/password for the proxy server to the proxy server.  I will also note, however, that the gui tool seems to successfully register using the same proxy settings.
Comment 1 Adrian Likins 2010-12-13 16:30:38 UTC 
commit 8405d250762441819b75cc1a19b6f899d0c03012
Author: Adrian Likins <alikins>
Date:   Fri Dec 10 10:57:57 2010 -0500

    661876: fix a bug with cli not using config file proxy auth info



Looks like cli wasn't reading the auth info from the config on some commands
(like register).
Comment 2 J.C. Molet 2010-12-14 18:41:28 UTC 
[root@x2112 rhsm]# rpm -qa | grep subscription
subscription-manager-gnome-0.93.3-1.git.19.7e709b6.fc14.x86_64
subscription-manager-0.93.3-1.git.19.7e709b6.fc14.x86_64

test1: proxying by editing rhsm.conf

[root@x2112 rhsm]# subscription-manager unregister
System has been un-registered.
[root@x2112 rhsm]# cat rhsm.conf | grep proxy
proxy_hostname = mgmt5.rhq.lab.eng.bos.redhat.com
proxy_user = redhat
proxy_password = redhat
proxy_port = 3128
[root@x2112 rhsm]# subscription-manager register --username=testuser1 --password=password
bff7d25d-ce13-44c7-81cb-5c488d15e93f testuser1


test successful.

=======================================

test2: proxying entirely via cli

[root@x2112 rhsm]# cat rhsm.conf | grep proxy
proxy_hostname = None
proxy_user = None
proxy_password = None
proxy_port = None
proxy_hostname = 
proxy_user = 
proxy_password = 
proxy_port = 
[root@x2112 rhsm]# subscription-manager unregister
This system is currently not registered.
[root@x2112 rhsm]# subscription-manager register --username=xeops --password=redhat --proxy=mgmt5.rhq.lab.eng.bos.redhat.com --proxyuser=redhat --proxypass=redhat
up redhat redhat
nl candlepin1.devlab.phx1.redhat.com:443
CONNECT candlepin1.devlab.phx1.redhat.com:443 HTTP/1.1
Host: candlepin1.devlab.phx1.redhat.com:443
Proxy-Authorization: Basic cmVkaGF0OnJlZGhhdA==

bf0ed0b4-927c-45d0-8fd5-62f561ef75d3 xeops
[root@x2112 rhsm]#


==========================

cli proxying works with this commit
Comment 3 errata-xmlrpc 2011-05-19 13:38:09 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2011-0611.html