Bug 1255516 - pip doesn't work behind an HTTPS proxy
Summary: pip doesn't work behind an HTTPS proxy
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: ImageStreams
Version: 3.2.1
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 3.2.1
Assignee: Troy Dawson
QA Contact: Wang Haoran
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-08-20 19:40 UTC by Jim Minter
Modified: 2016-09-27 09:00 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-27 09:00:52 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1934 0 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.3 images bug fix and enhancement update 2016-09-27 12:51:46 UTC

Description Jim Minter 2015-08-20 19:40:24 UTC 
Description of problem:

TL;DR:

The issue is documented at https://github.com/pypa/pip/issues/1805 .
The fix is documented at https://github.com/shazow/urllib3/pull/369/files .  I have tested applying the fix and it resolves my issue.  Please backport it at least to python33 SCL for RHEL7.

I'm trying to get the OpenShift 3 Python 3.3 docker image (using python33-python-pip-1.5.6-5.el7.noarch) to do pip installs behind a corporate HTTPS proxy.  It bottles out, and I can see using tcpdump that it is attempting to send 'CONNECT' HTTP requests direct to the remote endpoint, not to the proxy.

I have tried manually applying the fixes mentioned above to the files under /opt/rh/python33/root/user/lib/python3.3/site-packages/pip/_vendor/requests/packages/urllib3, and find that when I do, the tcpdump is then clean and pip works properly.

Version-Release number of selected component (if applicable):

python33-python-pip-1.5.6-5.el7.noarch

How reproducible:

Always

Steps to Reproduce:
1. https_proxy=http://<proxy>/ pip --cert=<cert> install --user -r requirements.txt


Actual results:

Pip bottles out, and I can see using tcpdump that it is attempting to send 'CONNECT' HTTP requests direct to the remote endpoint, not to the proxy.

Expected results:

Pip installs from requirements.txt as expected.
Comment 3 Honza Horak 2016-06-09 13:45:37 UTC 
Sorry to notice so late, but python33-pip is not shipped withing RHSCL product, it is built specifically only for OpenShift, so moving this bug to appropriate product.
Comment 4 Ben Parees 2016-06-09 15:18:46 UTC 
Troy, is this backport/rebuild something you can handle?  (assuming we do in fact own the python33-pip rpm)?

Jim, have you tried the python-34 image instead, or is there a reason you can't use that newer version?
Comment 5 Troy Dawson 2016-06-20 14:52:53 UTC 
Yes to both.
It is something I can handle, have the patch done now.
We (OpenShift) do own the python33-pip rpm.  Working on it now.
Comment 6 Troy Dawson 2016-07-21 15:18:17 UTC 
rpm built with fix, python33-python-pip-1.5.6-6.el7, building into image now.
Comment 7 Troy Dawson 2016-08-02 13:26:29 UTC 
This is now in image openshift3/python-33-rhel7:3.3-40 and newer.
Comment 12 errata-xmlrpc 2016-09-27 09:00:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1934
Note You need to log in before you can comment on or make changes to this bug.