Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1255516

Summary: pip doesn't work behind an HTTPS proxy
Product: OpenShift Container Platform Reporter: Jim Minter <jminter>
Component: ImageStreamsAssignee: Troy Dawson <tdawson>
Status: CLOSED ERRATA QA Contact: Wang Haoran <haowang>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.2.1CC: aos-bugs, bleanhar, hhorak, jminter, jokerman, kanderso, mmccomas, tdawson, wewang
Target Milestone: ---   
Target Release: 3.2.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-27 09:00:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jim Minter 2015-08-20 19:40:24 UTC 
Description of problem:

TL;DR:

The issue is documented at https://github.com/pypa/pip/issues/1805 .
The fix is documented at https://github.com/shazow/urllib3/pull/369/files .  I have tested applying the fix and it resolves my issue.  Please backport it at least to python33 SCL for RHEL7.

I'm trying to get the OpenShift 3 Python 3.3 docker image (using python33-python-pip-1.5.6-5.el7.noarch) to do pip installs behind a corporate HTTPS proxy.  It bottles out, and I can see using tcpdump that it is attempting to send 'CONNECT' HTTP requests direct to the remote endpoint, not to the proxy.

I have tried manually applying the fixes mentioned above to the files under /opt/rh/python33/root/user/lib/python3.3/site-packages/pip/_vendor/requests/packages/urllib3, and find that when I do, the tcpdump is then clean and pip works properly.

Version-Release number of selected component (if applicable):

python33-python-pip-1.5.6-5.el7.noarch

How reproducible:

Always

Steps to Reproduce:
1. https_proxy=http://<proxy>/ pip --cert=<cert> install --user -r requirements.txt


Actual results:

Pip bottles out, and I can see using tcpdump that it is attempting to send 'CONNECT' HTTP requests direct to the remote endpoint, not to the proxy.

Expected results:

Pip installs from requirements.txt as expected.
Comment 3 Honza Horak 2016-06-09 13:45:37 UTC 
Sorry to notice so late, but python33-pip is not shipped withing RHSCL product, it is built specifically only for OpenShift, so moving this bug to appropriate product.
Comment 4 Ben Parees 2016-06-09 15:18:46 UTC 
Troy, is this backport/rebuild something you can handle?  (assuming we do in fact own the python33-pip rpm)?

Jim, have you tried the python-34 image instead, or is there a reason you can't use that newer version?
Comment 5 Troy Dawson 2016-06-20 14:52:53 UTC 
Yes to both.
It is something I can handle, have the patch done now.
We (OpenShift) do own the python33-pip rpm.  Working on it now.
Comment 6 Troy Dawson 2016-07-21 15:18:17 UTC 
rpm built with fix, python33-python-pip-1.5.6-6.el7, building into image now.
Comment 7 Troy Dawson 2016-08-02 13:26:29 UTC 
This is now in image openshift3/python-33-rhel7:3.3-40 and newer.
Comment 12 errata-xmlrpc 2016-09-27 09:00:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1934