Bug 1314835 - [RFE] add proxy support to azure-armrest
[RFE] add proxy support to azure-armrest
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Providers (Show other bugs)
Unspecified Unspecified
medium Severity medium
: GA
: 5.5.3
Assigned To: Daniel Berger
Jeff Teehan
: FutureFeature, ZStream
Depends On: 1309477
  Show dependency treegraph
Reported: 2016-03-04 11:14 EST by Chris Pelland
Modified: 2017-08-29 21:28 EDT (History)
14 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Feature request to add proxy support to azure-armrest as there was no way to specify a proxy for http requests in the azure-armrest gem. Accordingly, http_proxy support has been added for authenticating to Azure.
Story Points: ---
Clone Of: 1309477
Last Closed: 2016-04-13 14:45:49 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
passes proxy settings, if any, when connecting to Azure (7.00 KB, patch)
2016-03-09 08:57 EST, Bronagh Sorota
no flags Details | Diff
Latest version of azure-armrest gem (29.00 KB, application/x-tar)
2016-03-09 14:38 EST, Bronagh Sorota
no flags Details
Latest version of azure-armrest gem (29.50 KB, application/x-tar)
2016-03-11 10:38 EST, Daniel Berger
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:0616 normal SHIPPED_LIVE CFME 5.5.3 bug fixes and enhancement update 2016-04-13 18:38:44 EDT

  None (edit)
Comment 1 Bronagh Sorota 2016-03-07 10:02:18 EST
Right now the customer would set the http_proxy information in vmdb.tmpl.yml and it is not provider specific. This means that if they add an Amazon provider in the future they would have to use the same http proxy for both Amazon and Azure.

Comment 2 Bronagh Sorota 2016-03-07 10:22:46 EST
What version of the azure-armrest gem is installed on the appliance?
Comment 3 Bronagh Sorota 2016-03-07 13:46:12 EST
Can you also find out if ENV[‘http_proxy’] is currently being used for anything? Looks like we will need that to be set for the Azure StorageAccounts to use the proxy settings.
Comment 6 Bronagh Sorota 2016-03-09 08:57 EST
Created attachment 1134532 [details]
passes proxy settings, if any, when connecting to Azure

Hi Colin,

Attached is a tar file containing a patch. This needs to be opened inside the manageiq directory. It will extract the following file:

In addition, the customer must install the latest version of the azure-armrest gem (0.1.3).
Comment 7 CFME Bot 2016-03-09 11:41:00 EST
New commit detected on ManageIQ/manageiq/master:

commit 9391564d2c99b06c651a120963f6e0fa64c1e0e0
Author:     Bronagh Sorota <bsorota@redhat.com>
AuthorDate: Mon Mar 7 11:48:55 2016 -0500
Commit:     Bronagh Sorota <bsorota@redhat.com>
CommitDate: Mon Mar 7 13:53:58 2016 -0500

    http_proxy support for authenticating to Azure

 app/models/manageiq/providers/azure/cloud_manager.rb | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)
Comment 8 Bronagh Sorota 2016-03-09 14:38 EST
Created attachment 1134629 [details]
Latest version of azure-armrest gem

This gem is the latest version of the azure-armrest gem with a version set to 0.0.8 for compatibility. It can be installed as follows:

- gem install -i /opt/rh/cfme-gemset —ignore-dependencies -l azure-armrest-0.0.8.gem
- bundle show azure-armrest
- restarting the appliance.
Comment 9 Bronagh Sorota 2016-03-09 14:45:17 EST
this patch contains 2 attachments:
1) attachment 1134629 [details] 
2) attachment 1134532 [details]

Both are required. Please refer only to the instructions attached to 1134629 for modifying the azure-armrest gem.
Comment 10 Daniel Berger 2016-03-11 10:38 EST
Created attachment 1135268 [details]
Latest version of azure-armrest gem

This adds ssl_version and ssl_verify options, and defaults to TLSv1.
Comment 11 Daniel Berger 2016-03-11 13:48:54 EST
It turns out that the default SSL version for Ruby's core net-http library (and consequently the rest-client gem) is SSLv23. This version was not supported by the client's proxy, as it is old and considered insecure.

In order to fix this, we needed to explicitly specify SSL version TLSv1 (or later) for the proxy to work.

The client tested the new code and was able to validate the credentials successfully.
Comment 14 Jeff Teehan 2016-03-29 10:44:20 EDT
I created a Proxy Server using windows and it appeared to work correctly.  Moving to verified based on customer feedback and review of code changes.
Comment 16 errata-xmlrpc 2016-04-13 14:45:49 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.