Bug 1403387 - there is an error in processing the specified proxy arguments versus proxy configurations
Summary: there is an error in processing the specified proxy arguments versus proxy co...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: subscription-manager
Version: 6.9
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: rc
: ---
Assignee: Chris Snyder
QA Contact: John Sefler
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-12-09 22:23 UTC by John Sefler
Modified: 2017-03-21 10:57 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-03-21 10:57:56 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github candlepin subscription-manager pull 1531 None None None 2016-12-16 15:47:28 UTC
Red Hat Product Errata RHSA-2017:0698 normal SHIPPED_LIVE Moderate: subscription-manager security, bug fix, and enhancement update 2017-03-21 12:39:12 UTC

Description John Sefler 2016-12-09 22:23:19 UTC
Description of problem:

Rule... Specifying subscription-manager proxy options on the command line takes precedence over proxy configurations within the rhsm.conf file, which in turn take precedence over proxy environment variables.

If this rule is true, then there is a logic error within subscription-manger when executing the Case 3 below...

Case 1: specify proxy configurations in the rhsm.conf file only....

Case 2: specify proxy values on the command line only....

Case 3: specify proxy values on the command *and* the rhsm.conf file.  The command line values should trump the rhsm.conf file values yielding the same response as case 2, but this is not what happens....

Version-Release number of selected component (if applicable):
[root@jsefler-rhel6 ~]# rpm -q subscription-manager python-rhsm
subscription-manager-1.18.6-1.el6.x86_64
python-rhsm-1.18.6-1.el6.x86_64


How reproducible:


Steps to Reproduce:

Case 1: specify proxy configurations in the rhsm.conf file only....
[root@jsefler-rhel6 ~]# subscription-manager config --server.proxy_hostname="invalid" --server.proxy_port="123" --server.proxy_user="red" --server.proxy_password="hat"
[root@jsefler-rhel6 ~]# subscription-manager register --username=joe --password=blo
Registering to: subscription.rhsm.redhat.com:443/subscription
Network error, unable to connect to server. Please see /var/log/rhsm/rhsm.log for more information.
[root@jsefler-rhel6 ~]# echo $?
70


Case 2: specify proxy values on the command line only....
[root@jsefler-rhel6 ~]# subscription-manager config --server.proxy_hostname="" --server.proxy_port="" --server.proxy_user="" --server.proxy_password=""
[root@jsefler-rhel6 ~]# subscription-manager register --username=joe --password=blo --proxy=invalid:123 --proxyuser=red --proxypassword=hat
Proxy connection failed, please check your settings.
[root@jsefler-rhel6 ~]# echo $?
69


Case 3: specify proxy values on the command *and* the rhsm.conf file.  The command line values should trump the rhsm.conf file values yielding the same response as case 2, but this is not what happens....

[root@jsefler-rhel6 ~]# subscription-manager config --server.proxy_hostname="invalid" --server.proxy_port="123" --server.proxy_user="red" --server.proxy_password="hat"
[root@jsefler-rhel6 ~]# subscription-manager register --username=joe --password=blo --proxy=invalid:123 --proxyuser=red --proxypassword=hat
Unable to reach the server at subscription.rhsm.redhat.com:443/subscription
[root@jsefler-rhel6 ~]# echo $?
69



Actual results:
Unable to reach the server at subscription.rhsm.redhat.com:443/subscription

Expected results:
Proxy connection failed, please check your settings.

Expected the response for case 3 to be equivalent to case 2.  The fact that there are three different responses for the three cases indicates to me that when specifying proxy options on the command line does not truly trump the configurations set in rhsm.conf.



Additional info:

Case 1: 
[root@jsefler-rhel6 ~]# tail -f /var/log/rhsm/rhsm.log
2016-12-09 17:08:11,613 [DEBUG] subscription-manager:5648:MainThread @https.py:59 - Using m2crypto wrappers to provide httplib and ssl
2016-12-09 17:08:11,824 [DEBUG] subscription-manager:5648:MainThread @ga_loader.py:89 - ga_loader GaImporterGtk2
2016-12-09 17:08:11,830 [DEBUG] subscription-manager:5648:MainThread @plugins.py:569 - loaded plugin modules: [<module 'container_content' from '/usr/share/rhsm-plugins/container_content.pyc'>]
2016-12-09 17:08:11,830 [DEBUG] subscription-manager:5648:MainThread @plugins.py:570 - loaded plugins: {'container_content.ContainerContentPlugin': <container_content.ContainerContentPlugin object at 0x2b8b2d0>}
2016-12-09 17:08:11,830 [DEBUG] subscription-manager:5648:MainThread @identity.py:131 - Loading consumer info from identity certificates.
2016-12-09 17:08:11,830 [DEBUG] subscription-manager:5648:MainThread @identity.py:146 - Reload of consumer identity cert /etc/pki/consumer/cert.pem raised an exception with msg: [Errno 2] No such file or directory: '/etc/pki/consumer/key.pem'
2016-12-09 17:08:11,872 [INFO] subscription-manager:5648:MainThread @managercli.py:389 - Client Versions: {'python-rhsm': '1.18.6-1.el6', 'subscription-manager': '1.18.6-1.el6'}
2016-12-09 17:08:11,873 [INFO] subscription-manager:5648:MainThread @connection.py:758 - Connection built: http_proxy=invalid:123 host=subscription.rhsm.redhat.com port=443 handler=/subscription auth=identity_cert ca_dir=/etc/rhsm/ca/ insecure=False
2016-12-09 17:08:11,874 [INFO] subscription-manager:5648:MainThread @connection.py:758 - Connection built: http_proxy=invalid:123 host=subscription.rhsm.redhat.com port=443 handler=/subscription auth=none
2016-12-09 17:08:11,874 [INFO] subscription-manager:5648:MainThread @managercli.py:389 - Client Versions: {'python-rhsm': '1.18.6-1.el6', 'subscription-manager': '1.18.6-1.el6'}
2016-12-09 17:08:11,891 [INFO] subscription-manager:5648:MainThread @managercli.py:364 - Consumer Identity name=None uuid=None
2016-12-09 17:08:11,934 [INFO] subscription-manager:5648:MainThread @managercli.py:364 - Consumer Identity name=None uuid=None
2016-12-09 17:08:11,935 [INFO] subscription-manager:5648:MainThread @connection.py:758 - Connection built: http_proxy=invalid:123 host=subscription.rhsm.redhat.com port=443 handler=/subscription auth=basic username=joe
2016-12-09 17:08:11,951 [DEBUG] subscription-manager:5648:MainThread @hwprobe.py:580 - cpu info: {'cpu.cpu(s)': 2, 'cpu.core(s)_per_socket': 1, 'cpu.thread(s)_per_core': 1, 'cpu.topology_source': 'kernel /sys cpu sibling lists', 'cpu.cpu_socket(s)': 2}
2016-12-09 17:08:12,138 [DEBUG] subscription-manager:5648:MainThread @hwprobe.py:808 - Running 'virt-what'
2016-12-09 17:08:12,164 [DEBUG] subscription-manager:5648:MainThread @hwprobe.py:812 - virt-what stdout: kvm

2016-12-09 17:08:12,165 [DEBUG] subscription-manager:5648:MainThread @hwprobe.py:813 - virt-what stderr: 
2016-12-09 17:08:12,175 [INFO] subscription-manager:5648:MainThread @hwprobe.py:918 - collected virt facts: virt.is_guest=True, virt.host_type=kvm, virt.uuid=B5CB83CC-BED3-4577-A001-40D6307F3855
2016-12-09 17:08:12,178 [DEBUG] subscription-manager:5648:MainThread @connection.py:444 - Loaded CA certificates from /etc/rhsm/ca/: redhat-entitlement-authority.pem, shwetha-workstation.pem, jsefler-candlepin.pem, ncat_listener.pem, redhat-uep.pem, jsefler-candlepin6.pem, timeout_listener.pem
2016-12-09 17:08:12,178 [DEBUG] subscription-manager:5648:MainThread @connection.py:476 - Using proxy: invalid:123
2016-12-09 17:08:12,178 [DEBUG] subscription-manager:5648:MainThread @connection.py:490 - Making request: GET /subscription/users/joe/owners
2016-12-09 17:08:12,240 [ERROR] subscription-manager:5648:MainThread @managercli.py:177 - Error during registration: [Errno -2] Name or service not known
2016-12-09 17:08:12,240 [ERROR] subscription-manager:5648:MainThread @managercli.py:178 - [Errno -2] Name or service not known
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/subscription_manager/managercli.py", line 1139, in _do_command
    owner_key = self._determine_owner_key(admin_cp)
  File "/usr/lib/python2.6/site-packages/subscription_manager/managercli.py", line 1286, in _determine_owner_key
    owners = cp.getOwnerList(self.username)
  File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 1054, in getOwnerList
    return self.conn.request_get(method)
  File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 623, in request_get
    return self._request("GET", method)
  File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 501, in _request
    conn.request(request_type, handler, body=body, headers=headers)
  File "/usr/lib64/python2.6/site-packages/rhsm/m2cryptohttp.py", line 179, in request
    return self._connection.request(method, handler, *args, **kwargs)
  File "/usr/lib64/python2.6/httplib.py", line 973, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib64/python2.6/httplib.py", line 1010, in _send_request
    self.endheaders()
  File "/usr/lib64/python2.6/site-packages/rhsm/m2cryptohttp.py", line 114, in endheaders
    httpslib.HTTPSConnection.endheaders(self)
  File "/usr/lib64/python2.6/httplib.py", line 967, in endheaders
    self._send_output()
  File "/usr/lib64/python2.6/httplib.py", line 831, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.6/httplib.py", line 790, in send
    self.connect()
  File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 192, in connect
    HTTPConnection.connect(self)
  File "/usr/lib64/python2.6/httplib.py", line 771, in connect
    self.timeout)
  File "/usr/lib64/python2.6/socket.py", line 553, in create_connection
    for res in getaddrinfo(host, port, 0, SOCK_STREAM):
gaierror: [Errno -2] Name or service not known



Case 2:
[root@jsefler-rhel6 ~]# tail -f /var/log/rhsm/rhsm.log
2016-12-09 17:09:17,741 [DEBUG] subscription-manager:5755:MainThread @https.py:59 - Using m2crypto wrappers to provide httplib and ssl
2016-12-09 17:09:17,878 [DEBUG] subscription-manager:5755:MainThread @ga_loader.py:89 - ga_loader GaImporterGtk2
2016-12-09 17:09:17,883 [DEBUG] subscription-manager:5755:MainThread @plugins.py:569 - loaded plugin modules: [<module 'container_content' from '/usr/share/rhsm-plugins/container_content.pyc'>]
2016-12-09 17:09:17,883 [DEBUG] subscription-manager:5755:MainThread @plugins.py:570 - loaded plugins: {'container_content.ContainerContentPlugin': <container_content.ContainerContentPlugin object at 0x12df2d0>}
2016-12-09 17:09:17,883 [DEBUG] subscription-manager:5755:MainThread @identity.py:131 - Loading consumer info from identity certificates.
2016-12-09 17:09:17,884 [DEBUG] subscription-manager:5755:MainThread @identity.py:146 - Reload of consumer identity cert /etc/pki/consumer/cert.pem raised an exception with msg: [Errno 2] No such file or directory: '/etc/pki/consumer/key.pem'
2016-12-09 17:09:17,960 [INFO] subscription-manager:5755:MainThread @managercli.py:389 - Client Versions: {'python-rhsm': '1.18.6-1.el6', 'subscription-manager': '1.18.6-1.el6'}
2016-12-09 17:09:17,961 [INFO] subscription-manager:5755:MainThread @connection.py:758 - Connection built: http_proxy=invalid:123 host=subscription.rhsm.redhat.com port=443 handler=/subscription auth=identity_cert ca_dir=/etc/rhsm/ca/ insecure=False
2016-12-09 17:09:17,962 [INFO] subscription-manager:5755:MainThread @connection.py:758 - Connection built: http_proxy=invalid:123 host=subscription.rhsm.redhat.com port=443 handler=/subscription auth=none
2016-12-09 17:09:18,024 [INFO] subscription-manager:5755:MainThread @managercli.py:325 - Attempted bad proxy: [Errno -2] Name or service not known




Case 3:
[root@jsefler-rhel6 ~]# tail -f /var/log/rhsm/rhsm.log
2016-12-09 17:10:38,252 [DEBUG] subscription-manager:5851:MainThread @https.py:59 - Using m2crypto wrappers to provide httplib and ssl
2016-12-09 17:10:38,394 [DEBUG] subscription-manager:5851:MainThread @ga_loader.py:89 - ga_loader GaImporterGtk2
2016-12-09 17:10:38,399 [DEBUG] subscription-manager:5851:MainThread @plugins.py:569 - loaded plugin modules: [<module 'container_content' from '/usr/share/rhsm-plugins/container_content.pyc'>]
2016-12-09 17:10:38,400 [DEBUG] subscription-manager:5851:MainThread @plugins.py:570 - loaded plugins: {'container_content.ContainerContentPlugin': <container_content.ContainerContentPlugin object at 0x22f3350>}
2016-12-09 17:10:38,400 [DEBUG] subscription-manager:5851:MainThread @identity.py:131 - Loading consumer info from identity certificates.
2016-12-09 17:10:38,400 [DEBUG] subscription-manager:5851:MainThread @identity.py:146 - Reload of consumer identity cert /etc/pki/consumer/cert.pem raised an exception with msg: [Errno 2] No such file or directory: '/etc/pki/consumer/key.pem'
2016-12-09 17:10:38,441 [INFO] subscription-manager:5851:MainThread @managercli.py:389 - Client Versions: {'python-rhsm': '1.18.6-1.el6', 'subscription-manager': '1.18.6-1.el6'}
2016-12-09 17:10:38,442 [INFO] subscription-manager:5851:MainThread @connection.py:758 - Connection built: http_proxy=invalid:123 host=subscription.rhsm.redhat.com port=443 handler=/subscription auth=identity_cert ca_dir=/etc/rhsm/ca/ insecure=False
2016-12-09 17:10:38,442 [INFO] subscription-manager:5851:MainThread @connection.py:758 - Connection built: http_proxy=invalid:123 host=subscription.rhsm.redhat.com port=443 handler=/subscription auth=none
2016-12-09 17:10:38,444 [DEBUG] subscription-manager:5851:MainThread @connection.py:444 - Loaded CA certificates from /etc/rhsm/ca/: redhat-entitlement-authority.pem, shwetha-workstation.pem, jsefler-candlepin.pem, ncat_listener.pem, redhat-uep.pem, jsefler-candlepin6.pem, timeout_listener.pem
2016-12-09 17:10:38,444 [DEBUG] subscription-manager:5851:MainThread @connection.py:476 - Using proxy: invalid:123
2016-12-09 17:10:38,444 [DEBUG] subscription-manager:5851:MainThread @connection.py:490 - Making request: GET /subscription/status/
2016-12-09 17:10:38,505 [ERROR] subscription-manager:5851:MainThread @utils.py:159 - [Errno -2] Name or service not known
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/subscription_manager/utils.py", line 142, in is_valid_server_info
    conn.ping()
  File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 819, in ping
    return self.conn.request_get("/status/")
  File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 623, in request_get
    return self._request("GET", method)
  File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 501, in _request
    conn.request(request_type, handler, body=body, headers=headers)
  File "/usr/lib64/python2.6/site-packages/rhsm/m2cryptohttp.py", line 179, in request
    return self._connection.request(method, handler, *args, **kwargs)
  File "/usr/lib64/python2.6/httplib.py", line 973, in request
    self._send_request(method, url, body, headers)
  File "/usr/lib64/python2.6/httplib.py", line 1010, in _send_request
    self.endheaders()
  File "/usr/lib64/python2.6/site-packages/rhsm/m2cryptohttp.py", line 114, in endheaders
    httpslib.HTTPSConnection.endheaders(self)
  File "/usr/lib64/python2.6/httplib.py", line 967, in endheaders
    self._send_output()
  File "/usr/lib64/python2.6/httplib.py", line 831, in _send_output
    self.send(msg)
  File "/usr/lib64/python2.6/httplib.py", line 790, in send
    self.connect()
  File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 192, in connect
    HTTPConnection.connect(self)
  File "/usr/lib64/python2.6/httplib.py", line 771, in connect
    self.timeout)
  File "/usr/lib64/python2.6/socket.py", line 553, in create_connection
    for res in getaddrinfo(host, port, 0, SOCK_STREAM):
gaierror: [Errno -2] Name or service not known

Comment 3 John Sefler 2017-01-17 19:44:29 UTC
Verifying Version...
[root@jsefler-rhel6 ~]# rpm -q subscription-manager 
subscription-manager-1.18.7-1.el6.x86_64
[root@jsefler-rhel6 ~]# rpm -q subscription-manager --changelog | grep 1403387
- 1403387: Fix proxy conn test short-circuit (csnyder@redhat.com)
[root@jsefler-rhel6 ~]# 

Re-testing the three cases from comment 0...
 
Case 1: specify proxy configurations in the rhsm.conf file only....
[root@jsefler-rhel6 ~]# subscription-manager config --server.proxy_hostname="invalid" --server.proxy_port="123" --server.proxy_user="red" --server.proxy_password="hat"
[root@jsefler-rhel6 ~]# subscription-manager register --username=joe --password=blo
Registering to: subscription.rhsm.redhat.com:443/subscription
Network error, unable to connect to server. Please see /var/log/rhsm/rhsm.log for more information.
[root@jsefler-rhel6 ~]# echo $?
70


Case 2: specify proxy values on the command line only....
[root@jsefler-rhel6 ~]# subscription-manager config --server.proxy_hostname="" --server.proxy_port="" --server.proxy_user="" --server.proxy_password=""
[root@jsefler-rhel6 ~]# subscription-manager register --username=joe --password=blo --proxy=invalid:123 --proxyuser=red --proxypassword=hat
Proxy connection failed, please check your settings.
[root@jsefler-rhel6 ~]# echo $?
69


Case 3: specify proxy values on the command *and* the rhsm.conf file.  The command line values should trump the rhsm.conf file values yielding the same response as case 2. Let's verify....
[root@jsefler-rhel6 ~]# subscription-manager config --server.proxy_hostname="invalid" --server.proxy_port="123" --server.proxy_user="red" --server.proxy_password="hat"
[root@jsefler-rhel6 ~]# subscription-manager register --username=joe --password=blo --proxy=invalid:123 --proxyuser=red --proxypassword=hat
Proxy connection failed, please check your settings.
[root@jsefler-rhel6 ~]# echo $?
69


VERIFIED! Case 3 results are identical to Case 2 indicating that the specifying the proxy args on the command line do indeed trump the values set in the rhsm.conf.

Comment 5 errata-xmlrpc 2017-03-21 10:57:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2017-0698.html


Note You need to log in before you can comment on or make changes to this bug.