Red Hat Bugzilla – Bug 1475954
Proxy configuration does not work in restricted IPV6 only environment
Last modified: 2018-03-06 09:50:09 EST
A minor mistake, though quite clear from context:
The second "Steps to Reproduce - SOCKS5 proxy:" should be "Steps to Reproduce - squid proxy:"
Pavol is right. I can prove his finding in another approach. By comparing ip address with different proxy setting I can confirm the proxy configuration is correct, it's a bug of cfme:
# in myappliance2 (10.16.4.131 / fc00:beef::1)
[root@myappliance2 ~]# http_proxy="" curl www.google.com
curl: (7) Failed to connect to 2607:f8b0:4004:80a::2004: Network is unreachable
[root@myappliance2 ~]# http_proxy="" curl ipecho.net/plain && echo;
curl: (7) Failed to connect to 18.104.22.168: Network is unreachable
[root@myappliance2 ~]# http_proxy="user:redhat@localhost:3128" curl ipecho.net/plain && echo;
[root@myappliance2 ~]# curl --socks5-hostname localhost:8081 ipecho.net/plain && echo;
# in jumpbox (10.16.6.102 / fc00:beef::ffff)
[root@10-16-6-102 ~]# curl ipecho.net/plain && echo;
From above we can get a conclusion: without any proxy the pure ipv6 myappliance2 can not reach any network. With socks5 proxy from jumpbox, it "has" same ip address with jumpbox: 22.214.171.124.[*] With squid proxy it "has" another ipaddress, should be the one using in the squid server (126.96.36.199). As we can't clone repo in cfme ui, the proxy settings is not applied correctly in cfme.
[*]: this is, actually the router for jumpbox connecting to internet, but it doesn't affect we get this conclusion because without this proxy myappliance2 cannot reach internet and that router. Same for 188.8.131.52.
How did you enable embedded ansible server roles before in? You've done that at fc00:beef::294. I tried to turn it on then save at fc00:beef::296 with help of cfme docs and some people in our team, but still can't get EmbeddedAnsible Worker running. Maybe I broke something. Can you help me turn on that and enable me to enter "Add new repository" page? Thanks. I'll look at add amazon or other provider part of this bug first.
Thanks for your hint. I reset hostname then restart evm server. The problem for "bad component(expected host component)" disappeared but have problem in starting EmbeddedAnsibleWorker running on nginx:
[----] E, [2017-08-10T06:07:18.805790 #21319:601560c] ERROR -- : AwesomeSpawn: /bin/systemctl exit code: 1
[----] E, [2017-08-10T06:07:18.805879 #21319:601560c] ERROR -- : AwesomeSpawn: Job for nginx.service failed because the
control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
[----] E, [2017-08-10T06:07:18.806024 #21319:601560c] ERROR -- : [AwesomeSpawn::CommandResultError]: /bin/systemctl exit
code: 1 Method:[rescue in do_before_work_loop]
[----] E, [2017-08-10T06:07:18.806123 #21319:601560c] ERROR -- : /opt/rh/cfme-gemset/gems/awesome_spawn-1.4.1/lib/awesom
/var/www/miq/vmdb/lib/embedded_ansible.rb:53:in `block in start'
And systemctl status nginx.service got:
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2017-08-10 06:13:55 EDT; 12s ago
Aug 10 06:13:55 test-proxy systemd: Starting The nginx HTTP and reverse proxy server...
Aug 10 06:13:55 test-proxy nginx: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Aug 10 06:13:55 test-proxy nginx: nginx: [emerg] open() "/var/log/nginx/access.log" failed (28: No space left on device)
Aug 10 06:13:55 test-proxy nginx: nginx: configuration file /etc/nginx/nginx.conf test failed
Aug 10 06:13:55 test-proxy systemd: nginx.service: control process exited, code=exited status=1
Aug 10 06:13:55 test-proxy systemd: Failed to start The nginx HTTP and reverse proxy server.
Aug 10 06:13:55 test-proxy systemd: Unit nginx.service entered failed state.
Aug 10 06:13:55 test-proxy systemd: nginx.service failed.
And when I try to locate code for EmbeddedAnsibleWorker::Runner locally (a daily pulled from manageiq repo), I found this file has changed a lot since 184.108.40.206, does it make sense to setting up a vm running more recent version of cfme and I make changes there?
*** Bug 1478582 has been marked as a duplicate of this bug. ***
Bo and Pavol,
Can you try out the solution in https://access.redhat.com/solutions/3127941?
If that works we can set up a way to propagate the settings configured for the cfme proxy programatically.
Additionally if an ssh bastion host is require (not sure if that's what this bug is about) we may need to set something up similar to what is described here , but I'm hoping the config changes in settings.py will do the trick.
New commit detected on ManageIQ/manageiq/master:
Author: Bo Yao <email@example.com>
AuthorDate: Fri Sep 22 13:40:33 2017 -0400
Commit: Bo Yao <firstname.lastname@example.org>
CommitDate: Fri Sep 22 21:34:11 2017 -0400
add http proxy support for embedded ansible tower
lib/embedded_ansible.rb | 17 +++++++++++++++++
1 file changed, 17 insertions(+)