Bug 1572304 - Docker registry sync does not use HTTP proxy configuration
Summary: Docker registry sync does not use HTTP proxy configuration
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Container Management - Runtime
Version: 6.2.0
Hardware: x86_64
OS: Linux
high
medium
Target Milestone: 6.4.0
Assignee: Sebastian Gräßl
QA Contact: Lukas Pramuk
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-26 16:04 UTC by Satellite Program
Modified: 2022-03-13 14:55 UTC (History)
46 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1333595
Environment:
Last Closed: 2018-10-16 19:06:01 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 20201 0 None None None 2018-04-26 16:04:40 UTC
Github theforeman foreman pull 4640 0 None None None 2018-04-26 16:04:40 UTC
Red Hat Knowledge Base (Solution) 2906801 0 None None None 2018-04-26 16:04:40 UTC

Comment 2 Lukas Pramuk 2018-05-31 10:28:32 UTC
FailedQA.

@satellite-6.4.0-9.beta.el7sat.noarch (Snap5)
foreman-1.18.0.0.7-1.el7sat.noarch
tfm-rubygem-runcible-2.8.1-1.el7sat.noarch

In the middle of functionality testing I found there are bad strings for the new setting:


Nightly: 

HTTP(S) proxy		Sets a proxy for all outgoing HTTP connections.
HTTP(S) proxy except hosts 	Set hostnames to which requests are not to be proxied

vs. 

Satellite6.4.0:

HTTP(S) Capsule 	Sets a Capsule for all outgoing HTTP connections.
HTTP(S) Capsule except hosts 	Set hostnames to which requests are not to be proxied

>>> in downstream http proxy should still read the same "http proxy" instead of wrong "http capsule"

Comment 3 Satellite Program 2018-05-31 12:13:38 UTC
Upstream bug assigned to sgraessl

Comment 4 Lukas Pramuk 2018-05-31 13:28:55 UTC
OK. 

The bad strings is the different component therefore I filed BZ 1584698 against Branding and switching this BZ back to ONQA.

Comment 5 Lukas Pramuk 2018-06-06 10:00:02 UTC
VERIFIED.

@satellite-6.4.0-9.beta.el7sat.noarch (Snap6)
foreman-1.18.0.0.7-1.el7sat.noarch
tfm-rubygem-runcible-2.8.1-1.el7sat.noarch

by the following reproducer/testing:

1) Set setting "HTTP(S) proxy" to authed proxy
 http://admin:redhat@proxy.example.com:3128

2) Create docker registry and see traffic hitting proxy

3) Set setting "HTTP(S) proxy" to unauthed proxy
 http://proxy.example.com:3401

4) Create docker registry and see traffic hitting unauthed proxy

5) Set setting "HTTP(S) proxy" to non-existing proxy
 http://nonononoproxy.example.com:3401

6) Try to create docker registry and see it failed
(x) Unable to save
Unable to log in to this Docker Registry - Proxied request failed with: getaddrinfo: Name or service not known (SocketError)

7) Check all other stuff is also using proxy (tries to use nonexisting proxy) since this is general http-proxy RFE (ie. not only registries)

*/compute_resources/1-http docker/edit
Proxied request failed with: getaddrinfo: Name or service not known (SocketError)

*/redhat_access/insights
Oops, we're sorry but something went wrong Failed to open TCP connection ...

>>> http-proxy is used for all requests

But even for candlepin/katello !!! (ultimate breakage) and even if you set valid proxy since request for candlepin (8443/tcp) cannot be proxied and are refused. Any katello page is throwing "403 Forbidden"

Unless you specify Satellite FQDN in "HTTP(S) proxy except hosts" which is really really tricky and wouldn't be obvoius to many CUs.

Filing new BZ 1585076 with this issue (as discussed with Dev and his Manager)

Comment 6 Bryan Kearney 2018-10-16 19:06:01 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2927


Note You need to log in before you can comment on or make changes to this bug.