Bug 1651316
| Summary: | dnf not using proxy settings | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Francisco Lloreda <flloreda> |
| Component: | subscription-manager | Assignee: | candlepin-bugs |
| Status: | CLOSED DUPLICATE | QA Contact: | Red Hat subscription-manager QE Team <rhsm-qe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | high | ||
| Version: | 8.0 | CC: | csnyder, dmach, james.antill, mblaha, mkolaja, mwhitehe, wouter.hummelink |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | 8.0 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-01-07 21:28:06 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Francisco Lloreda
2018-11-19 16:41:41 UTC
I'm experiencing similar problems behind the corporate proxy of my customer. I've dove in a little further and in strace I can see that dnf does in fact try to connect to the proxy, but drops the connection again. I've tried both using the proxy directly and through CNTLM (to prevent storing my password in plaintext), but results are the same. CNTLM does not log the connection as a CONNECT request. I see that DNF sends some binary data to the proxy right after reading the cert bundle, so it somehow appears it's trying to talk tls at the proxy. The same setup works flawlessly on F29 (although that's not RH CDN) My financial services industry customer believes that they are also experiencing symptoms of this bug. I've tried to reproduce the bug and after setting http proxy in /etd/dnf/dnf.conf, all dnf traffic (according to tcpdump) went through this proxy and dnf cache was build without ignoring repositories. Please, can you check whether there are some proxy settings in subscription manager (/etc/rhsm/rhsm.conf) config file? If that is the case, you probably have proxy setting from dnf.conf overridden in repository configuration file /etc/yum.repos.d/redhat.repo (generated by dnf-plugin-subscription-manager). Are settings in dnf.conf and redhat.repo the same? There might be a change in the protocol (http in dnf.conf, https in redhat.repo, which could explain tls talk to proxy from comment#1). In case you found this difference in configs, can you please try following? 1. comment out proxy settings in redhat.repo file # sed -i 's/^proxy =/#proxy =/' /etc/yum.repos.d/redhat.repo 2. run dnf makecache again, with disabled subscription-manager plugin. (If you didn't disable it, it would overwrite the redhat.repo file again) # dnf --disableplugin=subscription-manager makecache See also similar (this bug might even be a duplicate) bug https://bugzilla.redhat.com/show_bug.cgi?id=1654531 I can confirm that I can create the metadata if I manually edit /etc/yum.repos.d/redhat.repo. It indeed included https in the proxy setting. I went a little further and in /usr/lib64/python3.6/site-packages/subscription-manager/repolib.py I edited line 834 which had https:// hardcoded and altered it to http:// and did a full refresh, the proxy settings are now still correct. Thanks for pointing me in the right direction to work around the issue. |