1825930 – [Regression] RedHat Insights client proxying stopped working due to missing proxy

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1825930 - [Regression] RedHat Insights client proxying stopped working due to missing proxy

Summary: [Regression] RedHat Insights client proxying stopped working due to missing p...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	RH Cloud - Insights
Sub Component:
Version:	6.7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	urgent with 3 votes
Target Milestone:	6.8.0
Assignee:	Rex White
QA Contact:	Mirek Długosz
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1122832
TreeView+	depends on / blocked

Reported:	2020-04-20 14:07 UTC by Peter Vreman
Modified:	2023-12-15 17:43 UTC (History)
CC List:	23 users (show)
Fixed In Version:	tfm-rubygem-redhat_access-2.2.13
Doc Type:	Release Note
Doc Text:
Clone Of:
Clones:	1832590 (view as bug list)
Environment:
Last Closed:	2020-10-27 13:01:20 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	5010111	0	None	None	None	2020-04-27 14:55:02 UTC
Red Hat Product Errata	RHSA-2020:4366	0	None	None	None	2020-10-27 13:01:50 UTC

Description Peter Vreman 2020-04-20 14:07:42 UTC

Description of problem:
Clients using insighgts-client connected to Sat6.7 are fialing with sever error 500.
The redhat_access plugin does not use the proxy anymore after the sat6.6 to 6.7 upgrade.

Grepping the source reveals the problem, the redhat-access plugin uses still the obsolete katello.cdn_proxy setting that is removed.




Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Disable Internet, and force proxy for Satellite 
2. Run  insights-client for a hosta connected to satellite
3. 

Actual results:
Failure to checking to cloud.redhat.com

Expected results:
Success


Additional info:
Please make sure there are all system tests that are also execute on a system that is 100% isolated and a http proxy. This is standard Setup for entreprises and the insights proxying a critical functionality if RedHat wants to push cloud.redhat.com SaaS solutions.

Comment 3 Peter Vreman 2020-04-20 14:09:53 UTC

Based on the code in cdn.rb i created a patch to the new content proxy value.

-------------
--- redhat_access-2.2.11/app/services/redhat_access/telemetry/look_ups.rb.200420-1      2020-02-27 16:35:40.000000000 +0000
+++ redhat_access-2.2.11/app/services/redhat_access/telemetry/look_ups.rb       2020-04-20 13:55:50.796387157 +0000
@@ -201,19 +201,8 @@
       end

       def get_portal_http_proxy
-        proxy = nil
-        if SETTINGS[:katello][:cdn_proxy] && SETTINGS[:katello][:cdn_proxy][:host]
-          proxy_config = SETTINGS[:katello][:cdn_proxy]
-          scheme = URI.parse(proxy_config[:host]).scheme
-          uri = URI('')
-          # Ruby's uri parser doesn't handle encoded characters so Katello added two new schemes to handle proxy
-          # passwords.  See https://github.com/Katello/katello/blob/master/app/lib/katello/util/proxy_uri.rb
-          uri.scheme = 'proxy' if scheme == 'http'
-          uri.scheme = 'proxys' if scheme == 'https'
-          uri.host = URI.parse(proxy_config[:host]).host
-          uri.port = proxy_config[:port] if proxy_config[:port]
-          uri.user =  CGI.escape(proxy_config[:user]) if proxy_config[:user]
-          uri.password = CGI.escape(proxy_config[:password]) if proxy_config[:password]
+        if (proxy = ::HttpProxy.default_global_content_proxy)
+          uri = URI(proxy.url)
           proxy = uri.to_s
         end
         proxy
-------------

Comment 4 Peter Vreman 2020-04-20 14:15:34 UTC

Bryan,

Can you please have a look at this. The insights-client proxying through satellite, that is normally behind a http-proxy, is a mandatory step to upload data to cloud.redhat.com.

I checked the github iof the plugin at https://github.com/redhataccess/foreman-plugin/blob/e098d28d60c66d78254ef10f6ff50b0a4e02f952/redhat-access/app/services/redhat_access/telemetry/look_ups.rb  but that is also lacking the update for the new proxy setting

Peter

Comment 6 Bryan Kearney 2020-04-20 14:17:48 UTC

Thanks Peter, I sent it along to Shim to take a look at it. I appreciate the patch.

Comment 9 Justin Sherrill 2020-04-23 12:29:55 UTC

Wanted to confirm that the proposed patch makes logical sense given the changes in 6.7

Comment 11 Rex White 2020-04-23 20:11:43 UTC

Careful with the proposed patch - please don't UNDO the fix for proxy passwords with special characters...

Comment 12 Will D 2020-04-24 12:01:00 UTC

(In reply to Rex White from comment #11)
> Careful with the proposed patch - please don't UNDO the fix for proxy
> passwords with special characters...

It appears in the WebUI its already broken on 6.7.0   Won't accept a password with an @ symbol.  

Works fine from the command line though
# hammer http-proxy create --name test123 --url <url> --username=<username> --password=<password with an @ in it>
Http proxy created.

Comment 30 errata-xmlrpc 2020-10-27 13:01:20 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.8 release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:4366

Note You need to log in before you can comment on or make changes to this bug.

ahuchcha
ahumbe
alsouza
bkearney
bmidwood
ecerqueira
egolov
fratto
janarula
jsherril
ktordeur
mawerner
mmccune
musman
ofalk
ptrivedi
rexwhite
roarora
robwilli
shisingh
sshtein
tonay
will_darton