Bug 1893617 - Failed to discover docker repositories because 'Content Default HTTP Proxy' is not used to connect to the registry.
Summary: Failed to discover docker repositories because 'Content Default HTTP Proxy' ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Container Management - Content
Version: 6.7.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: 6.10.0
Assignee: Partha Aji
QA Contact: Lukáš Hellebrandt
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-11-02 07:47 UTC by Hao Chang Yu
Modified: 2023-09-15 00:50 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-11-16 14:09:33 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 32036 0 Normal New "Failed to discover docker repositories because 'Content Default HTTP Proxy' is not used to connect to the registry." 2021-03-08 17:19:46 UTC
Red Hat Product Errata RHSA-2021:4702 0 None None None 2021-11-16 14:09:44 UTC

Description Hao Chang Yu 2020-11-02 07:47:27 UTC
Description of problem:
The Satellite that needs to connect to the RHSM/CDN via a HTTP Proxy failed to discover docker repositories (Web UI -> Content -> Products -> Click Repo Discovery) because Satellite doesn't use the 'Content Default HTTP Proxy' when connecting to the docker registry.

How to reproduce:
1. In Satellite block outgoing port 443 to simulate no the no internet connection.

firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport=443 -j REJECT

2. Try to discover the registry.redhat.io in Web UI -> Content -> Products -> Click Repo Discovery. You should get connection refused error.
3. Add a http proxy in Web UI -> Infrastructure -> Http Proxies -> New Http Proxy
4. Set the added http proxy as Web UI -> Settings -> Content -> Default HTTP Proxy
5. Again, try to discover the registry.redhat.io in Web UI -> Content -> Products -> Click Repo Discovery.

Actual results:
Discovery failed. Error: Failed to open TCP connection to registry.redhat.io:443 (Connection refused - connect(2) for "registry.redhat.io" port 443)

Expected results:
Discover successfully


Additional info:
However, it can connect successfully after setting the http proxy in Setting -> General -> HTTP(S) proxy


In 'app/lib/katello/repo_discovery.rb'
------------------------------------
    def docker_search
      params = {
        :accept => :json
      }
      params[:user] = @upstream_username unless @upstream_username.empty?
      params[:password] = @upstream_password unless @upstream_password.empty?
      begin
        results = RestClient.get(@uri.to_s + "v1/search?q=#{@search}", params)  <======  ####'default_global_content_proxy' is not set here. If Setting[:http_proxy] is set then it will be used. ####

        JSON.parse(results)['results'].each do |result|
          @found << result['name']
        end
      rescue
        # Note: v2 endpoint does not support search
        results = RestClient.get(@uri.to_s + "v2/_catalog", params)   <======  ####'default_global_content_proxy' is not set here. If Setting[:http_proxy] is set then it will be used. ####

        @found = JSON.parse(results)['repositories']
      end
      @found.sort!
    end
------------------------------------------

Comment 1 James Jeffers 2021-03-08 17:19:44 UTC
Created redmine issue https://projects.theforeman.org/issues/32036 from this bug

Comment 2 Bryan Kearney 2021-03-12 16:06:06 UTC
Moving this bug to POST for triage into Satellite since the upstream issue https://projects.theforeman.org/issues/32036 has been resolved.

Comment 3 Silas Pusateri 2021-06-21 17:11:26 UTC
Verified.
Version tested: Satellite-6.10.0 snap 5

Steps followed: 
1. In Satellite block outgoing port 443 to simulate no the no internet connection.

firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport=443 -j REJECT

2. Try to discover the registry.redhat.io in Web UI -> Content -> Products -> Click Repo Discovery. You should get connection refused error.
3. Add a http proxy in Web UI -> Infrastructure -> Http Proxies -> New Http Proxy
4. Set the added http proxy as Web UI -> Settings -> Content -> Default HTTP Proxy
5. Again, try to discover the registry.redhat.io in Web UI -> Content -> Products -> Click Repo Discovery.

Observation: Discovery failed. Error: Failed to open TCP connection to registry.redhat.io:443 (Connection refused - connect(2) for "registry.redhat.io" port 443)

Additional info: Tried setting the HTTPS proxy through Settings -> General -> HTTPS Proxy which did not connect successfully as suggested in the original filing (Discovery failed. Error: Failed to open TCP connection to registry.redhat.io:443 (Connection refused - connect(2) for "registry.redhat.io" port 443))

Comment 5 Lukáš Hellebrandt 2021-07-19 17:32:03 UTC
Comment 3 is confusing and not base for verification. Verifying myself.

Verified with Sat 6.10.0 snap 9.0.

In steps 2) and 5) of a reproducer from OP, I got "Discovery failed. Error: Failed to open TCP connection to registry.redhat.io:443 (Connection refused - connect(2) for "registry.redhat.io" port 443)" as expected since direct connection is not available and no proxy is set.

I created a HTTP proxy on another machine using Tinyproxy, with port 8080 (otherwise, selinux would block connection on the Satellite side).

In Satellite, in Infrastructure -> HTTP Proxies, I created a proxy with URL http://<FQDN>:8080 and selected this proxy in Administer -> Settings -> Content -> Default HTTP Proxy.

After trying to discover again, discovery worked as expected.

Comment 8 errata-xmlrpc 2021-11-16 14:09:33 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Satellite 6.10 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4702

Comment 9 agilmore2 2022-04-06 18:44:13 UTC
Older duplicate closed as WONTFIX: https://bugzilla.redhat.com/show_bug.cgi?id=1893617

Comment 10 agilmore2 2022-04-06 18:44:40 UTC
(In reply to agilmore2 from comment #9)
> Older duplicate closed as WONTFIX:
> https://bugzilla.redhat.com/show_bug.cgi?id=1893617

Er https://bugzilla.redhat.com/show_bug.cgi?id=1637079

Comment 11 Red Hat Bugzilla 2023-09-15 00:50:36 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days


Note You need to log in before you can comment on or make changes to this bug.