2054148 – Repository sync via HTTPS proxy fails with error Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)] in Red Hat Satellite 7.0

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2054148 - Repository sync via HTTPS proxy fails with error Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)] in Red Hat Satellite 7.0

Summary: Repository sync via HTTPS proxy fails with error Cannot connect to host 10.74...

Keywords:
Status:	CLOSED DUPLICATE of bug 1993917
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Pulp
Sub Component:
Version:	6.11.0
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	high
Target Milestone:	6.11.0
Assignee:	satellite6-bugs
QA Contact:	Lai
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-02-14 09:58 UTC by Sayan Das
Modified:	2022-12-29 18:52 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-04-05 18:21:09 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Sayan Das 2022-02-14 09:58:20 UTC

Description of problem:

Repository sync via HTTPS proxy fails with error Cannot connect to host proxy_url:port ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)] in Red Hat Satellite 7.0 but manifest operation works fine.

Version-Release number of selected component (if applicable):

Satellite 7.0 (Snap 9) + RHEL 7

How reproducible:

100%

Steps to Reproduce:
1. Install and Configure a Red Hat Satellite 7 server.
2. Deploy a squid proxy with HTTPS based authentication (Username testuser and password Password@123 )
3. Configure that proxy in Satellite to be used as the Default HTTP proxy for content syncing and manifest operations.
4. Test following actions :

   * Add subscriptions to manifest
   * Refresh Manifest
   * Check if Repository listing is available or not from Content --> RedHat Repositories page and also see if available release versions are being displayed for rhel-7-server-rpms or not
   * Try syncing any Redhat or Custom repo,

Actual results:

Every else will be working excpet the last point i.e. Repo sync.

Error from foreman logs:

~~~
2022-02-14T04:45:32 [I|app|ddc6c5af] Started POST "/katello/sync_management/sync" for 10.74.9.134 at 2022-02-14 04:45:32 -0500
2022-02-14T04:45:33 [I|app|ddc6c5af] Processing by Katello::SyncManagementController#sync as JS
2022-02-14T04:45:33 [I|app|ddc6c5af]   Parameters: {"utf8"=>"✓", "sync_status_url"=>"", "repoids"=>["13"], "commit"=>"Synchronize Now"}
2022-02-14T04:45:33 [I|bac|ddc6c5af] Task {label: , id: eac8b73a-8abd-4a8f-ab95-2b119a5bc05d, execution_plan_id: 4be78dfa-24c3-4a6d-9b67-0a7bb9c42ddc} state changed: pending 
2022-02-14T04:45:33 [I|bac|ddc6c5af] Task {label: Actions::Katello::Repository::Sync, id: eac8b73a-8abd-4a8f-ab95-2b119a5bc05d, execution_plan_id: 4be78dfa-24c3-4a6d-9b67-0a7bb9c42ddc} state changed: planning 
2022-02-14T04:45:33 [I|bac|ddc6c5af] Task {label: Actions::Katello::Repository::Sync, id: eac8b73a-8abd-4a8f-ab95-2b119a5bc05d, execution_plan_id: 4be78dfa-24c3-4a6d-9b67-0a7bb9c42ddc} state changed: planned 
2022-02-14T04:45:33 [I|app|ddc6c5af] Completed 200 OK in 500ms (Views: 0.3ms | ActiveRecord: 32.6ms | Allocations: 131668)
2022-02-14T04:45:33 [I|bac|ddc6c5af] Task {label: Actions::Katello::Repository::Sync, id: eac8b73a-8abd-4a8f-ab95-2b119a5bc05d, execution_plan_id: 4be78dfa-24c3-4a6d-9b67-0a7bb9c42ddc} state changed: running 
2022-02-14T04:45:42 [E|bac|ddc6c5af] Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)] (Katello::Errors::Pulp3Error)
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/pulp3/abstract_async_task.rb:108:in `block in check_for_errors'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/pulp3/abstract_async_task.rb:106:in `each'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/pulp3/abstract_async_task.rb:106:in `check_for_errors'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/pulp3/abstract_async_task.rb:160:in `poll_external_task'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/action/polling.rb:100:in `poll_external_task_with_rescue'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/action/polling.rb:22:in `run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/action/cancellable.rb:14:in `run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/pulp3/abstract_async_task.rb:10:in `run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/action.rb:582:in `block (3 levels) in execute_run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:27:in `pass'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware.rb:19:in `pass'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware.rb:32:in `run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:23:in `call'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:27:in `pass'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware.rb:19:in `pass'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/middleware/remote_action.rb:16:in `block in run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/middleware/remote_action.rb:40:in `block in as_remote_user'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/models/katello/concerns/user_extensions.rb:21:in `cp_config'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/middleware/remote_action.rb:27:in `as_cp_user'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/middleware/remote_action.rb:39:in `as_remote_user'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/middleware/remote_action.rb:16:in `run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:23:in `call'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:27:in `pass'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware.rb:19:in `pass'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-5.2.1/app/lib/actions/middleware/rails_executor_wrap.rb:14:in `block in run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/execution_wrapper.rb:88:in `wrap'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-5.2.1/app/lib/actions/middleware/rails_executor_wrap.rb:13:in `run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:23:in `call'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:27:in `pass'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware.rb:19:in `pass'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/action/progress.rb:31:in `with_progress_calculation'

~~~

Error from Pulp logs:
~~~
eb 14 04:45:40 satellite7 pulpcore-worker-2: Backing off download_wrapper(...) for 1.2s (aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)])
Feb 14 04:45:40 satellite7 pulpcore-worker-2: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: backoff:INFO: Backing off download_wrapper(...) for 1.2s (aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)])
Feb 14 04:45:41 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]:  - - [14/Feb/2022:09:45:41 +0000] "GET /pulp/api/v3/tasks/6e00d4d3-007d-41f0-86e3-e14904df789a/ HTTP/1.1" 200 666 "-" "OpenAPI-Generator/3.16.0/ruby"
Feb 14 04:45:42 satellite7 pulpcore-worker-2: Giving up download_wrapper(...) after 5 tries (aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)])
Feb 14 04:45:42 satellite7 pulpcore-worker-2: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: backoff:ERROR: Giving up download_wrapper(...) after 5 tries (aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)])
Feb 14 04:45:42 satellite7 pulpcore-worker-2: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: pulpcore.tasking.pulpcore_worker:INFO: Task 6e00d4d3-007d-41f0-86e3-e14904df789a failed (Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)])
Feb 14 04:45:42 satellite7 pulpcore-worker-2: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: pulpcore.tasking.pulpcore_worker:INFO:   File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/tasking/pulpcore_worker.py", line 377, in _perform_task
Feb 14 04:45:42 satellite7 pulpcore-worker-2: result = func(*args, **kwargs)
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_rpm/app/tasks/synchronizing.py", line 453, in synchronize
Feb 14 04:45:42 satellite7 pulpcore-worker-2: remote_url = fetch_remote_url(remote)
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_rpm/app/tasks/synchronizing.py", line 282, in fetch_remote_url
Feb 14 04:45:42 satellite7 pulpcore-worker-2: get_repomd_file(remote, normalized_remote_url)
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_rpm/app/tasks/synchronizing.py", line 240, in get_repomd_file
Feb 14 04:45:42 satellite7 pulpcore-worker-2: return downloader.fetch()
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/download/base.py", line 180, in fetch
Feb 14 04:45:42 satellite7 pulpcore-worker-2: return done.pop().result()
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/download/http.py", line 259, in run
Feb 14 04:45:42 satellite7 pulpcore-worker-2: return await download_wrapper()
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/backoff/_async.py", line 133, in retry
Feb 14 04:45:42 satellite7 pulpcore-worker-2: ret = await target(*args, **kwargs)
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/download/http.py", line 255, in download_wrapper
Feb 14 04:45:42 satellite7 pulpcore-worker-2: return await self._run(extra_data=extra_data)
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_rpm/app/downloaders.py", line 114, in _run
Feb 14 04:45:42 satellite7 pulpcore-worker-2: async with self.session.get(
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/client.py", line 1117, in __aenter__
Feb 14 04:45:42 satellite7 pulpcore-worker-2: self._resp = await self._coro
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/client.py", line 520, in _request
Feb 14 04:45:42 satellite7 pulpcore-worker-2: conn = await self._connector.connect(
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 535, in connect
Feb 14 04:45:42 satellite7 pulpcore-worker-2: proto = await self._create_connection(req, traces, timeout)
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 890, in _create_connection
Feb 14 04:45:42 satellite7 pulpcore-worker-2: _, proto = await self._create_proxy_connection(req, traces, timeout)
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 1073, in _create_proxy_connection
Feb 14 04:45:42 satellite7 pulpcore-worker-2: transport, proto = await self._create_direct_connection(
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 1051, in _create_direct_connection
Feb 14 04:45:42 satellite7 pulpcore-worker-2: raise last_exc
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 1020, in _create_direct_connection
Feb 14 04:45:42 satellite7 pulpcore-worker-2: transp, proto = await self._wrap_create_connection(
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 973, in _wrap_create_connection
Feb 14 04:45:42 satellite7 pulpcore-worker-2: raise ClientConnectorSSLError(req.connection_key, exc) from exc
Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]:  - - [14/Feb/2022:09:45:42 +0000] "GET /pulp/api/v3/tasks/6e00d4d3-007d-41f0-86e3-e14904df789a/ HTTP/1.1" 200 3869 "-" "OpenAPI-Generator/3.16.0/ruby"
Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]:  - - [14/Feb/2022:09:45:42 +0000] "GET /pulp/api/v3/contentguards/certguard/rhsm/?name=RHSMCertGuard HTTP/1.1" 200 2800 "-" "OpenAPI-Generator/1.5.0/ruby"
Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]:  - - [14/Feb/2022:09:45:42 +0000] "PATCH /pulp/api/v3/contentguards/certguard/rhsm/730e2691-c9b5-48db-b510-68d1b806b5f5/ HTTP/1.1" 200 2748 "-" "OpenAPI-Generator/1.5.0/ruby"
Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]:  - - [14/Feb/2022:09:45:42 +0000] "GET /pulp/api/v3/contentguards/certguard/rhsm/?name=RHSMCertGuard HTTP/1.1" 200 2800 "-" "OpenAPI-Generator/1.5.0/ruby"
Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]:  - - [14/Feb/2022:09:45:42 +0000] "PATCH /pulp/api/v3/contentguards/certguard/rhsm/730e2691-c9b5-48db-b510-68d1b806b5f5/ HTTP/1.1" 200 2748 "-" "OpenAPI-Generator/1.5.0/ruby"
Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]:  - - [14/Feb/2022:09:45:42 +0000] "GET /pulp/api/v3/distributions/rpm/rpm/?base_path=RedHat%2FLibrary%2Fcontent%2Fdist%2Frhel%2Fserver%2F7%2F7Server%2Fx86_64%2Fansible%2F2.9%2Fos HTTP/1.1" 200 728 "-" "OpenAPI-Generator/3.16.1/ruby"
Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]:  - - [14/Feb/2022:09:45:42 +0000] "PATCH /pulp/api/v3/distributions/rpm/rpm/e65323cc-e31c-4076-b132-3c128ad94d5b/ HTTP/1.1" 202 67 "-" "OpenAPI-Generator/3.16.1/ruby"

~~~



Expected results:

Repo sync should get successfully completed while using HTTPS proxy with Satellite 7.0


Additional info:
NA

Note You need to log in before you can comment on or make changes to this bug.