2054148 – Repository sync via HTTPS proxy fails with error Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)] in Red Hat Satellite 7.0

Bug 2054148 - Repository sync via HTTPS proxy fails with error Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)] in Red Hat Satellite 7.0

Summary: Repository sync via HTTPS proxy fails with error Cannot connect to host 10.74...

Keywords:
Status:	CLOSED DUPLICATE of bug 1993917
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Pulp
Sub Component:
Version:	6.11.0
Hardware:	All
OS:	All
Priority:	unspecified
Severity:	high
Target Milestone:	6.11.0
Assignee:	satellite6-bugs
QA Contact:	Lai
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-02-14 09:58 UTC by Sayan Das
Modified:	2022-12-29 18:52 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-04-05 18:21:09 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Sayan Das 2022-02-14 09:58:20 UTC

Description of problem:

Repository sync via HTTPS proxy fails with error Cannot connect to host proxy_url:port ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)] in Red Hat Satellite 7.0 but manifest operation works fine.

Version-Release number of selected component (if applicable):

Satellite 7.0 (Snap 9) + RHEL 7

How reproducible:

100%

Steps to Reproduce:
1. Install and Configure a Red Hat Satellite 7 server.
2. Deploy a squid proxy with HTTPS based authentication (Username testuser and password Password@123 )
3. Configure that proxy in Satellite to be used as the Default HTTP proxy for content syncing and manifest operations.
4. Test following actions :

   * Add subscriptions to manifest
   * Refresh Manifest
   * Check if Repository listing is available or not from Content --> RedHat Repositories page and also see if available release versions are being displayed for rhel-7-server-rpms or not
   * Try syncing any Redhat or Custom repo,

Actual results:

Every else will be working excpet the last point i.e. Repo sync.

Error from foreman logs:

~~~
2022-02-14T04:45:32 [I|app|ddc6c5af] Started POST "/katello/sync_management/sync" for 10.74.9.134 at 2022-02-14 04:45:32 -0500
2022-02-14T04:45:33 [I|app|ddc6c5af] Processing by Katello::SyncManagementController#sync as JS
2022-02-14T04:45:33 [I|app|ddc6c5af]   Parameters: {"utf8"=>"✓", "sync_status_url"=>"", "repoids"=>["13"], "commit"=>"Synchronize Now"}
2022-02-14T04:45:33 [I|bac|ddc6c5af] Task {label: , id: eac8b73a-8abd-4a8f-ab95-2b119a5bc05d, execution_plan_id: 4be78dfa-24c3-4a6d-9b67-0a7bb9c42ddc} state changed: pending 
2022-02-14T04:45:33 [I|bac|ddc6c5af] Task {label: Actions::Katello::Repository::Sync, id: eac8b73a-8abd-4a8f-ab95-2b119a5bc05d, execution_plan_id: 4be78dfa-24c3-4a6d-9b67-0a7bb9c42ddc} state changed: planning 
2022-02-14T04:45:33 [I|bac|ddc6c5af] Task {label: Actions::Katello::Repository::Sync, id: eac8b73a-8abd-4a8f-ab95-2b119a5bc05d, execution_plan_id: 4be78dfa-24c3-4a6d-9b67-0a7bb9c42ddc} state changed: planned 
2022-02-14T04:45:33 [I|app|ddc6c5af] Completed 200 OK in 500ms (Views: 0.3ms | ActiveRecord: 32.6ms | Allocations: 131668)
2022-02-14T04:45:33 [I|bac|ddc6c5af] Task {label: Actions::Katello::Repository::Sync, id: eac8b73a-8abd-4a8f-ab95-2b119a5bc05d, execution_plan_id: 4be78dfa-24c3-4a6d-9b67-0a7bb9c42ddc} state changed: running 
2022-02-14T04:45:42 [E|bac|ddc6c5af] Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)] (Katello::Errors::Pulp3Error)
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/pulp3/abstract_async_task.rb:108:in `block in check_for_errors'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/pulp3/abstract_async_task.rb:106:in `each'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/pulp3/abstract_async_task.rb:106:in `check_for_errors'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/pulp3/abstract_async_task.rb:160:in `poll_external_task'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/action/polling.rb:100:in `poll_external_task_with_rescue'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/action/polling.rb:22:in `run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/action/cancellable.rb:14:in `run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/pulp3/abstract_async_task.rb:10:in `run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/action.rb:582:in `block (3 levels) in execute_run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:27:in `pass'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware.rb:19:in `pass'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware.rb:32:in `run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:23:in `call'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:27:in `pass'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware.rb:19:in `pass'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/middleware/remote_action.rb:16:in `block in run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/middleware/remote_action.rb:40:in `block in as_remote_user'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/models/katello/concerns/user_extensions.rb:21:in `cp_config'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/middleware/remote_action.rb:27:in `as_cp_user'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/middleware/remote_action.rb:39:in `as_remote_user'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/middleware/remote_action.rb:16:in `run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:23:in `call'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:27:in `pass'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware.rb:19:in `pass'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-5.2.1/app/lib/actions/middleware/rails_executor_wrap.rb:14:in `block in run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/execution_wrapper.rb:88:in `wrap'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-5.2.1/app/lib/actions/middleware/rails_executor_wrap.rb:13:in `run'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:23:in `call'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:27:in `pass'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware.rb:19:in `pass'
 ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/action/progress.rb:31:in `with_progress_calculation'

~~~

Error from Pulp logs:
~~~
eb 14 04:45:40 satellite7 pulpcore-worker-2: Backing off download_wrapper(...) for 1.2s (aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)])
Feb 14 04:45:40 satellite7 pulpcore-worker-2: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: backoff:INFO: Backing off download_wrapper(...) for 1.2s (aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)])
Feb 14 04:45:41 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]:  - - [14/Feb/2022:09:45:41 +0000] "GET /pulp/api/v3/tasks/6e00d4d3-007d-41f0-86e3-e14904df789a/ HTTP/1.1" 200 666 "-" "OpenAPI-Generator/3.16.0/ruby"
Feb 14 04:45:42 satellite7 pulpcore-worker-2: Giving up download_wrapper(...) after 5 tries (aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)])
Feb 14 04:45:42 satellite7 pulpcore-worker-2: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: backoff:ERROR: Giving up download_wrapper(...) after 5 tries (aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)])
Feb 14 04:45:42 satellite7 pulpcore-worker-2: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: pulpcore.tasking.pulpcore_worker:INFO: Task 6e00d4d3-007d-41f0-86e3-e14904df789a failed (Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)])
Feb 14 04:45:42 satellite7 pulpcore-worker-2: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: pulpcore.tasking.pulpcore_worker:INFO:   File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/tasking/pulpcore_worker.py", line 377, in _perform_task
Feb 14 04:45:42 satellite7 pulpcore-worker-2: result = func(*args, **kwargs)
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_rpm/app/tasks/synchronizing.py", line 453, in synchronize
Feb 14 04:45:42 satellite7 pulpcore-worker-2: remote_url = fetch_remote_url(remote)
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_rpm/app/tasks/synchronizing.py", line 282, in fetch_remote_url
Feb 14 04:45:42 satellite7 pulpcore-worker-2: get_repomd_file(remote, normalized_remote_url)
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_rpm/app/tasks/synchronizing.py", line 240, in get_repomd_file
Feb 14 04:45:42 satellite7 pulpcore-worker-2: return downloader.fetch()
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/download/base.py", line 180, in fetch
Feb 14 04:45:42 satellite7 pulpcore-worker-2: return done.pop().result()
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/download/http.py", line 259, in run
Feb 14 04:45:42 satellite7 pulpcore-worker-2: return await download_wrapper()
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/backoff/_async.py", line 133, in retry
Feb 14 04:45:42 satellite7 pulpcore-worker-2: ret = await target(*args, **kwargs)
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/download/http.py", line 255, in download_wrapper
Feb 14 04:45:42 satellite7 pulpcore-worker-2: return await self._run(extra_data=extra_data)
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_rpm/app/downloaders.py", line 114, in _run
Feb 14 04:45:42 satellite7 pulpcore-worker-2: async with self.session.get(
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/client.py", line 1117, in __aenter__
Feb 14 04:45:42 satellite7 pulpcore-worker-2: self._resp = await self._coro
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/client.py", line 520, in _request
Feb 14 04:45:42 satellite7 pulpcore-worker-2: conn = await self._connector.connect(
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 535, in connect
Feb 14 04:45:42 satellite7 pulpcore-worker-2: proto = await self._create_connection(req, traces, timeout)
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 890, in _create_connection
Feb 14 04:45:42 satellite7 pulpcore-worker-2: _, proto = await self._create_proxy_connection(req, traces, timeout)
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 1073, in _create_proxy_connection
Feb 14 04:45:42 satellite7 pulpcore-worker-2: transport, proto = await self._create_direct_connection(
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 1051, in _create_direct_connection
Feb 14 04:45:42 satellite7 pulpcore-worker-2: raise last_exc
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 1020, in _create_direct_connection
Feb 14 04:45:42 satellite7 pulpcore-worker-2: transp, proto = await self._wrap_create_connection(
Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 973, in _wrap_create_connection
Feb 14 04:45:42 satellite7 pulpcore-worker-2: raise ClientConnectorSSLError(req.connection_key, exc) from exc
Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]:  - - [14/Feb/2022:09:45:42 +0000] "GET /pulp/api/v3/tasks/6e00d4d3-007d-41f0-86e3-e14904df789a/ HTTP/1.1" 200 3869 "-" "OpenAPI-Generator/3.16.0/ruby"
Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]:  - - [14/Feb/2022:09:45:42 +0000] "GET /pulp/api/v3/contentguards/certguard/rhsm/?name=RHSMCertGuard HTTP/1.1" 200 2800 "-" "OpenAPI-Generator/1.5.0/ruby"
Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]:  - - [14/Feb/2022:09:45:42 +0000] "PATCH /pulp/api/v3/contentguards/certguard/rhsm/730e2691-c9b5-48db-b510-68d1b806b5f5/ HTTP/1.1" 200 2748 "-" "OpenAPI-Generator/1.5.0/ruby"
Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]:  - - [14/Feb/2022:09:45:42 +0000] "GET /pulp/api/v3/contentguards/certguard/rhsm/?name=RHSMCertGuard HTTP/1.1" 200 2800 "-" "OpenAPI-Generator/1.5.0/ruby"
Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]:  - - [14/Feb/2022:09:45:42 +0000] "PATCH /pulp/api/v3/contentguards/certguard/rhsm/730e2691-c9b5-48db-b510-68d1b806b5f5/ HTTP/1.1" 200 2748 "-" "OpenAPI-Generator/1.5.0/ruby"
Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]:  - - [14/Feb/2022:09:45:42 +0000] "GET /pulp/api/v3/distributions/rpm/rpm/?base_path=RedHat%2FLibrary%2Fcontent%2Fdist%2Frhel%2Fserver%2F7%2F7Server%2Fx86_64%2Fansible%2F2.9%2Fos HTTP/1.1" 200 728 "-" "OpenAPI-Generator/3.16.1/ruby"
Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]:  - - [14/Feb/2022:09:45:42 +0000] "PATCH /pulp/api/v3/distributions/rpm/rpm/e65323cc-e31c-4076-b132-3c128ad94d5b/ HTTP/1.1" 202 67 "-" "OpenAPI-Generator/3.16.1/ruby"

~~~



Expected results:

Repo sync should get successfully completed while using HTTPS proxy with Satellite 7.0


Additional info:
NA

Note You need to log in before you can comment on or make changes to this bug.