Description of problem: RPC API calls through RHN-Proxy does not work. Version-Release number of selected component (if applicable): RHN-Proxy 5.4 spacewalk-proxy-package-manager-1.2.2-5.el5sat spacewalk-proxy-broker-1.2.2-5.el5sat spacewalk-proxy-common-1.2.2-5.el5sat spacewalk-proxy-management-1.2.2-5.el5sat spacewalk-proxy-redirect-1.2.2-5.el5sat How reproducible: Always Steps to Reproduce: 1.Install RHN-Proxy 5.4 2.From another server try to execute some RPC call to Satelltie via RHN-Proxy. Actual results: #/tmp/test_api.py Traceback (most recent call last): File "/tmp/test_api_intel.py", line 10, in ? key = client.auth.login(USER, PASS) File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__ return self.__send(self.__name, args) File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request verbose=self.__verbose File "/usr/lib64/python2.4/xmlrpclib.py", line 1137, in request headers xmlrpclib.ProtocolError: <ProtocolError for intel-s3e3432-01.rhts.eng.bos.redhat.com/rpc/api: 502 Bad Gateway> Expected results: Success. Additional info: Proxy side: /var/log/httpd/access_log 10.16.66.128 - - [29/Nov/2010:15:49:30 -0500] "POST /rpc/api HTTP/1.0" 502 338 "-" "xmlrpclib.py/1.0.1 (by www.pythonware.com)" Code executed: For RNN-Proxy with the following RPM set the problem does not appear. spacewalk-proxy-package-manager-1.2.2-4.el5sat spacewalk-proxy-broker-1.2.2-4.el5sat spacewalk-proxy-common-1.2.2-4.el5sat spacewalk-proxy-management-1.2.2-4.el5sat spacewalk-proxy-redirect-1.2.2-4.el5sat Test code: #!/usr/bin/python import sys, xmlrpclib USER='admin' PASS='admin' PROXY_SERVER='http://intel-s3e3432-01.rhts.eng.bos.redhat.com/rpc/api' # log-in client = xmlrpclib.Server(PROXY_SERVER, verbose=0) key = client.auth.login(USER, PASS) list = client.activationkey.listActivationKeys(key) for ak in list: print "%s|%s|%s|%s" % (ak['key'], ak['base_channel_label'], ak['entitlements'], ak['universal_default']) #END
The error origin from Satellite On satellite: ==> /var/log/httpd/ssl_error_log <== [Mon Nov 29 22:42:44 2010] [error] [client 10.16.66.126] proxy: DNS lookup failure for: dhcp-lab-165.englab.brq.redhat.com:443, intel-s3e3432-01.rhts.eng.bos.redhat.com returned by /rpc/api Apache tries to resolve string: dhcp-lab-165.englab.brq.redhat.com:443, intel-s3e3432-01.rhts.eng.bos.redhat.com as hostname. I guess that it comes from X-RHN-Auth header. So either proxy construct it incorrectly or Satellite incorectly parse it.
TCP dump from Satellite: POST /rpc/api HTTP/1.1 Host: dhcp-lab-165.englab.brq.redhat.com Accept-Encoding: identity X-RHN-IP-Path: 10.16.66.128 Content-Length: 214 X-RHN-Transport-Capability: follow-redirects=3 Content-Type: text/xml X-RHN-Proxy-Auth: 1000011296::1291107584.37:21600.0:rbTCNhdcYj96r5WeeXQXIA==:intel-s3e3432-01.rhts.eng.bos.redhat.com X-RHN-Proxy-Version: 5.4.0 Host: intel-s3e3432-01.rhts.eng.bos.redhat.com User-Agent: xmlrpclib.py/1.0.1 (by www.pythonware.com) <?xml version='1.0'?> <methodCall> <methodName>auth.login</methodName> <params> <param> <value><string>admin</string></value> </param> <param> <value><string>admin</string></value> </param> </params> </methodCall> HTTP/1.1 502 Proxy Error Date: Tue, 30 Nov 2010 11:50:52 GMT Content-Length: 624 Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>502 Proxy Error</title> </head><body> <h1>Proxy Error</h1> <p>The proxy server received an invalid response from an upstream server.<br /> The proxy server could not handle the request <em><a href="/rpc/api">POST /rpc/api</a></em>.<p> Reason: <strong>DNS lookup failure for: dhcp-lab-165.englab.brq.redhat.com, intel-s3e3432-01.rhts.eng.bos.redhat.com</strong></p></p> <hr> <address>Apache Server at <a href="mailto:root@localhost">dhcp-lab-165.englab.brq.redhat.com, intel-s3e3432-01.rhts.eng.bos.redhat.com</a> Port 80</address> </body></html> So it seem to me that is problem of that satellite. That content of address tag is ServerSignature. So apache on Satellite think for some reason that its hostname is "dhcp-lab-165.englab.brq.redhat.com, intel-s3e3432-01.rhts.eng.bos.redhat.com"
Ok. Got it. This is cause by forwarding http header "Host". We need to filter it out.
Fixed in spacewalk.git 64021b958db3bff2688c89ab8d22ec471e132272
cherry picked to satellite.git as commit 027f231b148b44d8623fade02e117baf9a318b9e
Verified in stage w/ spacewalk-proxy-1.2.2-1 and spacewalk-backend-1.2.13-52 -> release pending.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2011-0876.html