Hide Forgot
Description of problem: Using the subscription-manager cli tool, you cannot connect to the candlepin server if you are configured to connect through a proxy that requires authentication. Version-Release number of selected component (if applicable): [jmolet@x2112 ~]$ rpm -qa | egrep "subscription|^python-2|python-rhsm" python-2.6.4-27.fc13.x86_64 python-rhsm-0.93.3-1.git.0.a79d99d.fc14.noarch subscription-manager-gnome-0.93.3-1.git.0.a79d99d.fc14.x86_64 subscription-manager-0.93.3-1.git.0.a79d99d.fc14.x86_64 How reproducible: always Steps to Reproduce: 1. Find a machine with subscription-manager installed. 2. Configure subscription manager to connect through a proxy that requires auth. 3. try to register with subscription-manager (or do any network actions) Actual results: [root@x2112 rhsm]# subscription-manager register --username=testuser1 --password=password Network error, unable to connect to server. Please see /var/log/rhsm/rhsm.log for more information. log file /var/log/rhsm/rhsm.log: 2010-12-09 14:51:21,567 [INFO] __init__() @connection.py:274 - Using certificate authentication: key = /etc/pki/consumer/key.pem, cert = /etc/pki/consumer/cert.pem, ca = /etc/rhsm/ca/, insecure = False 2010-12-09 14:51:21,567 [INFO] __init__() @connection.py:277 - Connection Established: host: mgmt4.rhq.lab.eng.bos.redhat.com, port: 8443, handler: /candlepin 2010-12-09 14:51:21,570 [INFO] _request() @connection.py:130 - loading ca pem certificates from: /etc/rhsm/ca/ 2010-12-09 14:51:21,570 [INFO] _load_ca_certificates() @connection.py:111 - loading ca certificate '/etc/rhsm/ca/candlepin-stage.pem' 2010-12-09 14:51:21,570 [INFO] _load_ca_certificates() @connection.py:111 - loading ca certificate '/etc/rhsm/ca/fakamai-cp1.pem' 2010-12-09 14:51:21,571 [INFO] _load_ca_certificates() @connection.py:111 - loading ca certificate '/etc/rhsm/ca/redhat-uep.pem' 2010-12-09 14:51:21,571 [INFO] _load_ca_certificates() @connection.py:111 - loading ca certificate '/etc/rhsm/ca/candlepin-ca.pem' 2010-12-09 14:51:21,572 [INFO] _request() @connection.py:132 - work in insecure mode ?:False 2010-12-09 14:51:21,572 [INFO] _request() @connection.py:139 - using proxy mgmt5.rhq.lab.eng.bos.redhat.com:3128 2010-12-09 14:51:21,572 [INFO] _request() @connection.py:146 - handler: https://mgmt4.rhq.lab.eng.bos.redhat.com:8443/candlepin/consumers/7a7d2eb9-334c-462e-9dba-3eb5aebc5245 2010-12-09 14:51:22,400 [INFO] _request() @connection.py:160 - status code: 204 2010-12-09 14:51:22,401 [INFO] unregister() @managerlib.py:574 - Successfully un-registered. 2010-12-09 14:51:26,977 [INFO] __init__() @connection.py:274 - Using certificate authentication: key = /etc/pki/consumer/key.pem, cert = /etc/pki/consumer/cert.pem, ca = /etc/rhsm/ca/, insecure = False 2010-12-09 14:51:26,977 [INFO] __init__() @connection.py:277 - Connection Established: host: mgmt4.rhq.lab.eng.bos.redhat.com, port: 8443, handler: /candlepin 2010-12-09 14:51:26,978 [INFO] __init__() @connection.py:263 - Using basic authentication as: testuser1 2010-12-09 14:51:26,978 [INFO] __init__() @connection.py:277 - Connection Established: host: mgmt4.rhq.lab.eng.bos.redhat.com, port: 8443, handler: /candlepin 2010-12-09 14:51:27,088 [INFO] _request() @connection.py:130 - loading ca pem certificates from: /etc/rhsm/ca/ 2010-12-09 14:51:27,088 [INFO] _load_ca_certificates() @connection.py:111 - loading ca certificate '/etc/rhsm/ca/candlepin-stage.pem' 2010-12-09 14:51:27,089 [INFO] _load_ca_certificates() @connection.py:111 - loading ca certificate '/etc/rhsm/ca/fakamai-cp1.pem' 2010-12-09 14:51:27,089 [INFO] _load_ca_certificates() @connection.py:111 - loading ca certificate '/etc/rhsm/ca/redhat-uep.pem' 2010-12-09 14:51:27,090 [INFO] _load_ca_certificates() @connection.py:111 - loading ca certificate '/etc/rhsm/ca/candlepin-ca.pem' 2010-12-09 14:51:27,090 [INFO] _request() @connection.py:132 - work in insecure mode ?:False 2010-12-09 14:51:27,090 [INFO] _request() @connection.py:139 - using proxy mgmt5.rhq.lab.eng.bos.redhat.com:3128 2010-12-09 14:51:27,091 [INFO] _request() @connection.py:146 - handler: https://mgmt4.rhq.lab.eng.bos.redhat.com:8443/candlepin/consumers/ 2010-12-09 14:51:27,323 [ERROR] handle_exception() @managercli.py:44 - exception caught in subscription-manager 2010-12-09 14:51:27,323 [ERROR] handle_exception() @managercli.py:45 - Proxy connection failed: 407 Traceback (most recent call last): File "/usr/sbin/subscription-manager", line 75, in <module> sys.exit(abs(main() or 0)) File "/usr/sbin/subscription-manager", line 66, in main return managercli.CLI().main() File "/usr/share/rhsm/managercli.py", line 710, in main cmd.main() File "/usr/share/rhsm/managercli.py", line 146, in main self._do_command() File "/usr/share/rhsm/managercli.py", line 326, in _do_command facts=self.facts.get_facts()) File "/usr/share/rhsm/connection.py", line 299, in registerConsumer return self.conn.request_post('/consumers/', params) File "/usr/share/rhsm/connection.py", line 183, in request_post return self._request("POST", method, params) File "/usr/share/rhsm/connection.py", line 152, in _request headers=self.headers) File "/usr/lib64/python2.6/httplib.py", line 898, in request self._send_request(method, url, body, headers) File "/usr/lib64/python2.6/httplib.py", line 935, in _send_request self.endheaders() File "/usr/share/rhsm/connection.py", line 66, in endheaders httpslib.HTTPSConnection.endheaders(self) File "/usr/lib64/python2.6/httplib.py", line 892, in endheaders self._send_output() File "/usr/lib64/python2.6/httplib.py", line 764, in _send_output self.send(msg) File "/usr/lib64/python2.6/httplib.py", line 723, in send self.connect() File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 180, in connect raise socket.error, "Proxy connection failed: %d" % code error: Proxy connection failed: 407 Expected results: The client registers and successfully connects through the proxy. Additional info: This is starting to look like possibly a python 2.6 problem, and it doesn't look like it is actually passing the username/password for the proxy server to the proxy server. I will also note, however, that the gui tool seems to successfully register using the same proxy settings.
commit 8405d250762441819b75cc1a19b6f899d0c03012 Author: Adrian Likins <alikins@redhat.com> Date: Fri Dec 10 10:57:57 2010 -0500 661876: fix a bug with cli not using config file proxy auth info Looks like cli wasn't reading the auth info from the config on some commands (like register).
[root@x2112 rhsm]# rpm -qa | grep subscription subscription-manager-gnome-0.93.3-1.git.19.7e709b6.fc14.x86_64 subscription-manager-0.93.3-1.git.19.7e709b6.fc14.x86_64 test1: proxying by editing rhsm.conf [root@x2112 rhsm]# subscription-manager unregister System has been un-registered. [root@x2112 rhsm]# cat rhsm.conf | grep proxy proxy_hostname = mgmt5.rhq.lab.eng.bos.redhat.com proxy_user = redhat proxy_password = redhat proxy_port = 3128 [root@x2112 rhsm]# subscription-manager register --username=testuser1 --password=password bff7d25d-ce13-44c7-81cb-5c488d15e93f testuser1 test successful. ======================================= test2: proxying entirely via cli [root@x2112 rhsm]# cat rhsm.conf | grep proxy proxy_hostname = None proxy_user = None proxy_password = None proxy_port = None proxy_hostname = proxy_user = proxy_password = proxy_port = [root@x2112 rhsm]# subscription-manager unregister This system is currently not registered. [root@x2112 rhsm]# subscription-manager register --username=xeops --password=redhat --proxy=mgmt5.rhq.lab.eng.bos.redhat.com --proxyuser=redhat --proxypass=redhat up redhat redhat nl candlepin1.devlab.phx1.redhat.com:443 CONNECT candlepin1.devlab.phx1.redhat.com:443 HTTP/1.1 Host: candlepin1.devlab.phx1.redhat.com:443 Proxy-Authorization: Basic cmVkaGF0OnJlZGhhdA== bf0ed0b4-927c-45d0-8fd5-62f561ef75d3 xeops [root@x2112 rhsm]# ========================== cli proxying works with this commit
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2011-0611.html