Bug 902557
| Summary: | rhui-lb plugin does not work with a proxy | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Update Infrastructure for Cloud Providers | Reporter: | James Slagle <jslagle> | ||||||||||||
| Component: | Tools | Assignee: | James Slagle <jslagle> | ||||||||||||
| Status: | CLOSED ERRATA | QA Contact: | mkovacik | ||||||||||||
| Severity: | unspecified | Docs Contact: | |||||||||||||
| Priority: | high | ||||||||||||||
| Version: | 2.1 | CC: | asettle, dmacpher, juwu, tsanders, whayutin | ||||||||||||
| Target Milestone: | --- | ||||||||||||||
| Target Release: | 2.1.1 | ||||||||||||||
| Hardware: | Unspecified | ||||||||||||||
| OS: | Unspecified | ||||||||||||||
| Whiteboard: | |||||||||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||||||||
| Doc Text: |
The rhui-lb plugin failed to support proxy servers and caused synchronization between the RHUA and CDS to fail. This fix adds proxy support to rhui-lb.py and provides successful synchronization.
|
Story Points: | --- | ||||||||||||
| Clone Of: | Environment: | ||||||||||||||
| Last Closed: | 2013-02-27 17:03:26 UTC | Type: | Bug | ||||||||||||
| Regression: | --- | Mount Type: | --- | ||||||||||||
| Documentation: | --- | CRM: | |||||||||||||
| Verified Versions: | Category: | --- | |||||||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||||||
| Embargoed: | |||||||||||||||
| Attachments: |
|
||||||||||||||
|
Description
James Slagle
2013-01-21 23:07:51 UTC
cloude commit d210171c7059c9c934439dd0d914832b993f582a QA: This needs to be thoroughly tested. Make sure any client config rpm's are built with RHUI 2.1.1 so that they have the latest rhui-lb plugin that has proxy support. For each client that is being tested with proxy, I would setup firewall rules that prevent it from accessing the CDS servers on ports 80/443 just to make sure that they truly don't have access to the CDS's. There are 2 ways to set a proxy for yum to use, in /etc/yum.conf or with the http_proxy and https_proxy environment variables. The environment variables can be command specific: # http_proxy=http://proxy.server:80 yum <command> or system wide (set in an initrc or some other method). Both ways need to be tested. RHEL 5 and 6 clients needs to be tested. Authenticated/Unauthenticated proxies need to be tested. HTTP/HTTPS proxies need to be tested. HTTPS traffic can be proxied over HTTP, so that needs to be tested. I used mod_proxy for testing during development. Any proxy should work. If you wanted to test with squid, that might be good. Any questions let me know. (In reply to comment #2) Test plan: https://tcms.engineering.redhat.com/plan/8257/rhui-211-client-side-proxy Created attachment 686698 [details]
RHEL 5.5 test case log
Manual check of the update client rpm in RHEL 5.5;
test steps:
- yum clean all; yum repolist -v # positive exp. OK
- rpm -Uvh <rh-amazon-rhui-client update>
- yum clean all; yum repolist -v # positive exp. OK
- # set /etc/yum.conf to custom auth proxy>
- yum clean all; yum repolist -v # positive exp. OK
- # set firewall to prevent client access to cds
- yum clean all ;yum repolist -v # positive exp. OK
- # reset /etc/yum.conf
- yum clean all; yum repolist -v # negative exp. OK
- # set /etc/profile.d/proxy.sh
- # log out, log in
- yum clean all; yum repolist -v # positive exp. OK
- # reset /etc/profile.d/proxy.sh
- # log out, log in
- yum clean all; yum repolist -v # negative exp. OK
- https_proxy="https://<user>:<passwd>@host:<3128> # positive exp. OK
All passed
Created attachment 686725 [details]
RHEL 6.3 test case log
Test case steps:
- yum clean all; yum repolist # positive exp. OK
- rpm -Uvh <rh-amazon-rhui-client update>
- yum clean all; yum repolist # positive exp. OK
- # update /etc/yum.conf to point to the https proxy
- yum clean all; yum repolist # positive exp. OK
- # set firewall to block access to cds1, cds2
- yum clean all; yum repolist # positive exp. OK
- # reset /etc/yum.conf
- yum clean all; yum repolist # negative exp. OK
- # setup /etc/profile.d/proxy.sh to point to the http proxy
- # log out, log in
- echo $https_proxy
- yum clean all; yum repolist # positive exp. OK
- # reset /etc/profile.d/proxy.sh
- # log out, log in
- yum clean all; yum repolist # negative exp. OK
- https_proxy=https://<user>:<passwd>@proxy:3128 yum repolist # positive exp. OK
Created attachment 686726 [details]
RHEL 5.9 load balancing issue
It seems there is a load balancing issue with the RHEL 5 client rpm;
disabling cds1 in firewall prevents the client from getting content even though cds2 is accessible. This isn't the case with the RHEL 6 client rpm; see the previous log files, too...
Created attachment 686773 [details]
RHEL 5.9 noauth test case log
Test case steps:
- # set client firewall to block traffic to cds
- yum clean all ; https_proxy="<proxy>:3128" yum repolist # exp. pos. OK
- # setup /etc/yum.conf
- yum clean all; yum repolist # exp. pos. OK
- # reset /etc/yum.conf
- # reset firewall
- yum clean all; yum repolist # exp. pos OK
Created attachment 686784 [details]
RHEL 6.3 noauth test case log
Test case steps:
- # set client firewall to block traffic to cds
- yum clean all ; https_proxy="<proxy>:3128" yum repolist # exp. pos. OK
- # setup /etc/yum.conf
- yum clean all; yum repolist # exp. pos. OK
- # reset /etc/yum.conf
- # reset firewall
- yum clean all; yum repolist # exp. pos OK
Checked as well in 6.4 RC, see e.g. bug 902557. Moving to verified... Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0571.html |