using a proxy to register to RHN works fine as does with subscription-manager as shipped with RHEL 6.4. but when using rhn-migrate-classic-to-rhsm with an internal SAM it fails. # rpm -qa |grep subscription-manager subscription-manager-firstboot-1.1.23-1.el6.x86_64 subscription-manager-gui-1.1.23-1.el6.x86_64 subscription-manager-1.1.23-1.el6.x86_64 subscription-manager-migration-1.1.23-1.el6.x86_64 Command used: rhn-migrate-classic-to-rhsm --serverurl=https://192.168.68/135/sam It appears to take the proxy server settings from RHN and works when subscribing externally but the proxy is only used for external sites so it works fine if migrated to subscription-management on the RHN but not for a locally hosted SAM platform. There doesn't appear to be a way to specify to use a proxy for RHN but not for SAM. 2013-02-26 15:43:16,374 [INFO] @rhn-migrate-classic-to-rhsm:472 - Using proxy 192.168.196.41:80 - transferring settings to r hsm.conf 2013-02-26 15:43:16,378 [DEBUG] @profile.py:95 - Loading current RPM profile. 2013-02-26 15:43:16,899 [INFO] @connection.py:527 - Using basic authentication as: admin 2013-02-26 15:43:16,900 [INFO] @connection.py:549 - Connection Built: host: 192.168.68.135, port: 443, handler: /sam 2013-02-26 15:43:16,901 [DEBUG] @connection.py:360 - Loading CA PEM certificates from: /etc/rhsm/ca/ 2013-02-26 15:43:16,901 [DEBUG] @connection.py:342 - Loading CA certificate: '/etc/rhsm/ca/redhat-uep.pem' 2013-02-26 15:43:16,902 [DEBUG] @connection.py:342 - Loading CA certificate: '/etc/rhsm/ca/candlepin-stage.pem' 2013-02-26 15:43:16,903 [DEBUG] @connection.py:366 - Using proxy: 192.168.196.41:80 2013-02-26 15:43:16,903 [DEBUG] @connection.py:381 - Making request: GET https://192.168.68.135:443/sam/users/admin/owners 2013-02-26 15:43:20,181 [ERROR] @rhn-migrate-classic-to-rhsm:246 - Proxy connection failed: 502 2013-02-26 15:43:20,185 [ERROR] @rhn-migrate-classic-to-rhsm:247 - Traceback (most recent call last): File "/usr/sbin/rhn-migrate-classic-to-rhsm", line 241, in checkOkToProceed cp.getOwnerList(username) File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 697, in getOwnerList return self.conn.request_get(method) File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 437, in request_get return self._request("GET", method) File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 387, in _request conn.request(request_type, handler, body=body, headers=headers) File "/usr/lib64/python2.6/httplib.py", line 914, in request self._send_request(method, url, body, headers) File "/usr/lib64/python2.6/httplib.py", line 951, in _send_request self.endheaders() File "/usr/lib64/python2.6/site-packages/rhsm/connection.py", line 140, in endheaders httpslib.HTTPSConnection.endheaders(self) File "/usr/lib64/python2.6/httplib.py", line 908, in endheaders self._send_output() File "/usr/lib64/python2.6/httplib.py", line 780, in _send_output self.send(msg) File "/usr/lib64/python2.6/httplib.py", line 739, in send self.connect() File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 203, in connect raise socket.error, "Proxy connection failed: %d" % code error: Proxy connection failed: 502
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux.
Peter, Do you think providing a --no-proxy option that doesn't copy the proxy information from the RHN config file would be an acceptable solution?
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
(In reply to comment #4) > Peter, > > Do you think providing a --no-proxy option that doesn't copy the proxy > information from the RHN config file would be an acceptable solution? Possibly, it sounds reasonable
commit d8b525a859c65e2eda089a7081a96cccdadf0881 Author: Alex Wood <awood> Date: Thu Jun 13 16:45:22 2013 -0400 915847: Provide option to skip using proxy when connecting to RHSM.
After talking with awood about this bug, I believe the following scenario is likely to happen for a user who is migrating from RHN w/proxy to an internal SAM w/o a proxy... The user is not going to know that they need to specify the new --no-proxy option, and because the migration script transfers the proxy settings from /etc/sysconfig/rhn/up2date to /etc/rhsm/rhsm.conf early in the script, the migration script is going to fail to connect to SAM and leave rhsm.conf dirty. Then after specifying the --no-proxy option on the second attempt to migrate, it will be too late. Please update the --no-proxy functionality to ensure that /etc/rhsm/rhsm.conf is free of a proxy before attempting the migration. Moving back to ASSIGNED
Fix issue in comment 10 with commit b15f168852230c1aef9b97c678faa5ae7f978bcd Author: Alex Wood <awood> Date: Wed Jun 26 15:38:33 2013 -0400 915847: Clear old proxy settings if the --no-proxy option is used.
Moving these to ON_QA. The tooling must have missed moving these.
Verifying Version.... [root@jsefler-5 ~]# rpm -q subscription-manager-migration subscription-manager-migration-1.8.19-1.el5 [root@jsefler-5 ~]# rhn-migrate-classic-to-rhsm --help Usage: rhn-migrate-classic-to-rhsm [OPTIONS] options: -h, --help show this help message and exit -f, --force ignore channels not available on RHSM -g, --gui launch the GUI tool to attach subscriptions, instead of auto-attaching -n, --no-auto don't execute the auto-attach option while registering with subscription manager -s SERVICELEVEL, --servicelevel=SERVICELEVEL service level to follow when attaching subscriptions, for no service level use --servicelevel="" --serverurl=SERVERURL specify the subscription management server to migrate to --no-proxy don't use RHN proxy settings with subscription management server --org=ORG organization to register to --environment=ENVIRONMENT environment to register to VERIFIED: there is now a new --no-proxy option for rhn-migrate-classic-to-rhsm Before registering to RHN Classic, I have configured up2date to use a proxy server as follows... [root@jsefler-5 ~]# grep -i proxy /etc/sysconfig/rhn/up2date enableProxyAuth[comment]=To use an authenticated proxy or not enableProxyAuth=1 enableProxy[comment]=Use a HTTP Proxy enableProxy=1 proxyPassword[comment]=The password to use for an authenticated proxy proxyPassword=redhat proxyUser[comment]=The username for an authenticated proxy proxyUser=redhat httpProxy[comment]=HTTP proxy in host:port format, e.g. squid.redhat.com:3128 httpProxy=auto-services.usersys.redhat.com:3128 [root@jsefler-5 ~]# Now let's register to RHN Classic (using our proxy)... [root@jsefler-5 ~]# rhnreg_ks --serverUrl=https://xmlrpc.rhn.code.stage.redhat.com/XMLRPC --username=qa --password=****** --force [root@jsefler-5 ~]# rhn-channel --list rhel-x86_64-server-5 Now I'll corrupt the rhsm.conf with erroneous proxy configurations... [root@jsefler-5 ~]# subscription-manager config --server.proxy_hostname=bad-proxy.redhat.com --server.proxy_port=123 --server.proxy_user=bad-user --server.proxy_password=bad-password [root@jsefler-5 ~]# grep -i proxy /etc/rhsm/rhsm.conf # an http proxy server to use proxy_hostname =bad-proxy.redhat.com # port for http proxy server proxy_port =123 # user name for authenticating to an http proxy, if needed proxy_user =bad-user # password for basic http proxy auth, if needed proxy_password =bad-password Now let's migrate using the new --no-proxy option... [root@jsefler-5 ~]# rhn-migrate-classic-to-rhsm --no-proxy Red Hat account: qa Password: Retrieving existing RHN Classic subscription information... +-----------------------------------------------------+ System is currently subscribed to these RHN Classic Channels: +-----------------------------------------------------+ rhel-x86_64-server-5 +-----------------------------------------------------+ Installing product certificates for these RHN Classic channels: +-----------------------------------------------------+ rhel-x86_64-server-5 Product certificates installed successfully to /etc/pki/product. Preparing to unregister system from RHN Classic... System successfully unregistered from RHN Classic. Attempting to register system to Red Hat Subscription Management... The system has been registered with ID: 4022ee63-394b-4865-ada0-0e810f0cb75f System 'jsefler-5.usersys.redhat.com' successfully registered to Red Hat Subscription Management. Attempting to auto-attach to appropriate subscriptions... Installed Product Current Status: Product Name: Red Hat Enterprise Linux Server Status: Subscribed Please visit https://access.redhat.com/management/consumers/4022ee63-394b-4865-ada0-0e810f0cb75f to view the details, and to make changes if necessary. [root@jsefler-5 ~]# grep -i proxy /etc/rhsm/rhsm.conf # an http proxy server to use proxy_hostname = # port for http proxy server proxy_port = # user name for authenticating to an http proxy, if needed proxy_user = # password for basic http proxy auth, if needed proxy_password = [root@jsefler-5 ~]# ^ Notice that the bad proxy configurations have been eliminated from rhsm.conf since --no-proxy was requested. VERIFIED: migration was successful and no proxy was used when registering to the target entitlement system.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1332.html