Uploaded image for project: 'Automation Hub'
  1. Automation Hub
  2. AAH-248

On-Prem AH bypasses proxy when syncing RH Certified content

    XMLWordPrintable

Details

    • Bug
    • Status: Done (View Workflow)
    • High
    • Resolution: Done
    • 4.2.0 GA, 4.2.1
    • 4.2.2
    • API, Sync
    • None

    Description

      Description of problem:

      Automation Hub is avoiding the proxy for connect to rh-certified repos but it is working fine for the galaxy repos.

      Version-Release number of selected component (if applicable):

              {
                  "component": "pulpcore",
                  "version": "3.7.3"
              },
              {
                  "component": "pulp_container",
                  "version": "2.1.0"
              },
              {
                  "component": "pulp_ansible",
                  "version": "0.5.0"
              },
              {
                  "component": "galaxy_ng",
                  "version": "4.2.0"
              }
      

      Additional info:

      The proxy is configured in the following way for the rh-certified repo (Same proxy than galaxy one that is working):

          "pk": "99f371ac-4b9b-4f07-b18b-8e9cee3a1a27",
          "name": "rh-certified",
          "url": "https://cloud.redhat.com/api/automation-hub/content/6149721-synclist/",
          "auth_url": "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token",
          "policy": "immediate",
          "requirements_file": null,
          "created_at": "2020-12-17T18:21:40.888768Z",
          "updated_at": "2020-12-31T08:35:21.731528Z",
          "username": null,
          "password": null,
          "proxy_url": "http://MASKED_PROXY_URL:MASKED_PORT",
          "tls_validation": false,
          "client_key": null,
          "client_cert": null,
          "ca_cert": null
      

      When a synchronization is launched, AH is returning the following error:

      "description": "Cannot connect to host sso.redhat.com:443 ssl:default [Connect call failed ('104.110.16.229', 443)]"

      The proxy log is not getting any hit from the AH server, and there is a trace in the firewall log from the AH ip trying to connect directly against the Red Hat servers, bypassing the proxy.

      However, with similar configuration for the community repo, it is working fine.

          "pk": "10db48b6-eead-4683-996f-8be418a5b713",
          "name": "community",
          "url": "https://galaxy.ansible.com/api/v2/collections/",
          "auth_url": null,
          "policy": "immediate",
          "requirements_file": "---\r\ncollections:\r\n  - name: servicenow.servicenow\r\n    version: 1.0.3\r\n    source: https://galaxy.ansible.com/",
          "created_at": "2020-12-17T18:21:37.989832Z",
          "updated_at": "2020-12-30T11:35:26.724072Z",
          "username": "*********",
          "password": "*********",
          "proxy_url": "http://MASKED_PROXY_URL:MASKED_PORT",
          "tls_validation": false,
          "client_key": null,
          "client_cert": null,
          "ca_cert": null,
      

      Performing a connection using curl from the command line also works fine.

      Attachments

        Activity

          People

            cspealma@redhat.com Calvin Spealman
            chousekn Chris Houseknecht
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: