Uploaded image for project: 'Automation Hub'
  1. Automation Hub
  2. AAH-248

On-Prem AH bypasses proxy when syncing RH Certified content

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.2.2
    • 1.2, 1.2.1
    • Backend
    • AAH 4.3.0 Sprint 3

      Description of problem:

      Automation Hub is avoiding the proxy for connect to rh-certified repos but it is working fine for the galaxy repos.

      Version-Release number of selected component (if applicable):

              {
                  "component": "pulpcore",
                  "version": "3.7.3"
              },
              {
                  "component": "pulp_container",
                  "version": "2.1.0"
              },
              {
                  "component": "pulp_ansible",
                  "version": "0.5.0"
              },
              {
                  "component": "galaxy_ng",
                  "version": "4.2.0"
              }
      

      Additional info:

      The proxy is configured in the following way for the rh-certified repo (Same proxy than galaxy one that is working):

          "pk": "99f371ac-4b9b-4f07-b18b-8e9cee3a1a27",
          "name": "rh-certified",
          "url": "https://cloud.redhat.com/api/automation-hub/content/6149721-synclist/",
          "auth_url": "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token",
          "policy": "immediate",
          "requirements_file": null,
          "created_at": "2020-12-17T18:21:40.888768Z",
          "updated_at": "2020-12-31T08:35:21.731528Z",
          "username": null,
          "password": null,
          "proxy_url": "http://MASKED_PROXY_URL:MASKED_PORT",
          "tls_validation": false,
          "client_key": null,
          "client_cert": null,
          "ca_cert": null
      

      When a synchronization is launched, AH is returning the following error:

      "description": "Cannot connect to host sso.redhat.com:443 ssl:default [Connect call failed ('104.110.16.229', 443)]"

      The proxy log is not getting any hit from the AH server, and there is a trace in the firewall log from the AH ip trying to connect directly against the Red Hat servers, bypassing the proxy.

      However, with similar configuration for the community repo, it is working fine.

          "pk": "10db48b6-eead-4683-996f-8be418a5b713",
          "name": "community",
          "url": "https://galaxy.ansible.com/api/v2/collections/",
          "auth_url": null,
          "policy": "immediate",
          "requirements_file": "---\r\ncollections:\r\n  - name: servicenow.servicenow\r\n    version: 1.0.3\r\n    source: https://galaxy.ansible.com/",
          "created_at": "2020-12-17T18:21:37.989832Z",
          "updated_at": "2020-12-30T11:35:26.724072Z",
          "username": "*********",
          "password": "*********",
          "proxy_url": "http://MASKED_PROXY_URL:MASKED_PORT",
          "tls_validation": false,
          "client_key": null,
          "client_cert": null,
          "ca_cert": null,
      

      Performing a connection using curl from the command line also works fine.

              cspealma@redhat.com Clara Spealman (Inactive)
              chousekn Chris Houseknecht (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: