Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-39459

Support HTTPS_PROXY in iop-cvemap-download

XMLWordPrintable

    • Known Issue
    • Hide
      .Red Hat Lightspeed vulnerability CVE map download fails with an HTTP proxy to \https://security.access.redhat.com

      Satellite servers configured for the Red Hat Lightspeed vulnerability service in Satellite, which is a Technology Preview, fail CVE map downloads if the Satellite server uses an HTTP proxy to reach \https://security.access.redhat.com. This issue is caused by the `iop-cvemap-download.service` service lacking HTTP proxy configuration.

      To work around this problem, manually set the `HTTPS_PROXY` and `NO_PROXY` environment variables for the `iop-cvemap-download` service. For more information, see link:https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-red-hat-lightspeed-in-satellite-on-a-connected-satellite-server[Installing Red Hat Lightspeed in Satellite on a connected Satellite Server].
      Show
      .Red Hat Lightspeed vulnerability CVE map download fails with an HTTP proxy to \ https://security.access.redhat.com Satellite servers configured for the Red Hat Lightspeed vulnerability service in Satellite, which is a Technology Preview, fail CVE map downloads if the Satellite server uses an HTTP proxy to reach \ https://security.access.redhat.com . This issue is caused by the `iop-cvemap-download.service` service lacking HTTP proxy configuration. To work around this problem, manually set the `HTTPS_PROXY` and `NO_PROXY` environment variables for the `iop-cvemap-download` service. For more information, see link: https://docs.redhat.com/en/documentation/red_hat_satellite/6.18/html/installing_satellite_server_in_a_connected_network_environment/performing-additional-configuration-on-server_satellite#installing-red-hat-lightspeed-in-satellite-on-a-connected-satellite-server [Installing Red Hat Lightspeed in Satellite on a connected Satellite Server].
    • Done
    • None

      Description of problem:

      iop-cvemap-download.service fails if the Satellite needs to use a proxy to reach https://security.access.redhat.com

      How reproducible:

      100%

      Is this issue a regression from an earlier version:

      No.

      Steps to Reproduce:

      1.) Install IoP on Satellite that requires proxy to reach external networks.

      satellite-installer --enable-iop --scenario satellite

      2.) systemctl start iop-cvemap-download

      3.) See failed downloads of {{cvemap.xml{}}} in journalctl -xe

       

      Actual behavior:
      Failed downloads.

      Expected behavior:
      Ability to configure a proxy used by the iop-cvemap-download systemd service.

      Business Impact / Additional info:

      Verified that setting environment variables for the systemd service resolves the issue:

      # cat /etc/systemd/system/iop-cvemap-download.service.d/99-proxy.conf 
[Service]
Environment = HTTPS_PROXY=http://proxy.example.com:3128
Environment = NO_PROXY=localhost

      This can be set up manually, but we'll need some way to manage the setting through the installer.

              Unassigned Unassigned
              rhn-support-tpapaioa Tasos Papaioannou
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: