Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1516924 - katello is unable to go via unauthenticated http proxy: Permission denied - connect(2) for "proxy.example.com" port 3129
Summary: katello is unable to go via unauthenticated http proxy: Permission denied - c...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Content Management
Version: 6.2.12
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified vote
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-23 15:11 UTC by Lukas Pramuk
Modified: 2017-11-23 15:18 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-11-23 15:18:07 UTC


Attachments (Terms of Use)

Description Lukas Pramuk 2017-11-23 15:11:57 UTC
Description of problem:
katello is unable to go via unauthenticated http proxy, while pulp is.
CDN scan to enable repo fails with Permission denied - connect(2) for "proxy.example.com" port 3128 while a repo sync succeeds

The very same action via authenticated proxy passes successfully.

Version-Release number of selected component (if applicable):
Satellite 6.2.12

How reproducible:
deterministic

Steps to Reproduce:
1. # satellite-installer --katello-proxy-url http://proxy.example.com --katello-proxy-port 3128 --katello-proxy-username "" --katello-proxy-password ""

2. Navigate to Content -> Red Hat Repositories and try to enable any repo 

or

2. # hammer repository-set available-repositories --name 'Red Hat Enterprise Linux 7 Server (RPMs)' --product 'Red Hat Enterprise Linux Server' --organization-id 1
private method `select' called for nil:NilClass


Actual results:
cdn scan/repo enablement fails

Expected results:
cdn scan/repo enablement succeeds 

Additional info:
2017-11-23 10:08:46 bd3b77f4 [app] [I] Started GET "/katello/api/products/47/repository_sets/2456/available_repositories" for 127.0.0.1 at 2017-11-23 10:08:46 -0500
2017-11-23 10:08:46 bd3b77f4 [app] [I] Processing by Katello::Api::V2::RepositorySetsController#available_repositories as JSON
2017-11-23 10:08:46 bd3b77f4 [app] [I]   Parameters: {"api_version"=>"v2", "product_id"=>"47", "id"=>"2456", "repository_set"=>{}}
2017-11-23 10:08:46 bd3b77f4 [app] [I] Authorized user admin(Admin User)
2017-11-23 10:08:48  [foreman-tasks/action] [E] Permission denied - connect(2) for "proxy.example.com" port 3128 (Errno::EACCES)
 | /opt/rh/rh-ruby22/root/usr/share/ruby/net/http.rb:879:in `initialize'
 | /opt/rh/rh-ruby22/root/usr/share/ruby/net/http.rb:879:in `open'
 | /opt/rh/rh-ruby22/root/usr/share/ruby/net/http.rb:879:in `block in connect'
 | /opt/rh/rh-ruby22/root/usr/share/ruby/timeout.rb:74:in `timeout'
 | /opt/rh/rh-ruby22/root/usr/share/ruby/net/http.rb:878:in `connect'
 | /opt/rh/rh-ruby22/root/usr/share/ruby/net/http.rb:863:in `do_start'
 | /opt/rh/rh-ruby22/root/usr/share/ruby/net/http.rb:852:in `start'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.0.0.157/app/lib/katello/resources/cdn.rb:74:in `get'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.0.0.157/app/lib/katello/util/cdn_var_substitutor.rb:164:in `get_substitutions_from'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.0.0.157/app/lib/katello/util/cdn_var_substitutor.rb:154:in `for_each_substitute_of_next_var'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.0.0.157/app/lib/katello/util/cdn_var_substitutor.rb:73:in `substitute_vars_in_prefix'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.0.0.157/app/lib/katello/util/cdn_var_substitutor.rb:48:in `substitute_vars'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.0.0.157/app/lib/actions/katello/repository_set/scan_cdn.rb:37:in `fetch_results'
 | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-3.0.0.157/app/lib/actions/katello/repository_set/scan_cdn.rb:26:in `run'

Comment 2 Lukas Pramuk 2017-11-23 15:17:48 UTC
proxy was actually on port 3129 - so this is selinux issue and definitelly not a bug. 

allow passenger_t netport_port_t:tcp_socket name_connect;

netport_port_t                 tcp      3129
squid_port_t                   tcp      3128, 3401, 4827

With 3128 it would be OK.


Note You need to log in before you can comment on or make changes to this bug.