mrabrde
November 28, 2019, 12:33pm
1
We use katello 3.12.3 and foreman 1.22.2 with tfm-rubygem-foreman_scc_manager-1.6.3-1.fm1_22.el7.noarch.
This setup works fine in the test environment with direct internet access.
When I run “test connection” in our production environment via a proxy, the connection test fails.
Does the “foreman_scc_manager” need a special configuration for a katello environment with proxy internet access?
Thanks
x9c4
November 28, 2019, 1:01pm
2
The SCC plugin is using the configuration variable cdn_proxy
set in config/katello.yaml.
module SccManager
# adapted from https://github.com/SUSE/connect
def self.get_scc_data(base_url, rest_url, login, password)
if SETTINGS[:katello][:cdn_proxy] && SETTINGS[:katello][:cdn_proxy][:host]
proxy_config = SETTINGS[:katello][:cdn_proxy]
uri = URI('')
uri.scheme = URI.parse(proxy_config[:host]).scheme
uri.host = URI.parse(proxy_config[:host]).host
uri.port = proxy_config[:port].try(:to_s)
uri.user = proxy_config[:user].try(:to_s)
uri.password = proxy_config[:password].try(:to_s)
mrabrde
November 28, 2019, 1:12pm
3
That confirms my assumption. The sync of other “products” (RHEL, CentOS …) works without problems via the configured proxy in Katello.
x9c4
November 28, 2019, 1:40pm
4
Does that solve your problem? There has been a change in Katello regarding the use of proxies, but that one is not in the Katello 3.12 branch. It should therefore still work in your environment.
mrabrde
November 28, 2019, 1:50pm
5
The problem still exists. Synchronization of SUSE repositories is not possible.
x9c4
November 28, 2019, 1:57pm
6
Can you verify with
SETTINGS[:katello][:cdn_proxy]
in foreman-rake console
that your proxy is configured?
mrabrde
November 28, 2019, 2:09pm
7
The proxy server is displayed to me with the command.
irb(main):002:0> SETTINGS[:katello][:cdn_proxy]
=> {:host=>“http://proxy.domain.int ”, :port=>8080, :user=>“XXXXXX”, :password=>“XXXXXX”}
I just checked myself (with v1.7.1) and I can confirm that the Test-Connection does not work.
However, if I save the account (yes, this works ) and start a Sync the Proxy is used.
Can you try this on your system?
mrabrde
November 28, 2019, 2:41pm
9
I also saved the account. But the synchronization does not work for me. I get an error message.
mrabrde
November 28, 2019, 2:47pm
10
Looks like the SUSE server is being addressed directly:
[root@XXXXXX ~]# netstat -tnap |grep 130.57.66.27
tcp 0 1 X.X.X.X:57128 130.57.66.27:443 SYN_SENT 2843/dynflow_execut
mrabrde
January 10, 2020, 9:48am
11
Authentication works after adding “https://scc.suse.com ” to the whitelist for direct Internet access. After that, the repo synchronization via the proxy worked without any problems.
It looks like only authentication at “https://scc.suse.com ” does not use the configured Katello proxy.