ReadTimeoutError on Smart-Proxy Katello Sync

This is my first proxy installation behind a FW, so I'm cognizant that I
might have a port blocked that I need to get open.

Foreman Server --[9090 TCP]–> Proxy (I'm using 9090 instead of 8443
because of reasons)
Proxy --[443 TCP]–> Foreman Server
Proxy --[5646 TCP]–> Foreman Server

… I based this off of the diagram
here: https://www.theforeman.org/plugins/katello/3.3/user_guide/smart_proxies/isolation.png

Here are the errors I'm seeing:

Apr 11 20:27:52 smart-proxy-01 pulp:
requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS
connection (4): foreman-01.prod.mcs.som.mob.nuance.com
Apr 11 20:27:55 smart-proxy-01 pulp:
requests.packages.urllib3.connectionpool:WARNING: Retrying (Retry(total=1,
connect=5, read=1, redirect=None)) after connection broken by
'ReadTimeoutError("HTTPSConnectionPool(host='foreman-01.prod.mcs.som.mob.nuance.com',
port=443): Read timed out. (read timeout=6.05)",)':
/pulp/puppet/nuance_mobility-Development-Lars_Migration_Test_View/modules.json
Apr 11 20:27:55 smart-proxy-01 pulp:
requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS
connection (5): foreman-01.prod.mcs.som.mob.nuance.com
Apr 11 20:27:57 smart-proxy-01 pulp:
requests.packages.urllib3.connectionpool:WARNING: Retrying (Retry(total=2,
connect=5, read=2, redirect=None)) after connection broken by
'ReadTimeoutError("HTTPSConnectionPool(host='foreman-01.prod.mcs.som.mob.nuance.com',
port=443): Read timed out. (read timeout=6.05)",)':
/pulp/puppet/nuance_mobility-Test-MCS_Cassandra_-_NTG6_Azure/modules.json
Apr 11 20:27:57 smart-proxy-01 pulp:
requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS
connection (4): foreman-01.prod.mcs.som.mob.nuance.com

After everything finishes up,
Apr 11 20:28:35 smart-proxy-01 pulp:
requests.packages.urllib3.connectionpool:WARNING: Retrying (Retry(total=0,
connect=5, read=0, redirect=None)) after connection broken by
'ReadTimeoutError("HTTPSConnectionPool(host='foreman-01.prod.mcs.som.mob.nuance.com',
port=443): Read timed out. (read timeout=6.05)",)':
/pulp/puppet/nuance_mobility-Test-MCS_Cassandra_-NTG6_Azure/modules.json
Apr 11 20:28:35 smart-proxy-01 pulp:
requests.packages.urllib3.connectionpool:INFO: Starting new HTTPS
connection (6): foreman-01.prod.mcs.som.mob.nuance.com
Apr 11 20:28:41 smart-proxy-01 pulp: nectar.downloaders.threaded:ERROR:
Skipping requests to foreman-01.prod.mcs.som.mob.nuance.com due to repeated
connection failures:
HTTPSConnectionPool(host='foreman-01.prod.mcs.som.mob.nuance.com',
port=443): Max retries exceeded with url:
/pulp/puppet/nuance_mobility-Test-MCS_Cassandra-NTG6_Azure/modules.json
(Caused by
ReadTimeoutError("HTTPSConnectionPool(host='foreman-01.prod.mcs.som.mob.nuance.com',
port=443): Read timed out. (read timeout=6.05)",))
Apr 11 20:28:41 smart-proxy-01 pulp:
pulp_puppet.plugins.importers.forge:ERROR: (2796-90560) Exception while
retrieving metadata for repository
<nuance_mobility-Test-MCS_Cassandra-_NTG6_Azure>
Apr 11 20:28:41 smart-proxy-01 pulp:
pulp_puppet.plugins.importers.forge:ERROR: (2796-90560) Traceback (most
recent call last):
Apr 11 20:28:41 smart-proxy-01 pulp:
pulp_puppet.plugins.importers.forge:ERROR: (2796-90560) File
"/usr/lib/python2.7/site-packages/pulp_puppet/plugins/importers/forge.py",
line 113, in parse_metadata
Apr 11 20:28:41 smart-proxy-01 pulp:
pulp_puppet.plugins.importers.forge:ERROR: (2796-90560)
metadata_json_docs = downloader.retrieve_metadata(self.progress_report)
Apr 11 20:28:41 smart-proxy-01 pulp:
pulp_puppet.plugins.importers.forge:ERROR: (2796-90560) File
"/usr/lib/python2.7/site-packages/pulp_puppet/plugins/importers/downloaders/web.py",
line 57, in retrieve_metadata
Apr 11 20:28:41 smart-proxy-01 pulp:
pulp_puppet.plugins.importers.forge:ERROR: (2796-90560) raise
exceptions.FileRetrievalException(report.error_msg)
Apr 11 20:28:41 smart-proxy-01 pulp:
pulp_puppet.plugins.importers.forge:ERROR: (2796-90560)
FileRetrievalException: FileRetrievalException: A connection error occurred
Apr 11 20:28:41 smart-proxy-01 pulp: pulp.server.async.tasks:INFO: Task
failed : [d27ad801-6fd5-4c49-9017-7c9d9ff966a6]
Apr 11 20:28:41 smart-proxy-01 pulp: celery.worker.job:ERROR: (2621-90560)
Task
pulp.server.managers.repo.sync.sync[d27ad801-6fd5-4c49-9017-7c9d9ff966a6]
raised unexpected: PulpExecutionException('Importer indicated a failed
response',)
Apr 11 20:28:41 smart-proxy-01 pulp: celery.worker.job:ERROR: (2621-90560)
Traceback (most recent call last):
Apr 11 20:28:41 smart-proxy-01 pulp: celery.worker.job:ERROR: (2621-90560)
File "/usr/lib/python2.7/site-packages/celery/app/trace.py", line 240, in
trace_task
Apr 11 20:28:41 smart-proxy-01 pulp: celery.worker.job:ERROR: (2621-90560)
R = retval = fun(*args, **kwargs)
Apr 11 20:28:41 smart-proxy-01 pulp: celery.worker.job:ERROR: (2621-90560)
File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line
488, in call
Apr 11 20:28:41 smart-proxy-01 pulp: celery.worker.job:ERROR: (2621-90560)
return super(Task, self).call(*args, **kwargs)
Apr 11 20:28:41 smart-proxy-01 pulp: celery.worker.job:ERROR: (2621-90560)
File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line
103, in call
Apr 11 20:28:41 smart-proxy-01 pulp: celery.worker.job:ERROR: (2621-90560)
return super(PulpTask, self).call(*args, **kwargs)
Apr 11 20:28:41 smart-proxy-01 pulp: celery.worker.job:ERROR: (2621-90560)
File "/usr/lib/python2.7/site-packages/celery/app/trace.py", line 437, in
protected_call
Apr 11 20:28:41 smart-proxy-01 pulp: celery.worker.job:ERROR: (2621-90560)
return self.run(*args, **kwargs)
Apr 11 20:28:41 smart-proxy-01 pulp: celery.worker.job:ERROR: (2621-90560)
File
"/usr/lib/python2.7/site-packages/pulp/server/controllers/repository.py",
line 810, in sync
Apr 11 20:28:41 smart-proxy-01 pulp: celery.worker.job:ERROR: (2621-90560)
raise pulp_exceptions.PulpExecutionException(('Importer indicated a
failed response'))
Apr 11 20:28:41 smart-proxy-01 pulp: celery.worker.job:ERROR: (2621-90560)
PulpExecutionException: Importer indicated a failed response

Can I increase the timeout? Or is there a way to get more information about
why we're not able to sync? Trying to get the pulp urls by curl fail, of
course, since I'm not using the client cert.

For anyone checking this out - I believe it was/is a networking issue.
After noticing related oddness with subscription-manager, I believe there
is an HTTPS proxy interfering with my traffic.

I "fixed" the issue by doing a point-to-point VPN between the two servers
in question, and the sync was successful.

Thats interesting because I just started experiencing these issues as well
on a fresh 3.3 install. We were currently running practically the same
setup on 3.1 and I haven't noticed these before.

Hi there i just trigger this issue can i ask what kind of soft did you use
for make the vpn ?

and if you have a instruction or manual of how to do that would be nice