Project

General

Profile

Bug #35773

Error "no certificate or crl found" when using a http proxy as "Default Http Proxy" for content syncing or manifest operations

Added by Partha Aji 2 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Partha Aji
Category:
Foreman Proxy Content
Target version:
Katello 4.7.0
Difficulty:
Triaged:
Yes
Bugzilla link:
2144044
Pull request:
https://github.com/Katello/katello/pull/10385, https://github.com/Katello/katello/pull/10361
Fixed in Releases:
Katello 4.8.0
Found in Releases:
Red Hat JIRA:

Description

Katello 4.5 and above cannot work with an http proxy whereas the same proxy can be used with 4.4 and works great.

Version-Release number of selected component (if applicable):

Katello 4.5 and above

How reproducible:

100%

Steps to Reproduce:

1. Install a squid proxy server and run it on http://10.74.XXX.XX:3128

2. Install Katello 4.5

3. Import a subscription manifest

4. Create an HTTP proxy inside the Infrastructure --> HttP Proxies page using http://10.74.XXX.XX:3128 as the URL.

5. Set that as a "Default HTTP Proxy" in Administer --> Settings --> Content Tab

6. Access the Content --> Subscriptions page

7. Try expanding \ checking any repository set from Content --> Red Hat Repositories page

Actual results:

Step 6

  • UI Shows "no certificate or crl found"
  • Satellite never even connects to proxy
  • Production.log has this traceback

2022-11-19T00:11:19 [E|app|ee15f1b2] Katello::HttpErrors::BadRequest: no certificate or crl found
ee15f1b2 | /usr/share/gems/gems/katello-4.5.0.20/app/controllers/katello/api/v2/api_controller.rb:271:in `rescue in check_upstream_connection'
ee15f1b2 | /usr/share/gems/gems/katello-4.5.0.20/app/controllers/katello/api/v2/api_controller.rb:268:in `check_upstream_connection'
ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:428:in `block in make_lambda'
ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:200:in `block (2 levels) in halting'
ee15f1b2 | /usr/share/gems/gems/actionpack-6.0.4.7/lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>'
ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:201:in `block in halting'
ee15f1b2 | /usr/share/gems/gems/activesupport-6.0.4.7/lib/active_support/callbacks.rb:513:in `block in invoke_before'

Step 7

  • UI shows "No Repositories available"
  • Satellite never even connects to the proxy
  • production.log shows the following traceback for the Actions::Katello::RepositorySet::ScanCdn task

2022-11-19T00:12:25 [E|bac|8732f73b] no certificate or crl found (OpenSSL::X509::StoreError)
8732f73b | /usr/share/foreman/lib/foreman/util.rb:37:in `add_file'
8732f73b | /usr/share/foreman/lib/foreman/util.rb:37:in `block in add_ca_bundle_to_store'
8732f73b | /usr/share/ruby/tempfile.rb:291:in `open'
8732f73b | /usr/share/foreman/lib/foreman/util.rb:34:in `add_ca_bundle_to_store'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/katello/resources/cdn.rb:53:in `initialize'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/katello/resources/cdn.rb:67:in `new'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/katello/resources/cdn.rb:67:in `create'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/models/katello/product.rb:219:in `cdn_resource'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/actions/katello/repository_set/scan_cdn.rb:38:in `cdn_var_substitutor'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/actions/katello/repository_set/scan_cdn.rb:30:in `fetch_results'
8732f73b | /usr/share/gems/gems/katello-4.5.0.20/app/lib/actions/katello/repository_set/scan_cdn.rb:24:in `run'
8732f73b | /usr/share/gems/gems/dynflow-1.6.4/lib/dynflow/action.rb:582:in `block (3 levels) in execute_run'
8732f73b | /usr/share/gems/gems/dynflow-1.6.4/lib/dynflow/middleware/stack.rb:27:in `pass'
8732f73b | /usr/share/gems/gems/dynflow-1.6.4/lib/dynflow/middleware.rb:19:in `pass'

Expect Result:
No Errors

Associated revisions

Revision 54334bf5 (diff)
Added by Partha Aji about 2 months ago

Fixes #35773 - Checks for empty cacert on connecting via Http Proxy (#10361)

  • Fixes #35773 - Checks for empty cacert on connecting via Http Proxy
  • Update test/lib/resources/cdn_test.rb

History

#1 Updated by Partha Aji 2 months ago

  • Bugzilla link set to 2144044

#2 Updated by The Foreman Bot 2 months ago

  • Assignee set to Partha Aji
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/Katello/katello/pull/10361 added

#3 Updated by Chris Roberts 2 months ago

  • Triaged changed from No to Yes
  • Target version set to Katello 4.6.1
  • Category set to Foreman Proxy Content

#4 Updated by The Foreman Bot about 2 months ago

  • Fixed in Releases Katello 4.8.0 added

#5 Updated by Partha Aji about 2 months ago

  • Status changed from Ready For Testing to Closed

#6 Updated by Samir Jha about 2 months ago

  • Target version changed from Katello 4.6.1 to Katello 4.7.0

Moving off of 4.6.1 since this depends on changes not part of 4.6. This is available in 4.7.

#7 Updated by The Foreman Bot about 2 months ago

  • Pull request https://github.com/Katello/katello/pull/10385 added

Also available in: Atom PDF