<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>I have now worked around these issues, mostly by manually
performing steps on the command line or hacking the ansible
scripts as previously described. I have now managed to install
pulp3. It wasn't easy.</p>
<p>Ben.<br>
</p>
<div class="moz-cite-prefix">On 20/4/21 5:55 am, Mike DePaulo wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CACoG9=4nNkgFKuCR+xedQoocDLWSpo2xZLdXE2BpiiSDOfXECQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">
<div>Hi Ben,</div>
<div><br>
</div>
<div>I have experience dealing with http & https proxies
in the past. I would very much like to make pulp_installer
work properly with them, or to provide instructions on how
to use them with it.<br>
</div>
<div><br>
</div>
<div>It seems like when software is configured internally to
use a proxy, it works. But when software is relying on
environment variables, the ansible become (i.e., sudo from
"user1", to "root", to "pulp") gets rid of the environment
variable.</div>
<div><br>
</div>
<div>Try setting http_proxy and https_proxy as part of the
user's environment on the system, and configuring sudoers
per this comment:<br>
</div>
<div><a
href="https://github.com/ansible/ansible/issues/38050#issuecomment-768501547"
moz-do-not-send="true">https://github.com/ansible/ansible/issues/38050#issuecomment-768501547</a></div>
<div><br>
</div>
<div>See in-line replies.<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sun, Apr 18, 2021 at
10:14 PM Ben Stanley <<a
href="mailto:ben.stanley@gmail.com" moz-do-not-send="true">ben.stanley@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<p>Hello Pulp people,</p>
<p>I'm trying to install pulp 3.12.0 on RHEL 7.8 using the
ansible method documented at <a
href="https://docs.pulpproject.org/pulpcore/installation/instructions.html"
target="_blank" moz-do-not-send="true">https://docs.pulpproject.org/pulpcore/installation/instructions.html</a>
.</p>
<p>I have not yet managed to make it to the end of the
pulp_install.yml playbook without error. I have worked
around 2 errors, but now I am stuck on the third. I
believe the root cause of my problems is trying to use a
proxy server. I have set the environment variables
http_proxy, https_proxy and proxy appropriately.<br>
</p>
<ol>
<li>At the step "TASK [pulp.pulp_installer.pulp_common :
Import required EPEL RPM GPG keys]"
(~/.ansible.collections/ansible_collections/pulp/pulp_installer/roles/pulp_common/tasks/repos.yml),
the rpm_key module has two problems.</li>
<ol>
<li>The ansible rpm_key module fails to pass the proxy
settings to the underlying rpm call.<br>
<a
href="https://github.com/ansible/ansible/issules/19000"
target="_blank" moz-do-not-send="true">https://github.com/ansible/ansible/issules/19000</a><br>
I worked around this problem by replacing the
rpm_key ansible module call with a raw line calling
the rpm command directly, and specifying the proxy
settings to use.<br>
</li>
</ol>
</ol>
</div>
</blockquote>
<div>See the link above for the environment variables. <br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<ol>
<ol>
<li> <br>
</li>
<li>The rpm --import <key-url> command uses curl
internally.<br>
curl+proxy+https does not work, but curl+proxy+http
works. Note also wget+proxy+https works.<br>
<a
href="https://unix.stackexchange.com/questions/441021/curling-a-https-url-via-a-proxy-results-in-nss-error-5938"
target="_blank" moz-do-not-send="true">https://unix.stackexchange.com/questions/441021/curling-a-https-url-via-a-proxy-results-in-nss-error-5938</a><br>
I worked around this problem by referencing the
RPM-GPG key with a http URL instead of a https URL.<br>
</li>
</ol>
</ol>
</div>
</blockquote>
<div>That sounds like a bug in curl or libcurl. But if you are
using a proxy for https, then your system is talking to the
proxy, which is in turn talking to the webserver. So SSL is
from your system to the proxy. I suspect it's a cipher
mismatch per that bug. Let me know if you can figure out how
to force the cipher.<br>
</div>
<div><br>
</div>
<div>Either way, I will discuss changing the URL from https to
http, or making it configurable via a variable at our next
installer development meeting.</div>
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<ol>
<li>At the step "TASK [pulp.pulp_installer.pulp_common :
Upgrade to a recent edition of pip (supporting
manylinux2014)]"
(~/.ansible.collections/ansible_collections/pulp/pulp_installer/roles/pulp_common/tasks/install_pip.yml),
ansible fails with the error text:<br>
fatal: [honeybee]: FAILED! => {"changed": false,
"cmd": ["/usr/local/lib/pulp/bin/pip", "install",
"pip>20.2"], "msg": "stdout: Collecting
pip>20.2\n\n:stderr: Retrying (Retry(total=4,
connect=None, read=None, redirect=None, status=None))
after connection broken by
'ConnectTimeoutError(<pip._vendor.urllib3.connection.VerifiedHTTPSConnection
object at 0x7ffafd356dd8>, 'Connection to <a
href="http://pypi.python.org" target="_blank"
moz-do-not-send="true">pypi.python.org</a> timed
out. (connect timeout=15)')': /simple/pip/\n Retrying
(Retry(total=3, connect=None, read=None,
redirect=None, status=None)) after connection broken
by
'NewConectionError('<pip.vendor.urllib3.connection.VerifiedHTTPSConnection
object at 0x7ffafd356ef0>: Failed to establish a
new connection: [Errno 101] Network is
unreachable',)': /simple/pip/\n Retrying
(Retry(total=1, connect=None, read=None,
redirect=None, status=None)) after connection broken
by
'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection
object a 0x7ffafd356f98>:Failed to establish a new
connection: [Errno 101] Network is unreachable .....<br>
I have not figured out how to work around this
problem. It seems that the pip ansible command is also
not passing on the correct proxy settings. I haven't
even figured out how to work around this problem
running pip manually yet.<br>
</li>
</ol>
</div>
</blockquote>
<div>Hmm, so we start out with the old system version of pip,
copied into the virtualenv. Then we use it to upgrade the
virtualenv the new version of pip.</div>
<div><br>
</div>
<div> Perhaps the old version cannot talk to the proxy?</div>
<div><br>
</div>
<div>Try using the virtualenv like:</div>
<div>sudo -i -u pulp</div>
<div>source /usr/local/lib/pulp/bin/activate</div>
<div>export http_proxy=your-proxy-url</div>
<div>export https_proxy=your-proxy-url</div>
<div>pip install --upgrade pip<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<p>It would be fantastic if I could get some help with
these issues so that I can get my pulp server upgraded
from pulp2 to pulp3.</p>
<p>Thanks,<br>
Ben Stanley.</p>
</div>
</blockquote>
<div><br>
</div>
<div>-Mike </div>
<div><br>
</div>
</div>
-- <br>
<div dir="ltr" class="gmail_signature">
<div dir="ltr">
<p
style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:capitalize"><span>Mike</span> <span>DePaulo</span><span
style="text-transform:uppercase;color:rgb(170,170,170);margin:0px"></span></p>
<p
style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;font-size:12px;margin:0px
0px 4px;text-transform:capitalize">He / Him / His</p>
<p
style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;font-size:12px;margin:0px;text-transform:capitalize"><span>Service
Reliability Engineer, Pulp</span></p>
<p
style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;margin:0px
0px 4px;font-size:12px"><a href="https://www.redhat.com/"
style="color:rgb(0,136,206);margin:0px" target="_blank"
moz-do-not-send="true">Red Hat<span></span></a></p>
<p
style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;margin:0px;font-size:12px"><span>IM: <span>mikedep333</span></span></p>
<p
style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;font-size:12px;margin:0px"><span>GPG:
51745404</span></p>
<div
style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;font-size:medium;margin-top:12px">
<table border="0">
<tbody>
<tr>
<td width="100px"><a href="https://www.redhat.com/"
target="_blank" moz-do-not-send="true"><img
src="https://marketing-outfit-prod-images.s3-us-west-2.amazonaws.com/f5445ae0c9ddafd5b2f1836854d7416a/Logo-RedHat-Email.png"
moz-do-not-send="true" width="90"
height="auto"></a></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</blockquote>
</body>
</html>