<div dir="ltr"><div>Hi Ben, <br></div><div><br></div><div>Thanks so much for the update.<br></div><div><br></div><div>Is there any more information you could give us so we can update our docs? <br></div><div>It would be a great help to those who might try this in the future. <br></div><div><br></div><div>All the best, <br></div><div>Melanie<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Ar Céad 28 Aib 2021 ag 09:18, scríobh Ben Stanley <<a href="mailto:ben.stanley@gmail.com">ben.stanley@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>I have now worked around these issues, mostly by manually
performing steps on the command line or hacking the ansible
scripts as previously described. I have now managed to install
pulp3. It wasn't easy.</p>
<p>Ben.<br>
</p>
<div>On 20/4/21 5:55 am, Mike DePaulo wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div>Hi Ben,</div>
<div><br>
</div>
<div>I have experience dealing with http & https proxies
in the past. I would very much like to make pulp_installer
work properly with them, or to provide instructions on how
to use them with it.<br>
</div>
<div><br>
</div>
<div>It seems like when software is configured internally to
use a proxy, it works. But when software is relying on
environment variables, the ansible become (i.e., sudo from
"user1", to "root", to "pulp") gets rid of the environment
variable.</div>
<div><br>
</div>
<div>Try setting http_proxy and https_proxy as part of the
user's environment on the system, and configuring sudoers
per this comment:<br>
</div>
<div><a href="https://github.com/ansible/ansible/issues/38050#issuecomment-768501547" target="_blank">https://github.com/ansible/ansible/issues/38050#issuecomment-768501547</a></div>
<div><br>
</div>
<div>See in-line replies.<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sun, Apr 18, 2021 at
10:14 PM Ben Stanley <<a href="mailto:ben.stanley@gmail.com" target="_blank">ben.stanley@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hello Pulp people,</p>
<p>I'm trying to install pulp 3.12.0 on RHEL 7.8 using the
ansible method documented at <a href="https://docs.pulpproject.org/pulpcore/installation/instructions.html" target="_blank">https://docs.pulpproject.org/pulpcore/installation/instructions.html</a>
.</p>
<p>I have not yet managed to make it to the end of the
pulp_install.yml playbook without error. I have worked
around 2 errors, but now I am stuck on the third. I
believe the root cause of my problems is trying to use a
proxy server. I have set the environment variables
http_proxy, https_proxy and proxy appropriately.<br>
</p>
<ol>
<li>At the step "TASK [pulp.pulp_installer.pulp_common :
Import required EPEL RPM GPG keys]"
(~/.ansible.collections/ansible_collections/pulp/pulp_installer/roles/pulp_common/tasks/repos.yml),
the rpm_key module has two problems.</li>
<ol>
<li>The ansible rpm_key module fails to pass the proxy
settings to the underlying rpm call.<br>
<a href="https://github.com/ansible/ansible/issules/19000" target="_blank">https://github.com/ansible/ansible/issules/19000</a><br>
I worked around this problem by replacing the
rpm_key ansible module call with a raw line calling
the rpm command directly, and specifying the proxy
settings to use.<br>
</li>
</ol>
</ol>
</div>
</blockquote>
<div>See the link above for the environment variables. <br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<ol>
<ol>
<li> <br>
</li>
<li>The rpm --import <key-url> command uses curl
internally.<br>
curl+proxy+https does not work, but curl+proxy+http
works. Note also wget+proxy+https works.<br>
<a href="https://unix.stackexchange.com/questions/441021/curling-a-https-url-via-a-proxy-results-in-nss-error-5938" target="_blank">https://unix.stackexchange.com/questions/441021/curling-a-https-url-via-a-proxy-results-in-nss-error-5938</a><br>
I worked around this problem by referencing the
RPM-GPG key with a http URL instead of a https URL.<br>
</li>
</ol>
</ol>
</div>
</blockquote>
<div>That sounds like a bug in curl or libcurl. But if you are
using a proxy for https, then your system is talking to the
proxy, which is in turn talking to the webserver. So SSL is
from your system to the proxy. I suspect it's a cipher
mismatch per that bug. Let me know if you can figure out how
to force the cipher.<br>
</div>
<div><br>
</div>
<div>Either way, I will discuss changing the URL from https to
http, or making it configurable via a variable at our next
installer development meeting.</div>
<div><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<ol>
<li>At the step "TASK [pulp.pulp_installer.pulp_common :
Upgrade to a recent edition of pip (supporting
manylinux2014)]"
(~/.ansible.collections/ansible_collections/pulp/pulp_installer/roles/pulp_common/tasks/install_pip.yml),
ansible fails with the error text:<br>
fatal: [honeybee]: FAILED! => {"changed": false,
"cmd": ["/usr/local/lib/pulp/bin/pip", "install",
"pip>20.2"], "msg": "stdout: Collecting
pip>20.2\n\n:stderr: Retrying (Retry(total=4,
connect=None, read=None, redirect=None, status=None))
after connection broken by
'ConnectTimeoutError(<pip._vendor.urllib3.connection.VerifiedHTTPSConnection
object at 0x7ffafd356dd8>, 'Connection to <a href="http://pypi.python.org" target="_blank">pypi.python.org</a> timed
out. (connect timeout=15)')': /simple/pip/\n Retrying
(Retry(total=3, connect=None, read=None,
redirect=None, status=None)) after connection broken
by
'NewConectionError('<pip.vendor.urllib3.connection.VerifiedHTTPSConnection
object at 0x7ffafd356ef0>: Failed to establish a
new connection: [Errno 101] Network is
unreachable',)': /simple/pip/\n Retrying
(Retry(total=1, connect=None, read=None,
redirect=None, status=None)) after connection broken
by
'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection
object a 0x7ffafd356f98>:Failed to establish a new
connection: [Errno 101] Network is unreachable .....<br>
I have not figured out how to work around this
problem. It seems that the pip ansible command is also
not passing on the correct proxy settings. I haven't
even figured out how to work around this problem
running pip manually yet.<br>
</li>
</ol>
</div>
</blockquote>
<div>Hmm, so we start out with the old system version of pip,
copied into the virtualenv. Then we use it to upgrade the
virtualenv the new version of pip.</div>
<div><br>
</div>
<div> Perhaps the old version cannot talk to the proxy?</div>
<div><br>
</div>
<div>Try using the virtualenv like:</div>
<div>sudo -i -u pulp</div>
<div>source /usr/local/lib/pulp/bin/activate</div>
<div>export http_proxy=your-proxy-url</div>
<div>export https_proxy=your-proxy-url</div>
<div>pip install --upgrade pip<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>It would be fantastic if I could get some help with
these issues so that I can get my pulp server upgraded
from pulp2 to pulp3.</p>
<p>Thanks,<br>
Ben Stanley.</p>
</div>
</blockquote>
<div><br>
</div>
<div>-Mike </div>
<div><br>
</div>
</div>
-- <br>
<div dir="ltr">
<div dir="ltr">
<p style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:capitalize"><span>Mike</span> <span>DePaulo</span><span style="text-transform:uppercase;color:rgb(170,170,170);margin:0px"></span></p>
<p style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;font-size:12px;margin:0px 0px 4px;text-transform:capitalize">He / Him / His</p>
<p style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;font-size:12px;margin:0px;text-transform:capitalize"><span>Service
Reliability Engineer, Pulp</span></p>
<p style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;margin:0px 0px 4px;font-size:12px"><a href="https://www.redhat.com/" style="color:rgb(0,136,206);margin:0px" target="_blank">Red Hat<span></span></a></p>
<p style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;margin:0px;font-size:12px"><span>IM: <span>mikedep333</span></span></p>
<p style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;font-size:12px;margin:0px"><span>GPG:
51745404</span></p>
<div style="color:rgb(0,0,0);font-family:RedHatText,sans-serif;font-size:medium;margin-top:12px">
<table border="0">
<tbody>
<tr>
<td width="100px"><a href="https://www.redhat.com/" target="_blank"><img src="https://marketing-outfit-prod-images.s3-us-west-2.amazonaws.com/f5445ae0c9ddafd5b2f1836854d7416a/Logo-RedHat-Email.png" width="90" height="auto"></a></td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</blockquote>
</div>
_______________________________________________<br>
Pulp-list mailing list<br>
<a href="mailto:Pulp-list@redhat.com" target="_blank">Pulp-list@redhat.com</a><br>
<a href="https://listman.redhat.com/mailman/listinfo/pulp-list" rel="noreferrer" target="_blank">https://listman.redhat.com/mailman/listinfo/pulp-list</a></blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><div>
<p style="font-weight:bold;margin:0px;padding:0px;font-size:14px;text-transform:capitalize;font-family:"RedHatText",sans-serif">
<span>Melanie</span> <span>Corr</span><span style="color:rgb(170,170,170);margin:0px">, RHCE</span>
</p>
<p style="font-weight:normal;font-size:12px;margin:0px;text-transform:capitalize;font-family:"RedHatText",sans-serif">
<span>Community Manager</span>
</p>
<p style="font-weight:normal;margin:0px 0px 4px;font-size:12px;font-family:"RedHatText",sans-serif">
<a style="color:rgb(0,136,206);font-size:12px;margin:0px;text-decoration:none;font-family:"RedHatText",sans-serif" href="https://www.redhat.com" target="_blank">Red Hat <span></span></a>
</p>
<div style="margin-bottom:4px">
<span>
<p style="font-size:12px;margin:0px;font-family:"RedHatText",sans-serif">Remote, Ireland</p>
</span>
</div>
<p style="font-weight:normal;margin:0px;font-size:12px;font-family:"RedHatText",sans-serif">
<span style="margin:0px;padding:0px"><a style="color:rgb(0,0,0);font-size:12px;margin:0px;text-decoration:none;font-family:"RedHatText",sans-serif" href="mailto:mcorr@redhat.com" target="_blank">mcorr@redhat.com</a> </span>
<span><br>M: <a href="tel:+353857774436" style="color:rgb(0,0,0);font-size:12px;margin:0px;text-decoration:none;font-family:"RedHatText",sans-serif" target="_blank">+353857774436</a> </span>
<span>IM: <span>mcorr</span></span>
</p>
<div style="margin-top:12px">
<table border="0">
<tbody><tr>
<td width="100px"><a href="https://www.redhat.com" target="_blank"> <img src="https://marketing-outfit-prod-images.s3-us-west-2.amazonaws.com/f5445ae0c9ddafd5b2f1836854d7416a/Logo-RedHat-Email.png" width="90" height="auto"></a> </td>
</tr>
</tbody></table>
</div>
</div><div style="margin-top:12px"><table border="0"><tbody><tr><td width="100px"><br></td>
</tr>
</tbody></table>
</div>
</div></div></div></div></div></div></div></div></div></div></div></div></div></div>