[Pulp-list] Installing Pulp 3.12.0 with ansible and a proxy server
Ben Stanley
ben.stanley at gmail.com
Wed Apr 28 08:17:48 UTC 2021
I have now worked around these issues, mostly by manually performing
steps on the command line or hacking the ansible scripts as previously
described. I have now managed to install pulp3. It wasn't easy.
Ben.
On 20/4/21 5:55 am, Mike DePaulo wrote:
> Hi Ben,
>
> I have experience dealing with http & https proxies in the past. I
> would very much like to make pulp_installer work properly with them,
> or to provide instructions on how to use them with it.
>
> It seems like when software is configured internally to use a proxy,
> it works. But when software is relying on environment variables, the
> ansible become (i.e., sudo from "user1", to "root", to "pulp") gets
> rid of the environment variable.
>
> Try setting http_proxy and https_proxy as part of the user's
> environment on the system, and configuring sudoers per this comment:
> https://github.com/ansible/ansible/issues/38050#issuecomment-768501547
> <https://github.com/ansible/ansible/issues/38050#issuecomment-768501547>
>
> See in-line replies.
>
> On Sun, Apr 18, 2021 at 10:14 PM Ben Stanley <ben.stanley at gmail.com
> <mailto:ben.stanley at gmail.com>> wrote:
>
> Hello Pulp people,
>
> I'm trying to install pulp 3.12.0 on RHEL 7.8 using the ansible
> method documented at
> https://docs.pulpproject.org/pulpcore/installation/instructions.html
> <https://docs.pulpproject.org/pulpcore/installation/instructions.html>
> .
>
> I have not yet managed to make it to the end of the
> pulp_install.yml playbook without error. I have worked around 2
> errors, but now I am stuck on the third. I believe the root cause
> of my problems is trying to use a proxy server. I have set the
> environment variables http_proxy, https_proxy and proxy appropriately.
>
> 1. At the step "TASK [pulp.pulp_installer.pulp_common : Import
> required EPEL RPM GPG keys]"
> (~/.ansible.collections/ansible_collections/pulp/pulp_installer/roles/pulp_common/tasks/repos.yml),
> the rpm_key module has two problems.
> 1. The ansible rpm_key module fails to pass the proxy
> settings to the underlying rpm call.
> https://github.com/ansible/ansible/issules/19000
> <https://github.com/ansible/ansible/issules/19000>
> I worked around this problem by replacing the rpm_key
> ansible module call with a raw line calling the rpm
> command directly, and specifying the proxy settings to use.
>
> See the link above for the environment variables.
>
> 1.
>
>
> 2. The rpm --import <key-url> command uses curl internally.
> curl+proxy+https does not work, but curl+proxy+http works.
> Note also wget+proxy+https works.
> https://unix.stackexchange.com/questions/441021/curling-a-https-url-via-a-proxy-results-in-nss-error-5938
> <https://unix.stackexchange.com/questions/441021/curling-a-https-url-via-a-proxy-results-in-nss-error-5938>
> I worked around this problem by referencing the RPM-GPG
> key with a http URL instead of a https URL.
>
> That sounds like a bug in curl or libcurl. But if you are using a
> proxy for https, then your system is talking to the proxy, which is in
> turn talking to the webserver. So SSL is from your system to the
> proxy. I suspect it's a cipher mismatch per that bug. Let me know if
> you can figure out how to force the cipher.
>
> Either way, I will discuss changing the URL from https to http, or
> making it configurable via a variable at our next installer
> development meeting.
>
> 1. At the step "TASK [pulp.pulp_installer.pulp_common : Upgrade
> to a recent edition of pip (supporting manylinux2014)]"
> (~/.ansible.collections/ansible_collections/pulp/pulp_installer/roles/pulp_common/tasks/install_pip.yml),
> ansible fails with the error text:
> fatal: [honeybee]: FAILED! => {"changed": false, "cmd":
> ["/usr/local/lib/pulp/bin/pip", "install", "pip>20.2"], "msg":
> "stdout: Collecting pip>20.2\n\n:stderr: Retrying
> (Retry(total=4, connect=None, read=None, redirect=None,
> status=None)) after connection broken by
> 'ConnectTimeoutError(<pip._vendor.urllib3.connection.VerifiedHTTPSConnection
> object at 0x7ffafd356dd8>, 'Connection to pypi.python.org
> <http://pypi.python.org> timed out. (connect timeout=15)')':
> /simple/pip/\n Retrying (Retry(total=3, connect=None,
> read=None, redirect=None, status=None)) after connection
> broken by
> 'NewConectionError('<pip.vendor.urllib3.connection.VerifiedHTTPSConnection
> object at 0x7ffafd356ef0>: Failed to establish a new
> connection: [Errno 101] Network is unreachable',)':
> /simple/pip/\n Retrying (Retry(total=1, connect=None,
> read=None, redirect=None, status=None)) after connection
> broken by
> 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection
> object a 0x7ffafd356f98>:Failed to establish a new connection:
> [Errno 101] Network is unreachable .....
> I have not figured out how to work around this problem. It
> seems that the pip ansible command is also not passing on the
> correct proxy settings. I haven't even figured out how to work
> around this problem running pip manually yet.
>
> Hmm, so we start out with the old system version of pip, copied into
> the virtualenv. Then we use it to upgrade the virtualenv the new
> version of pip.
>
> Perhaps the old version cannot talk to the proxy?
>
> Try using the virtualenv like:
> sudo -i -u pulp
> source /usr/local/lib/pulp/bin/activate
> export http_proxy=your-proxy-url
> export https_proxy=your-proxy-url
> pip install --upgrade pip
>
> It would be fantastic if I could get some help with these issues
> so that I can get my pulp server upgraded from pulp2 to pulp3.
>
> Thanks,
> Ben Stanley.
>
>
> -Mike
>
> --
>
> Mike DePaulo
>
> He / Him / His
>
> Service Reliability Engineer, Pulp
>
> Red Hat<https://www.redhat.com/>
>
> IM: mikedep333
>
> GPG: 51745404
>
> <https://www.redhat.com/>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20210428/542a115f/attachment.htm>
More information about the Pulp-list
mailing list