[Pulp-list] Installing Pulp 3.12.0 with ansible and a proxy server

Melanie Corr mcorr at redhat.com
Wed Apr 28 08:22:01 UTC 2021

Hi Ben,

Thanks so much for the update.

Is there any more information you could give us so we can update our docs?
It would be a great help to those who might try this in the future.

All the best,

Ar Céad 28 Aib 2021 ag 09:18, scríobh Ben Stanley <ben.stanley at gmail.com>:

> I have now worked around these issues, mostly by manually performing steps
> on the command line or hacking the ansible scripts as previously described.
> I have now managed to install pulp3. It wasn't easy.
> Ben.
> On 20/4/21 5:55 am, Mike DePaulo wrote:
> Hi Ben,
> I have experience dealing with http & https proxies in the past. I would
> very much like to make pulp_installer work properly with them, or to
> provide instructions on how to use them with it.
> It seems like when software is configured internally to use a proxy, it
> works. But when software is relying on environment variables, the ansible
> become (i.e., sudo from "user1", to "root", to "pulp") gets rid of the
> environment variable.
> Try setting http_proxy and https_proxy as part of the user's environment
> on the system, and configuring sudoers per this comment:
> https://github.com/ansible/ansible/issues/38050#issuecomment-768501547
> See in-line replies.
> On Sun, Apr 18, 2021 at 10:14 PM Ben Stanley <ben.stanley at gmail.com>
> wrote:
>> Hello Pulp people,
>> I'm trying to install pulp 3.12.0 on RHEL 7.8 using the ansible method
>> documented at
>> https://docs.pulpproject.org/pulpcore/installation/instructions.html .
>> I have not yet managed to make it to the end of the pulp_install.yml
>> playbook without error. I have worked around 2 errors, but now I am stuck
>> on the third. I believe the root cause of my problems is trying to use a
>> proxy server. I have set the environment variables http_proxy, https_proxy
>> and proxy appropriately.
>>    1. At the step "TASK [pulp.pulp_installer.pulp_common : Import
>>    required EPEL RPM GPG keys]"
>>    (~/.ansible.collections/ansible_collections/pulp/pulp_installer/roles/pulp_common/tasks/repos.yml),
>>    the rpm_key module has two problems.
>>       1. The ansible rpm_key module fails to pass the proxy settings to
>>       the underlying rpm call.
>>       https://github.com/ansible/ansible/issules/19000
>>       I worked around this problem by replacing the rpm_key ansible
>>       module call with a raw line calling the rpm command directly, and
>>       specifying the proxy settings to use.
>> See the link above for the environment variables.
>>    1.
>>       2. The rpm --import <key-url> command uses curl internally.
>>       curl+proxy+https does not work, but curl+proxy+http works. Note
>>       also wget+proxy+https works.
>>       https://unix.stackexchange.com/questions/441021/curling-a-https-url-via-a-proxy-results-in-nss-error-5938
>>       I worked around this problem by referencing the RPM-GPG key with a
>>       http URL instead of a https URL.
>> That sounds like a bug in curl or libcurl. But if you are using a proxy
> for https, then your system is talking to the proxy, which is in turn
> talking to the webserver. So SSL is from your system to the proxy. I
> suspect it's a cipher mismatch per that bug. Let me know if you can figure
> out how to force the cipher.
> Either way, I will discuss changing the URL from https to http, or making
> it configurable via a variable at our next installer development meeting.
>>    1. At the step "TASK [pulp.pulp_installer.pulp_common : Upgrade to a
>>    recent edition of pip (supporting manylinux2014)]"
>>    (~/.ansible.collections/ansible_collections/pulp/pulp_installer/roles/pulp_common/tasks/install_pip.yml),
>>    ansible fails with the error text:
>>    fatal: [honeybee]: FAILED! => {"changed": false, "cmd":
>>    ["/usr/local/lib/pulp/bin/pip", "install", "pip>20.2"], "msg": "stdout:
>>    Collecting pip>20.2\n\n:stderr:   Retrying (Retry(total=4, connect=None,
>>    read=None, redirect=None, status=None)) after connection broken by
>>    'ConnectTimeoutError(<pip._vendor.urllib3.connection.VerifiedHTTPSConnection
>>    object at 0x7ffafd356dd8>, 'Connection to pypi.python.org timed out.
>>    (connect timeout=15)')': /simple/pip/\n  Retrying (Retry(total=3,
>>    connect=None, read=None, redirect=None, status=None)) after connection
>>    broken by
>>    'NewConectionError('<pip.vendor.urllib3.connection.VerifiedHTTPSConnection
>>    object at 0x7ffafd356ef0>: Failed to establish a new connection: [Errno
>>    101] Network is unreachable',)': /simple/pip/\n  Retrying (Retry(total=1,
>>    connect=None, read=None, redirect=None, status=None)) after connection
>>    broken by
>>    'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection
>>    object a 0x7ffafd356f98>:Failed to establish a new connection: [Errno 101]
>>    Network is unreachable .....
>>    I have not figured out how to work around this problem. It seems that
>>    the pip ansible command is also not passing on the correct proxy settings.
>>    I haven't even figured out how to work around this problem running pip
>>    manually yet.
>> Hmm, so we start out with the old system version of pip, copied into the
> virtualenv. Then we use it to upgrade the virtualenv the new version of pip.
> Perhaps the old version cannot talk to the proxy?
> Try using the virtualenv like:
> sudo -i -u pulp
> source /usr/local/lib/pulp/bin/activate
> export http_proxy=your-proxy-url
> export https_proxy=your-proxy-url
> pip install --upgrade pip
>> It would be fantastic if I could get some help with these issues so that
>> I can get my pulp server upgraded from pulp2 to pulp3.
>> Thanks,
>> Ben Stanley.
> -Mike
> --
> Mike DePaulo
> He / Him / His
> Service Reliability Engineer, Pulp
> Red Hat <https://www.redhat.com/>
> IM: mikedep333
> GPG: 51745404
> <https://www.redhat.com/>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://listman.redhat.com/mailman/listinfo/pulp-list


Melanie Corr, RHCE

Community Manager

Red Hat <https://www.redhat.com>

Remote, Ireland

mcorr at redhat.com
M: +353857774436     IM: mcorr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20210428/8998458f/attachment.htm>

More information about the Pulp-list mailing list