diff options
author | Emilien Macchi <emilien@redhat.com> | 2017-10-19 14:39:36 -0700 |
---|---|---|
committer | Vincent S. Cojot <vincent@cojot.name> | 2017-11-02 21:49:00 +0000 |
commit | 1b1739c5ebf677ba12ad53a6b11785471e5f52b5 (patch) | |
tree | 48807fb0901d4d3421c5a4102cd7ded0d0099cc5 | |
parent | 7bfae61023d34043d8fe9523f88febac6e7597be (diff) |
RHSM: when using proxy, test its connectivity first
When using RHSM with a proxy, we want to make sure the proxy can be
reached. This patch verify that a tcp socket can be open from the client
to the proxy.
This patch also does a bit of refactoring:
- --retry-delay 10 --max-time 30 is now used in a parameter everytime we
use curl.
- proxy options are now used everytime curl is used, even for detecting
which version of Satellite is running, now we use proxy options.
Co-Authored-By: Vincent S. Cojot <vincent@cojot.name>
Change-Id: I4dcac1528c10f698338383445e27c8a613f9bcd9
Closes-Bug: #1724970
(cherry picked from commit f4e46f4b3ddac3f536a3a1955c91447e8b26ffca)
-rw-r--r-- | extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration | 38 | ||||
-rw-r--r-- | releasenotes/notes/rhsm_proxy_verify-548f104c97cf5f90.yaml | 5 |
2 files changed, 37 insertions, 6 deletions
diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration index c7d0b231..4592473f 100644 --- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration @@ -23,6 +23,8 @@ proxy_port= proxy_url= proxy_username= proxy_password= +curl_opts="--retry-delay 10 --max-time 30 --retry ${retry_max_count} --cacert /etc/rhsm/ca/redhat-uep.pem" +portal_test_url="https://$(crudini --get /etc/rhsm/rhsm.conf server hostname)/subscription/" # process variables.. if [ -n "${REG_AUTO_ATTACH:-}" ]; then @@ -129,12 +131,14 @@ if [ -n "${REG_HTTP_PROXY_HOST:-}" ]; then # Good both values are not empty proxy_url="http://${proxy_host}:${proxy_port}" config_opts="--server.proxy_hostname=${proxy_host} --server.proxy_port=${proxy_port}" - sat5_opts="${sat5_opts} --proxy_hostname=${proxy_url}" + sat5_opts="${sat5_opts} --proxy=${proxy_url}" + curl_opts="${curl_opts} -x http://${proxy_host}:${proxy_port}" echo "RHSM Proxy set to: ${proxy_url}" if [ -n "${REG_HTTP_PROXY_USERNAME:-}" ]; then if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then config_opts="${config_opts} --server.proxy_user=${proxy_username} --server.proxy_password=${proxy_password}" sat5_opts="${sat5_opts} --proxyUser=${proxy_username} --proxyPassword=${proxy_password}" + curl_opts="${curl_opts} --proxy-user ${proxy_username}:${proxy_password}" else echo "Warning: REG_HTTP_PROXY_PASSWORD cannot be null with non-empty REG_HTTP_PROXY_USERNAME! Skipping..." proxy_username= ; proxy_password= @@ -187,10 +191,10 @@ function retry() { } function detect_satellite_server { - if curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm | grep "200 OK"; then + if curl ${curl_opts} -L -k -s -D - -o /dev/null $REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm | grep "200 OK"; then echo Satellite 6 or beyond with Katello API detected at $REG_SAT_URL katello_api_enabled=1 - elif curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then + elif curl ${curl_opts} -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then echo Satellite 5 with RHN detected at $REG_SAT_URL katello_api_enabled=0 else @@ -199,7 +203,13 @@ function detect_satellite_server { fi } -if [ "x${proxy_url}" != "x" ];then +if [ "x${proxy_url}" != "x" ]; then + # Before everything, we want to make sure the proxy can be reached + # Note: no need to manage retries, already done by retry() function. + echo "Testing proxy connectivity..." + retry bash -c "</dev/tcp/${proxy_host}/${proxy_port}" + echo "Proxy ${proxy_url} is reachable!" + # Config subscription-manager for proxy subscription-manager config ${config_opts} @@ -222,6 +232,22 @@ fi case "${REG_METHOD:-}" in portal) + # First test curl to RHSM through the specified proxy + + if curl ${curl_opts} -L -s -D - -o /dev/null ${portal_test_url}|grep '200 OK'; then + if [ "x${proxy_url}" = "x" ]; then + echo "Access to RHSM portal OK, continuing..." + else + echo "Access to RHSM portal through proxy ${proxy_url} OK, continuing..." + fi + else + if [ "x${proxy_url}" = "x" ]; then + echo "Unable to access RHSM portal! Please check your parameters." + else + echo "Unable to access RHSM portal through configured HTTP proxy (${proxy_url}) ! Please check your parameters." + fi + exit 1 + fi retry subscription-manager register $opts if [ -z "${REG_AUTO_ATTACH:-}" -a -z "${REG_ACTIVATION_KEY:-}" ]; then retry subscription-manager attach $attach_opts @@ -233,7 +259,7 @@ case "${REG_METHOD:-}" in detect_satellite_server if [ "$katello_api_enabled" = "1" ]; then repos="$repos --enable ${satellite_repo}" - curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" + curl ${curl_opts} -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" # https://bugs.launchpad.net/tripleo/+bug/1711435 # Delete the /etc/rhsm/facts directory entirely so that the @@ -255,7 +281,7 @@ case "${REG_METHOD:-}" in mkdir -p /etc/rhsm/facts else pushd /usr/share/rhn/ - curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT + curl ${curl_opts} -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT popd retry rhnreg_ks --serverUrl=$REG_SAT_URL/XMLRPC $sat5_opts fi diff --git a/releasenotes/notes/rhsm_proxy_verify-548f104c97cf5f90.yaml b/releasenotes/notes/rhsm_proxy_verify-548f104c97cf5f90.yaml new file mode 100644 index 00000000..626ecbaf --- /dev/null +++ b/releasenotes/notes/rhsm_proxy_verify-548f104c97cf5f90.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + When using RHSM proxy, TripleO will now verify that the proxy can be reached + otherwise we'll stop early and not try to subscribe nodes. |