Re: koji client does not work through proxy
Le mardi 14 septembre 2010 à 15:13 +0300, Manuel Wolfshant a écrit : On 09/14/2010 12:18 AM, Mike McGrath wrote: You'll need at least some open ports. 443 and 80 I think are the only ones required for koji builds. and exactly those are the ones proxied almost everywhere where a mandatory proxy is in use. 80 at least. Fedora proxy configuring is in such a sad state it's often better to forget about configuring them altoguether and change the routing at iptables level *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o eth0 -j MASQUERADE -A OUTPUT -m owner ! --gid-owner apache ! -p tcp --dport http -j REDIRECT --to-port 8081 (here the proxy which use is forced is local mod_proxy ran by apache, adapt to your situation) -- Nicolas Mailhot -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: koji client does not work through proxy
On 09/17/2010 09:37 AM, Nicolas Mailhot wrote: Le mardi 14 septembre 2010 à 15:13 +0300, Manuel Wolfshant a écrit : On 09/14/2010 12:18 AM, Mike McGrath wrote: You'll need at least some open ports. 443 and 80 I think are the only ones required for koji builds. and exactly those are the ones proxied almost everywhere where a mandatory proxy is in use. 80 at least. Fedora proxy configuring is in such a sad state it's often better to forget about configuring them altoguether and change the routing at iptables level sadly, you are 100% correct, but *nat :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o eth0 -j MASQUERADE -A OUTPUT -m owner ! --gid-owner apache ! -p tcp --dport http -j REDIRECT --to-port 8081 (here the proxy which use is forced is local mod_proxy ran by apache, adapt to your situation) ... I dare you to do that while being a humble student among another 2000+ in a medium-or-large-size university ( and without having good relations with the upper management or the BOFH on call). Not to mention enterprise level environments. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: koji client does not work through proxy
On 09/14/2010 12:18 AM, Mike McGrath wrote: On Mon, 13 Sep 2010, Ralph Lange wrote: Hi, Today I had to learn that the koji client, while being the only way to request a build, does not support proxies. In a university like environment with no open ports whatsoever, with an increasingly paranoid IT group in charge of the firewall and proxy, that does not leave a lot of options. While I was able to ssh tunnel my way out of this miserable situation, I think this approach does not work as a general solution. I realized that this issue has been discussed two years ago [1], but I did not find any newer statements. Is there any work being done (or an intention to do so) to improve the situation? Thanks, Ralph [1] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00665.html You'll need at least some open ports. 443 and 80 I think are the only ones required for koji builds. and exactly those are the ones proxied almost everywhere where a mandatory proxy is in use. 80 at least. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: koji client does not work through proxy
Ralph Lange ralph.la...@bessy.de writes: Today I had to learn that the koji client, while being the only way to request a build, does not support proxies. yes; like most python programs it does not have proper proxy support. In a university like environment with no open ports whatsoever, with an increasingly paranoid IT group in charge of the firewall and proxy, that does not leave a lot of options. While I was able to ssh tunnel my way out of this miserable situation, I think this approach does not work as a general solution. try transconnect[1]; unfortunately with the switch to 'fed-pkg', you can not wrap the 'koji' program anymore but have to wrap whole 'fed-pkg' which calls other tools (git, ssh, curl) with http proxy support. This might interfere so you might have to play with your parameters. Enrico Footnotes: [1] http://transconnect.sourceforge.net/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
koji client does not work through proxy
Hi, Today I had to learn that the koji client, while being the only way to request a build, does not support proxies. In a university like environment with no open ports whatsoever, with an increasingly paranoid IT group in charge of the firewall and proxy, that does not leave a lot of options. While I was able to ssh tunnel my way out of this miserable situation, I think this approach does not work as a general solution. I realized that this issue has been discussed two years ago [1], but I did not find any newer statements. Is there any work being done (or an intention to do so) to improve the situation? Thanks, Ralph [1] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00665.html -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: koji client does not work through proxy
On Mon, 13 Sep 2010, Ralph Lange wrote: Hi, Today I had to learn that the koji client, while being the only way to request a build, does not support proxies. In a university like environment with no open ports whatsoever, with an increasingly paranoid IT group in charge of the firewall and proxy, that does not leave a lot of options. While I was able to ssh tunnel my way out of this miserable situation, I think this approach does not work as a general solution. I realized that this issue has been discussed two years ago [1], but I did not find any newer statements. Is there any work being done (or an intention to do so) to improve the situation? Thanks, Ralph [1] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg00665.html You'll need at least some open ports. 443 and 80 I think are the only ones required for koji builds. -Mike -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel