[uyuni-users] http download is not possible from uyuni server
Hello @all, Since the update I'm not able to down via http request the bootstrap script from the uyuni server. If I try to download it over wget , I see only that the HTTP request get an OK back, but no download is running. The resolve of the DNS is successfully. On the uyuni is no firewall running. HTTPS requests are successfully. No error message in /var/log/apache2/* No error message in /var/log/tomcat/* No error message in /var/log/rhn/* Uyuni version: 4.0.2 Wget from client: --2019-09-25 16:01:44-- (try:20) http://uyuni/pub/bootstrap/bootstrap.sh Connecting to uyuni (xxxxxxxxx)|xxx.xxx.xxx.xxx|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 27178 (27K) [application/x-shellscript] Saving to: 'bootstrap.sh.1' 0% [ ] 0 --.-K/s in 0s 2019-09-25 16:01:44 (0.00 B/s) - Connection closed at byte 0. Giving up. Did someone has an idea where I can found an error message to solve the issue ? Mit freundlichen Grüßen / With kind regards Alexander Kärcher Delivery Manager Linux/unix and Datamanagement DXC Technology Germany Faktorhaus, Berliner Platz 1, 67056 Ludwigshafen T +49 621 48187569 M +49 1525 47 54976 alexander.kaercher@dxc.com Planed absence: xx.xx.2019 - xx.xx.2019 EntServ Deutschland GmbH Schickardstr. 32 71034 Böblingen dxc.technology / Twitter / Facebook / LinkedIn Geschäftsführer: Dirk Schürmann, Joachim Löffler, Karl Anzboeck, Claus Schünemann Sitz der Gesellschaft: Böblingen, Amtsgericht Stuttgart HRB 757510 VAT ID: DE307881136 EntServ Deutschland GmbH: Schickardstraße 32, 71034 Böblingen, Germany - Board of Directors: Dirk Schürmann, Joachim Löffler, Karl Anzboeck - Registered in Stuttgart: HRB 757510. DXC Technology Company -- This message is transmitted to you by or on behalf of DXC Technology Company or one of its affiliates. It is intended exclusively for the addressee. The substance of this message, along with any attachments, may contain proprietary, confidential or privileged information or information that is otherwise legally exempt from disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient of this message, you are not authorized to read, print, retain, copy or disseminate any part of this message. If you have received this message in error, please destroy and delete all copies and notify the sender by return e-mail. Regardless of content, this e-mail shall not operate to bind DXC Technology Company or any of its affiliates to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. --. -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
On 25/09/2019, at 16:14, Kaercher, Alexander wrote:
--2019-09-25 16:01:44-- (try:20) http://uyuni/pub/bootstrap/bootstrap.sh
What happens when: % curl -v http://uyuni/pub/bootstrap/bootstrap.sh -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
Hi Michele, Thanks for the information, I was check with the curl and download was not successfully. Can it be that in the apache2 settings are set up some content security policies are active, which block the HTTP download ? < Content-Security-Policy: default-src 'self' https: wss: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ;style-src 'self' https: 'unsafe-inline' I was changing nothing in the apache2 settings, so the default configuration is running on the system. As addon on the system I use the default Nagios installation for monitoring. Command output: curl -v http://uyuni/pub/bootstrap/bootstrap.sh * Trying xxx.xxx.xxx.xxx... * TCP_NODELAY set * Connected to uyuni (xxx.xxx.xxx.xxx) port 80 (#0)
GET /pub/bootstrap/bootstrap.sh HTTP/1.1 Host: uyuni User-Agent: curl/7.60.0 Accept: */*
< HTTP/1.1 200 OK
< Date: Thu, 26 Sep 2019 06:47:19 GMT
< Server: Apache
< X-Frame-Options: SAMEORIGIN
< Last-Modified: Tue, 24 Sep 2019 08:46:00 GMT
< Accept-Ranges: bytes
< Content-Length: 27178
< Content-Security-Policy: default-src 'self' https: wss: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ;style-src 'self' https: 'unsafe-inline'
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< X-Permitted-Cross-Domain-Policies: master-only
< Content-Type: application/x-shellscript
<
* transfer closed with 27178 bytes remaining to read
* stopped the pause stream!
* Closing connection 0
curl: (18) transfer closed with 27178 bytes remaining to read
Mit freundlichen Grüßen / With kind regards
Alexander Kärcher
Delivery Manager Linux/unix and Datamanagement
DXC Technology Germany
Faktorhaus, Berliner Platz 1, 67056 Ludwigshafen
T +49 621 48187569
M +49 1525 47 54976
alexander.kaercher@dxc.com
Planed absence:
xx.xx.2019 – xx.xx.2019
EntServ Deutschland GmbH
Schickardstr. 32
71034 Böblingen
dxc.technology / Twitter / Facebook / LinkedIn
Geschäftsführer: Dirk Schürmann, Joachim Löffler, Karl Anzboeck, Claus Schünemann
Sitz der Gesellschaft: Böblingen, Amtsgericht Stuttgart HRB 757510
VAT ID: DE307881136
-----Ursprüngliche Nachricht-----
Von: Michele Bologna
--2019-09-25 16:01:44-- (try:20) http://uyuni/pub/bootstrap/bootstrap.sh
What happens when: % curl -v http://uyuni/pub/bootstrap/bootstrap.sh -- To unsubscribe, e-mail: mailto:uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: mailto:uyuni-users+owner@opensuse.org EntServ Deutschland GmbH: Schickardstraße 32, 71034 Böblingen, Germany - Board of Directors: Dirk Schürmann, Joachim Löffler, Karl Anzboeck - Registered in Stuttgart: HRB 757510. DXC Technology Company -- This message is transmitted to you by or on behalf of DXC Technology Company or one of its affiliates. It is intended exclusively for the addressee. The substance of this message, along with any attachments, may contain proprietary, confidential or privileged information or information that is otherwise legally exempt from disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient of this message, you are not authorized to read, print, retain, copy or disseminate any part of this message. If you have received this message in error, please destroy and delete all copies and notify the sender by return e-mail. Regardless of content, this e-mail shall not operate to bind DXC Technology Company or any of its affiliates to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. --.
On 26/09/2019, at 08:53, Kaercher, Alexander wrote:
Can it be that in the apache2 settings are set up some content security policies are active, which block the HTTP download ? < Content-Security-Policy: default-src 'self' https: wss: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ;style-src 'self' https: 'unsafe-inline'
I was changing nothing in the apache2 settings, so the default configuration is running on the system. As addon on the system I use the default Nagios installation for monitoring.
The headers are OK with what we ship, I do not think that the problem is in the Apache config.
* transfer closed with 27178 bytes remaining to read * stopped the pause stream! * Closing connection 0 curl: (18) transfer closed with 27178 bytes remaining to read
Looks like a network problem between you and the server: any firewall or deep packet inspection tool that blocks you from downloading application/x-shellscript files? Can you try with (note https instead of http): % curl -kv https://uyuni/pub/bootstrap/bootstrap.sh -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
Hallo Michele,
Yes, with https is the download successfully.
Only http is not working.
There is no firewall between the systems.
Mit freundlichen Grüßen / With kind regards
Alexander Kärcher
-----Ursprüngliche Nachricht-----
Von: Michele Bologna
Can it be that in the apache2 settings are set up some content security policies are active, which block the HTTP download ? < Content-Security-Policy: default-src 'self' https: wss: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: ;style-src 'self' https: 'unsafe-inline'
I was changing nothing in the apache2 settings, so the default configuration is running on the system. As addon on the system I use the default Nagios installation for monitoring.
The headers are OK with what we ship, I do not think that the problem is in the Apache config.
* transfer closed with 27178 bytes remaining to read * stopped the pause stream! * Closing connection 0 curl: (18) transfer closed with 27178 bytes remaining to read
Looks like a network problem between you and the server: any firewall or deep packet inspection tool that blocks you from downloading application/x-shellscript files? Can you try with (note https instead of http): % curl -kv https://uyuni/pub/bootstrap/bootstrap.sh -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org EntServ Deutschland GmbH: Schickardstraße 32, 71034 Böblingen, Germany - Board of Directors: Dirk Schürmann, Joachim Löffler, Karl Anzboeck - Registered in Stuttgart: HRB 757510. DXC Technology Company -- This message is transmitted to you by or on behalf of DXC Technology Company or one of its affiliates. It is intended exclusively for the addressee. The substance of this message, along with any attachments, may contain proprietary, confidential or privileged information or information that is otherwise legally exempt from disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient of this message, you are not authorized to read, print, retain, copy or disseminate any part of this message. If you have received this message in error, please destroy and delete all copies and notify the sender by return e-mail. Regardless of content, this e-mail shall not operate to bind DXC Technology Company or any of its affiliates to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. --. N�����r��y隊[��x������칻�&ޢ��������'��-���w�zf��쮞+�z�>� ޮ�^�ˬz��
participants (2)
-
Kaercher, Alexander
-
Michele Bologna