Use https to access the API in spacewalk-common-channels and mgr-sync

In some cases the http port seems not available for the XML-RPC API. Use http://localhost:80 by default for those tools and https when using the server's FQDN. Using localhost help reducing the possible hairpins when running in a container environment.
uyuni-project · Jan 22, 2024 · 5ba17e7 · 5ba17e7
1 parent b1dfdec
commit 5ba17e7
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 5 deletions.
diff --git a/susemanager/src/mgr_sync/config.py b/susemanager/src/mgr_sync/config.py
@@ -44,7 +44,7 @@ def __init__(self):
         self._config = ConfigObj()
         self._config[Config.USER] = ''
         self._config[Config.PASSWORD] = ''
-        self._config[Config.HOST] = socket.getfqdn()
+        self._config[Config.HOST] = "localhost"
         self._config[Config.PORT] = 80
         self._config[Config.URI] = "/rpc/api"
         self._config[Config.TOKEN] = ''

diff --git a/susemanager/src/mgr_sync/mgr_sync.py b/susemanager/src/mgr_sync/mgr_sync.py
@@ -42,9 +42,16 @@ class MgrSync(object):  # pylint: disable=too-few-public-methods
 
     def __init__(self):
         self.config = Config()
-        url = "http://{0}:{1}{2}".format(self.config.host,
-                                         self.config.port,
-                                         self.config.uri)
+
+        # Use http on localhost by default to avoid hairpins when running in kubernetes
+        scheme = "http"
+        if self.config.host not in ["localhost", "127.0.0.1"]:
+            scheme = "https"
+            self.config.port = 443
+        url = "{0}://{1}:{2}{3}".format(scheme,
+                                        self.config.host,
+                                        self.config.port,
+                                        self.config.uri)
         self.conn = xmlrpc_client.ServerProxy(url)
         self.auth = Authenticator(connection=self.conn,
                                   user=self.config.user,

diff --git a/susemanager/susemanager.changes.cbosdo.https-tools-fix b/susemanager/susemanager.changes.cbosdo.https-tools-fix
@@ -0,0 +1 @@
+- Use http for localhost and https for other FQDN
diff --git a/utils/spacewalk-common-channels b/utils/spacewalk-common-channels
@@ -110,7 +110,9 @@ class ExtOptionParser(OptionParser):
 
 
 def connect(user, password, server):
-    server_url = "http://%s/rpc/api" % server
+    server_url = "https://%s/rpc/api" % server
+    if server in ["localhost", "127.0.0.1"]:
+        server_url = "http://%s/rpc/api" % server
 
     if options.verbose and options.verbose > 2:
         client_verbose = options.verbose - 2

diff --git a/utils/spacewalk-utils.changes.cbosdo.https-tools-fix b/utils/spacewalk-utils.changes.cbosdo.https-tools-fix
@@ -0,0 +1,2 @@
+- Use http for localhost and https for other FQDN: 
+  spacewalk-common-channels
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		- Use http for localhost and https for other FQDN
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		- Use http for localhost and https for other FQDN:
		spacewalk-common-channels