convert2rhel analyze and convert attempt to connect to cdn.redhat.com always

[jeffmcutter]

convert2rhel tries to connect to cdn.redhat.com for the Convert2RHEL repo even when convert2rhel repo is being served from Red Hat Satellite.

If it is unreachable it errors quickly that it is unreachable and continues successfully. If the firewall drops the packets destined for cdn.redhat.com, then it delays for minutes before timing out and continues successfully.

Can we have an option to pass to let convert2rhel know we are in a disconnected environment, or not to try to reach out to the Internet to clean up the user experience from disconnected environments?

[Andrew-ang9]

Hello @jeffmcutter I am waiting on an response from my team about this as I believe that we have it in our plans to address, but I want to confirm this.

[hosekadam]

Thanks @Andrew-ang9 for mentioning this in our chat! I've looked on it a bit too.

Hi @jeffmcutter I see @bocekm just commented under https://www.reddit.com/r/redhat/comments/1erhc5o/convert2rhel_firewall/, and it seems a bit related. I think using the --no-rhsm with --enablerepo could help you. The convert2rhel_latest check is not critical, it will just warn you that it couldn't been performed, and the conversion continues (I see the timeout is 15 seconds, it can be a bit annoying)

[bocekm]

I believe @jeffmcutter ask for something else. Oftentimes Satellite/Foreman is used to serve as a proxy for systems within a company that are not connected to the internet. In those cases, Jeffrey doesn't want convert2rhel to reach out to the Internet as it just unnecessarily adds time to how long convert2rhel runs, waiting for the "latest convert2rhel version" check to time out.
Requesting such an option is IMHO reasonable, we were thinking of something like that under https://issues.redhat.com/browse/RHELC-852. Let's see what @bookwar thinks about that.

[jeffmcutter]

Hi All,

Yes, @bocekm is correct. We are using Satellite for all the repositories (RHEL, CentOS, and Convert2RHEL). The timeout delay is kind of a bummer. Another thing is that it adds errors/warnings when it happens and in the summary and it is confusing to the uninitiated. It's no fun having to say that error is OK. Some way of letting it know not to try or otherwise speed up timeouts and stifle the warnings.

In general, I don't think having software reach out direct to the Internet without an option to prevent it is very enterprise friendly and is contradictory to the purpose of Satellite.

Thanks,
-Jeff

[jeffmcutter]

Just ran into this, wondering if it's what I need, but haven't tested yet.

https://github.com/oamg/convert2rhel/wiki/Environment-variables#convert2rhel_allow_older_version

[bocekm]

@jeffmcutter, unfortunately no, the CONVERT2RHEL_ALLOW_OLDER_VERSION serves as an override in case the check detects that there is a new version of convert2rhel available. It does not prevent convert2rhel from contacting the CDN to see if there's a new version available.

[jeffmcutter]

OK, thanks for the confirmation @bocekm . Saves me the time testing it.