OpenStack Designate-Bind Charm

Wget on Designate-Bind fails with proxy

Bug #1796969 reported by Pedro Guimarães
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Designate-Bind Charm
Fix Released
Low
Drew Freiberger
OpenStack Designate-Bind Charm 18.11

Bug Description

Designate-Bind executes a wget during zone syncing among multiple peers.
The function can be found on: https://github.com/openstack/charm-designate-bind/blob/cd14d5a18e6e899728f5965b7eb52c3ab4547e5f/src/lib/charm/openstack/designate_bind.py#L413

The issue is that wget may not work on an environment with a proxy. To make it work, it is needed to set http_proxy/no_proxy variables besides juju_http_proxy/juju_no_proxy.

Once http_proxy is defined, it means that applications system-wide will hit the same proxy, which is not necessarily what we want (we might want to define, for example, juju to hit one proxy and wgets or snaps hitting addresses/urls directly or via second proxy). For that, we need to find the right combination for http_proxy/no_proxy + juju_http_proxy/juju_no_proxy. This is a manual and error-prone step on deployment.

We need that sync step to be redesigned and it to rely on Juju's env variables.

Tags: cpe-onsite
Pedro Guimarães (pguimaraes)
tags: added: cpe-onsite
Revision history for this message
James Page (james-page) wrote :

As the sync is always sourced from the lead unit, it would make sense to unset and proxy configuration during this call.

Changed in charm-designate-bind:
status: New → Triaged
importance: Undecided → Low
Revision history for this message
Drew Freiberger (afreiberger) wrote :

workaround/possible fix:

lib/charm/openstack/designate_bind.py line 421, add '--no-proxy' to cmd list.

Revision history for this message
Drew Freiberger (afreiberger) wrote :

Submitted for review: https://review.openstack.org/#/c/612759/

Revision history for this message
Drew Freiberger (afreiberger) wrote :

Added field-medium subscription as this is a necessary patch for production supportability.

Revision history for this message
Drew Freiberger (afreiberger) wrote :

published pre-merged charm with above patch at cs:~afreiberger/designate-bind-0

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-designate-bind (master)

Reviewed: https://review.openstack.org/612759
Committed: https://git.openstack.org/cgit/openstack/charm-designate-bind/commit/?id=04dc8c02ed7ef713f3719e0009737d7a8f00832f
Submitter: Zuul
Branch: master

commit 04dc8c02ed7ef713f3719e0009737d7a8f00832f
Author: Drew Freiberger <email address hidden>
Date: Tue Oct 23 11:37:14 2018 -0500

    Ignore proxy for charm peer communication

    Designate-bind services use http communication to manage initial
    zone transfers from the leader to other units. This should be done
    within the space designated for dns-backend in the charm bindings.
    To ensure this, we must bypass proxy configurations when using wget
    between units by adding --no-proxy flag to the wget command.

    Change-Id: I3cebb1e01ffde9a9585f152451bf9bcebbdd3f58
    Closes-Bug: #1796969

Changed in charm-designate-bind:
status: Triaged → Fix Committed
David Ames (thedac)
Changed in charm-designate-bind:
milestone: none → 19.04
Revision history for this message
Edward Hope-Morley (hopem) wrote :

This patch exists in stable/18.11 [1] so it is actually Fix Released.

https://github.com/openstack/charm-designate-bind/commits/stable/18.11

Changed in charm-designate-bind:
status: Fix Committed → Fix Released
milestone: 19.04 → 18.11
Drew Freiberger (afreiberger)
Changed in charm-designate-bind:
assignee: nobody → Drew Freiberger (afreiberger)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.