Juju client needs access to the following destinations:
* charm store;
* streams.canonical.com (tools and gui metadata);
* machine provider (for which no_proxy is often configured);
* juju controller.
Specifying something like no_proxy=192.0.2.0/24 in an environment variable doesn't change the client logic to avoid the configured proxy servers for that subnet.
As juju-no-proxy supports this notation (and a similar one for domains) it would be good if the client also did.
As far as I can tell, Juju client code path mainly uses the same code the daemons do so it should work:
https://github.com/juju/juju/blob/juju-2.5.2/cmd/juju/commands/main.go#L182-L188
if err := proxy.DefaultConfig.Set(proxyutils.DetectProxies()); err != nil {
return errors.Trace(err)
}
if err := proxy.DefaultConfig.InstallInDefaultTransport(); err != nil {
https://github.com/juju/proxy/blob/018dd322e60918d40e166c54821684c05739ef8c/proxy.go#L41-L49
https://github.com/juju/juju/blob/juju-2.5.2/utils/proxy/proxyconfig.go#L124-L136 GetProxy
https://github.com/juju/juju/blob/juju-2.5.2/utils/proxy/proxyconfig.go#L43-L122 useProxy (which parses no_proxy, including cidrs every time a new HTTP connection is to be made to a certain destination)
However, I am getting an error from macaroon-bakery.v2-unstable/httpbakery/client.go so it might be somehow unaffected by InstallInDefaultTransport:
https_proxy=http://192.0.2.20:8000
http_proxy=http://192.0.2.20:8000
no_proxy=localhost,127.0.0.1,192.0.2.0/23,infra-1,infra-2,infra-3,.maas
01:32:36 DEBUG httpbakery client.go:243 client do POST https://192.0.2.135:17070/model/3f6e5cc1-5bc5-4d20-8a29-3e1a4d8cc662/charms?revision=0&schema=local&series=bionic {
01:32:36 DEBUG httpbakery client.go:245 } -> error [{/build/juju/parts/juju/go/src/github.com/juju/juju/vendor/gopkg.in/macaroon-bakery.v2-unstable/httpbakery/client.go:273: } {Post https://192.0.2.135:17070/model/3f6e5cc1-5bc5-4d20-8a29-3e1a4d8cc662/charms?revision=0&schema=local&series=bionic: Forbidden}]
01:32:36 DEBUG juju.api monitor.go:35 RPC connection died
ERROR cannot deploy bundle: POST https://192.0.2.135:17070/model/3f6e5cc1-5bc5-4d20-8a29-3e1a4d8cc662/charms?revision=0&schema=local&series=bionic: Post https://192.0.2.135:17070/model/3f6e5cc1-5bc5-4d20-8a29-3e1a4d8cc662/charms?revision=0&schema=local&series=bionic: Forbidden
01:32:36 DEBUG cmd supercommand.go:496 error stack:
Based on the attached log output I am assuming that you are trying to deploy
a local charm. That would trigger the POST operation that seems to be failing.
I am trying to replicate this issue but with no luck so far. Here is what I
tried so far:
1) Install tinyproxy and set it up in forward mode:
$ apt-get install -y tinyproxy
$ cat > /tmp/tinyproxy.conf <<EOT
Port 8081
# NOTE: this is the IP on my local machine
Listen 192.168.0.127
LogLevel Connect
PidFile "/tmp/tinyproxy
LogFile "/tmp/tinyproxy
MaxClients 100
MinSpareServers 2
MaxSpareServers 5
StartServers 2
MaxRequestsPerChild 0
EOT
$ tinyproxy -d -c /tmp/tinyproxy.conf
2) Bootstrap a test controller using juju 2.5.2. I have tried both compiling
from the source and the published centos build (https:/
3) Export proxy settings. My lxd instances receive IPs in subnet 10.65.47.0/24.
$ export http_proxy=
$ export https_proxy=
$ export no_proxy=
4) Try a local bundle deployment while tailing /tmp/tinyproxy.log after
exporting the proxy settings:
$ juju deploy $GOPATH/
This call does not hit the proxy for the POST to the charm upload endpoint. If
I remove the 10.65.47.0/24 subnet from "no_proxy" then I can see the POST going
through the proxy as expected.
----
Is this still an issue for you? If so, can you please provide some additional
information (e.g the commands you were trying to run and additional logs) to
help me replicate the issue?