MAAS has no way to set a global, upstream proxy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Invalid
|
Medium
|
Unassigned |
Bug Description
So it seems that while I can set a proxy in MAAS, that proxy only applies to snap and apt, it does not set a proxy for other things like non apt/snap http/https/ftp/sftp requests.
Use case: In my DC Lab, I need to be able to set an internal IS proxy so I can pull packages from external sites via http/https. Locally, I can manually export http_proxy and https_proxy and that allows my node to reach through that upstream proxy to make those requests.
But this becomes problematic in that I need to have this set on EVERY deployment, and I shouldn't have to do something like this by hand every time, that kinda moots the biggest advantage to MAAS in the first place.
Additionally, this falls apart when MAAS provides its own proxy because that ignores the proxy I had to set on the SUT:
1: SUT has http_proxy and https_proxy set to external proxy
2: MAAS has own internal proxy running
3: curl -fsSL https:/
sudo add-apt-repository \
"deb [arch=amd64] https:/
These steps fail because while the curl works, the add-apt-repository fails because once a-a-r does an apt update, the maas internal proxy takes over and fails since the maas-internal proxy can't reach docker.com.
So now I must not only export the proxy on my SUT locally, by hand after every deployment, but I must also tell MAAS to use that proxy for apt as well so things I do later don't fail because the MAAS internal proxy is different.
Its a bit of a mess, it seems.
At the very least MAAS itself should have a mechanism for setting an external proxy for nodes repeatably.
In my particular configuration, all nodes have 1 NIC that has an externally accessible address and all remaining NICs are on a non-routed MAAS only data network, fwiw.
Changed in maas: | |
milestone: | none → 2.9.x |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in maas: | |
milestone: | 2.9.2 → 2.9.x |
Changed in maas: | |
milestone: | 2.9.x → none |
As you mentioned MAAS only sets the proxy for apt/snap. My understanding is that this was done because we have users who need to use a proxy for apt/snap but don't want to use a proxy for other traffic. This has come up in LP:1900822 for the ephemeral environment.
I think we should solve this with a new global config option, set_proxy_globally. We should be able to use Curtin to apply this[1].
[1] https:/ /curtin. readthedocs. io/en/latest/ topics/ config. html?highlight= proxy#proxy