Canonical Livepatch On-Prem

livepatch-server does not support proxy or proxy env variables

Bug #1954332 reported by Bartosz Woronicz
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical Livepatch On-Prem
Fix Released
Medium
Domas Monkus

Bug Description

Livepatch-server (Livepatch on-prem) does not support proxy

The current version is contained as binary in the resources/livepatchd in the charm
https://jaas.ai/u/livepatch-charmers/canonical-livepatch-server/29

Charm also does not support proxy, but it is quite easy fix
if your model-config contains settings like:
- juju-http-proxy
- juju-https-proxy
- juju-no-proxy

you may use attached patch to set the proper env on running charm
plus contains modification to the systemd service file with the envs
derived from the model-config settings

Here's excerpt from log when cannot connect, triggered by the livepatch-admin command
$ livepatch-admin sync trigger --wait

Dec 09 22:14:02 juju-2d3830-0-lxd-0 systemd[1]: Started Livepatch server.
Dec 09 22:16:57 juju-2d3830-0-lxd-0 livepatchd[242770]: {"level":"warn","ts":"2021-12-09T22:16:57.047Z","msg":"Starting patch refresh from pa
tchstore.","method":"POST","path":"/v1/admin/sync/reports","trace-id":"5b5b6ab0-a434-4863-944a-4ea75a1e9f36","admin-identity":"admin"}
Dec 09 22:17:27 juju-2d3830-0-lxd-0 livepatchd[242770]: {"level":"error","ts":"2021-12-09T22:17:27.058Z","msg":"failed to request patch snaps
hot","job-id":"a7efdb5c212747659e32f7197bd2c4da","ingress-tier":"edge","error":{"msg":"Post \"https://livepatch.canonical.com/v1/patches/snap
shot\": dial tcp 162.213.33.50:443: i/o timeout","trace":[{"loc":"/home/ubuntu/src/vendor/gopkg.in/httprequest.v1/client.go:147"},{"msg":"Pos
t \"https://livepatch.canonical.com/v1/patches/snapshot\": dial tcp 162.213.33.50:443: i/o timeout"}]}}
Dec 09 22:17:27 juju-2d3830-0-lxd-0 livepatchd[242770]: {"level":"error","ts":"2021-12-09T22:17:27.060Z","msg":"job returned an error","job-i
d":"a7efdb5c212747659e32f7197bd2c4da","error":{"msg":"Post \"https://livepatch.canonical.com/v1/patches/snapshot\": dial tcp 162.213.33.50:44
3: i/o timeout","trace":[{"loc":"/home/ubuntu/src/internal/v1/snapshot_download.go:65"},{"loc":"/home/ubuntu/src/internal/sync/sync.go:131"},
{"loc":"/home/ubuntu/src/internal/sync/sync.go:177"},{"loc":"/home/ubuntu/src/internal/sync/sync.go:237"},{"loc":"/home/ubuntu/src/vendor/gop
kg.in/httprequest.v1/client.go:147"},{"msg":"Post \"https://livepatch.canonical.com/v1/patches/snapshot\": dial tcp 162.213.33.50:443: i/o ti
meout"}]}}

See original description
Revision history for this message
Bartosz Woronicz (mastier1) wrote :
Revision history for this message
Bartosz Woronicz (mastier1) wrote :

This will add EnvironmentFile to the systemd service with proxy env variables

Bartosz Woronicz (mastier1)
description: updated
Domas Monkus (tasdomas)
Changed in livepatch-onprem:
status: New → Confirmed
assignee: nobody → Domas Monkus (tasdomas)
importance: Undecided → Medium
status: Confirmed → Fix Released
Revision history for this message
Bartosz Woronicz (mastier1) wrote :

Charm still does not support proxy settings in vision #30
They are declared but not used

mastier@graf:/tmp/canonical-livepatch-server$ grep -iHR http_proxy .
./lib/charms/layer/livepatchserver/config.py: 'http_proxy',
./lib/charms/layer/livepatchserver/config.py: 'http_proxy',
./lib/charms/layer/livepatchserver/config.py: os.environ.get('JUJU_CHARM_HTTP_PROXY',
./lib/charms/layer/livepatchserver/resource.py:os.environ['http_proxy'] = os.environ.get('JUJU_CHARM_HTTP_PROXY', '')
./config.yaml: "http_proxy":

James Troup (elmo)
Changed in livepatch-onprem:
status: Fix Released → New
Revision history for this message
Calvin Hartwell (calvinh) wrote :

@Domas do you have a proposed fix for this we can test? Did you fix this over Christmas?

Revision history for this message
Domas Monkus (tasdomas) wrote :

@calvinh: a fix for this was released last week, there was a bug in the initial implementation

Changed in livepatch-onprem:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.