Wget on Designate-Bind fails with proxy

Bug #1796969 reported by Pedro Guimarães on 2018-10-09
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Designate-Bind Charm
Low
Unassigned

Bug Description

Designate-Bind executes a wget during zone syncing among multiple peers.
The function can be found on: https://github.com/openstack/charm-designate-bind/blob/cd14d5a18e6e899728f5965b7eb52c3ab4547e5f/src/lib/charm/openstack/designate_bind.py#L413

The issue is that wget may not work on an environment with a proxy. To make it work, it is needed to set http_proxy/no_proxy variables besides juju_http_proxy/juju_no_proxy.

Once http_proxy is defined, it means that applications system-wide will hit the same proxy, which is not necessarily what we want (we might want to define, for example, juju to hit one proxy and wgets or snaps hitting addresses/urls directly or via second proxy). For that, we need to find the right combination for http_proxy/no_proxy + juju_http_proxy/juju_no_proxy. This is a manual and error-prone step on deployment.

We need that sync step to be redesigned and it to rely on Juju's env variables.

tags: added: cpe-onsite
James Page (james-page) wrote :

As the sync is always sourced from the lead unit, it would make sense to unset and proxy configuration during this call.

Changed in charm-designate-bind:
status: New → Triaged
importance: Undecided → Low
Drew Freiberger (afreiberger) wrote :

workaround/possible fix:

lib/charm/openstack/designate_bind.py line 421, add '--no-proxy' to cmd list.

Drew Freiberger (afreiberger) wrote :

Added field-medium subscription as this is a necessary patch for production supportability.

Drew Freiberger (afreiberger) wrote :

published pre-merged charm with above patch at cs:~afreiberger/designate-bind-0

Reviewed: https://review.openstack.org/612759
Committed: https://git.openstack.org/cgit/openstack/charm-designate-bind/commit/?id=04dc8c02ed7ef713f3719e0009737d7a8f00832f
Submitter: Zuul
Branch: master

commit 04dc8c02ed7ef713f3719e0009737d7a8f00832f
Author: Drew Freiberger <email address hidden>
Date: Tue Oct 23 11:37:14 2018 -0500

    Ignore proxy for charm peer communication

    Designate-bind services use http communication to manage initial
    zone transfers from the leader to other units. This should be done
    within the space designated for dns-backend in the charm bindings.
    To ensure this, we must bypass proxy configurations when using wget
    between units by adding --no-proxy flag to the wget command.

    Change-Id: I3cebb1e01ffde9a9585f152451bf9bcebbdd3f58
    Closes-Bug: #1796969

Changed in charm-designate-bind:
status: Triaged → Fix Committed
David Ames (thedac) on 2018-11-20
Changed in charm-designate-bind:
milestone: none → 19.04
Edward Hope-Morley (hopem) wrote :

This patch exists in stable/18.11 [1] so it is actually Fix Released.

https://github.com/openstack/charm-designate-bind/commits/stable/18.11

Changed in charm-designate-bind:
status: Fix Committed → Fix Released
milestone: 19.04 → 18.11
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers