| 2020-06-16 06:47:59 |
Vern Hart |
description |
I'm using glance-simplestreams-sync-30 (commit f45f2d55eda48f577d9d8d69abd533d9fb763b39) and juju 2.7.6, though that's probably not relevant.
When running glance-simplestreams-sync behind a proxy, it's failing to sync images.
In /var/log/glance-simplestreams-sync.log I see
Starting new HTTP connection (1): cloud-images.ubuntu.com
Followed by a traceback ending in:
ConnectionError: HTTPConnectionPool(host='cloud-images.ubuntu.com', port=80): Max retries exceeded with url: /releases/streams/v1/index.sjson (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f771e9bc710>: Failed to establish a new connection: [Errno 101] Network is unreachable',))
In my model's config, I have juju proxy variables set but not the legacy proxy variables:
$ juju model-config | grep proxy
apt-ftp-proxy default ""
apt-http-proxy controller http://myproxy:8000
apt-https-proxy controller http://myproxy:8000
apt-no-proxy default ""
ftp-proxy default ""
http-proxy default ""
https-proxy default ""
juju-ftp-proxy default ""
juju-http-proxy controller http://myproxy:8000
juju-https-proxy controller http://myproxy:8000
juju-no-proxy controller 127.0.0.1,localhost,::1,.myopenstack-domain.com,10.0.0.0/8
no-proxy default 127.0.0.1,localhost,::1
proxy-ssh default false
snap-http-proxy controller http://myproxy:8000
snap-https-proxy controller http://myproxy:8000
snap-store-proxy default ""
snap-store-proxy-url default ""
The submitted fix adds two lines that read in /etc/profile.d/juju-proxy.sh if it exists. In my deployment, that file simply contains:
[ -f "/etc/juju-proxy.conf" ] && . "/etc/juju-proxy.conf"
And /etc/juju-proxy.conf (which was already being read in prior to the fix) is empty.
In the charm hooks environment I have:
JUJU_CHARM_HTTPS_PROXY=http://myproxy:8000
JUJU_CHARM_HTTP_PROXY=http://myproxy:8000
JUJU_CHARM_NO_PROXY=127.0.0.1,localhost,::1,.myopenstack-domain.com,10.0.0.0/8
I was able to temporarily work around this by connecting to the unit and running:
export http_proxy=http://myproxy:8000
export no_proxy=.myopenstack-domain.com
sudo -E /usr/share/glance-simplestreams-sync/glance-simplestreams-sync.sh
(I had to run that last one several times to catch a free moment between the once-a-minute cron job updates.)
I would prefer not to use http_proxy in my model config because that would cover all system connections on all machines and my subnets are too big to fit in no_proxy (which doesn't support cidr like juju_no_proxy).
Can we use the juju proxy settings for the cloud-images.ubuntu.com but not for the connections to keystone? |
I'm using glance-simplestreams-sync-30 (commit f45f2d55eda48f577d9d8d69abd533d9fb763b39) and juju 2.7.6, though that's probably not relevant.
When running glance-simplestreams-sync behind a proxy, it's failing to sync images.
In /var/log/glance-simplestreams-sync.log I see
Starting new HTTP connection (1): cloud-images.ubuntu.com
Followed by a traceback ending in:
ConnectionError: HTTPConnectionPool(host='cloud-images.ubuntu.com', port=80): Max retries exceeded with url: /releases/streams/v1/index.sjson (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f771e9bc710>: Failed to establish a new connection: [Errno 101] Network is unreachable',))
In my model's config, I have juju proxy variables set but not the legacy proxy variables:
$ juju model-config | grep proxy
apt-ftp-proxy default ""
apt-http-proxy controller http://myproxy:8000
apt-https-proxy controller http://myproxy:8000
apt-no-proxy default ""
ftp-proxy default ""
http-proxy default ""
https-proxy default ""
juju-ftp-proxy default ""
juju-http-proxy controller http://myproxy:8000
juju-https-proxy controller http://myproxy:8000
juju-no-proxy controller 127.0.0.1,localhost,::1,.myopenstack-domain.com,10.0.0.0/8
no-proxy default 127.0.0.1,localhost,::1
proxy-ssh default false
snap-http-proxy controller http://myproxy:8000
snap-https-proxy controller http://myproxy:8000
snap-store-proxy default ""
snap-store-proxy-url default ""
A previously submitted fix adds two lines that read in /etc/profile.d/juju-proxy.sh if it exists. In my deployment, that file simply contains:
[ -f "/etc/juju-proxy.conf" ] && . "/etc/juju-proxy.conf"
And /etc/juju-proxy.conf (which was already being read in prior to the fix) is empty.
In the charm hooks environment I have:
JUJU_CHARM_HTTPS_PROXY=http://myproxy:8000
JUJU_CHARM_HTTP_PROXY=http://myproxy:8000
JUJU_CHARM_NO_PROXY=127.0.0.1,localhost,::1,.myopenstack-domain.com,10.0.0.0/8
I was able to temporarily work around this by connecting to the unit and running:
export http_proxy=http://myproxy:8000
export no_proxy=.myopenstack-domain.com
sudo -E /usr/share/glance-simplestreams-sync/glance-simplestreams-sync.sh
(I had to run that last one several times to catch a free moment between the once-a-minute cron job updates.)
I would prefer not to use http_proxy in my model config because that would cover all system connections on all machines and my subnets are too big to fit in no_proxy (which doesn't support cidr like juju_no_proxy).
Can we use the juju proxy settings for the cloud-images.ubuntu.com but not for the connections to keystone? |
|
