maas insists on running the proxy, even when it's disabled

Hi Jason,

It is by design that the proxy is always running. You cannot "disable" the running proxy per se, but rather, you disable machines using the proxy.

Keep in mind that if you were to have deployed machines or others using the proxy, and you were to stop the service, those machines wouldn't be able to obtain new packages (when you mean to stop new machines from using it).

Actually, it seems there's some inconsistency on when the proxy gets stopped.

If we use an upstream proxy, then the proxy gets stopped.
If we disable the proxy, it continues to run.

We'll investigate the inconsistency, but the intended was as the comment above.

We at least want disk usage control over the squid proxy, and thought we could disable the service and delete all of the cache files. I don't mind if the service is running (see what happens with your investigation into the run/stop inconsistency you mentioned), but can I get some clarity on controlling that?

Of course I could stop the proxy manually, delete all the directories, make the parent directory /var/spool/maas-proxy read-only. Then when service_monitor restarts maas-proxy it will probably just complain. But that feels like a hack.

TIA,
Greg.

The same behaviour persists on 2.6, proxy is not shutting down completely, and it's still working as a proxy even when disabled explicitly in the settings:

ubuntu@OrangeBox84 ~ » maas admin maas get-config name=enable_http_proxy 1 ↵
Success.
Machine-readable output follows:
true

ubuntu@OrangeBox84 ~ » sudo service maas-proxy status | head -n3 130 ↵
● maas-proxy.service - MAAS Proxy
   Loaded: loaded (/lib/systemd/system/maas-proxy.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-09-03 08:29:47 UTC; 1 weeks 1 days ago

ubuntu@OrangeBox84 ~ »

ubuntu@OrangeBox84 ~ » maas admin maas set-config name=enable_http_proxy value=false
Success.
Machine-readable output follows:
OK

ubuntu@OrangeBox84 ~ » sudo service maas-proxy status | head -3
● maas-proxy.service - MAAS Proxy
   Loaded: loaded (/lib/systemd/system/maas-proxy.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-09-03 08:29:47 UTC; 1 weeks 1 days ago

...but proxy is still running:

ubuntu@OrangeBox84 ~ » http HEAD localhost:8000
HTTP/1.1 400 Bad Request
Connection: close
Content-Language: en
Content-Length: 3525
Content-Type: text/html;charset=utf-8
Date: Wed, 11 Sep 2019 17:34:35 GMT
Mime-Version: 1.0
Server: squid/3.5.27
Vary: Accept-Language
Via: 1.1 OrangeBox84 (squid/3.5.27)
X-Cache: MISS from OrangeBox84
X-Cache-Lookup: NONE from OrangeBox84:8000
X-Squid-Error: ERR_INVALID_URL 0

ubuntu@OrangeBox84 ~ » ip -4 a s br0
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 172.27.84.1/23 brd 172.27.85.255 scope global br0
       valid_lft forever preferred_lft forever

ubuntu@OrangeBox84 ~ » ssh ubuntu@172.27.85.4
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-58-generic x86_64)
ubuntu@juju-1:~$ http_proxy=172.27.84.1:8000 https_proxy=172.27.84.1:8000 curl -I https://ubuntu.com
HTTP/1.1 200 Connection established

HTTP/1.1 200 OK
Date: Wed, 11 Sep 2019 17:43:07 GMT
Server: nginx/1.15.8
Strict-Transport-Security: max-age=15768000
Content-Type: text/html; charset=utf-8
Content-Length: 74959
Vary: Accept-Encoding
X-View-Name: canonicalwebteam.templatefinder.templatefinder.template_finder
X-VCS-Revision: 1568214796-add60a1
X-Request-Id: bec6731de1a039b2a937397da8a32ecb
Age: 13
X-Cache: HIT from nuno.canonical.com
X-Cache-Lookup: HIT from nuno.canonical.com:80
Via: 1.1 nuno.canonical.com (squid/3.5.12)

ubuntu@OrangeBox84 ~ » sudo tail /var/log/maas/proxy/access.log -n1 1 ↵
1568223800.906 222 172.27.85.4 TCP_TUNNEL/200 3656 CONNECT ubuntu.com:443 - HIER_DIRECT/91.189.89.110 -

One can use iptables to block access to port 8080 on the host running the proxy to prevent access