Peer Proxy does not use provided authentication
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Fix Released
|
Critical
|
Christian Grabowski | ||
3.0 |
Fix Released
|
Undecided
|
Christian Grabowski |
Bug Description
I've got an http_proxy config that looks something like:
http://
and use_peer_proxy set to true.
When attempting to commission a node I'm failing the lldpd apt install. Connecting to the node and doing an apt update I see:
# apt update
Err:1 http://
407 Proxy Authentication Required [IP: 10.159.252.130 8000]
[etc.]
Checking for the peer settings in /var/lib/
cache_peer upstream.
If I manually change that to the following and reload maas-proxy, my apt update works:
cache_peer upstream.
This, of course, gets reverted by maas after a few moments. So this is not even a useful temporary fix.
Related branches
- Christian Grabowski: Approve
- MAAS Lander: Approve
-
Diff: 61 lines (+25/-1)3 files modifiedsrc/provisioningserver/proxy/config.py (+7/-1)
src/provisioningserver/proxy/tests/test_config.py (+14/-0)
src/provisioningserver/templates/proxy/maas-proxy.conf.template (+4/-0)
Changed in maas: | |
status: | New → Triaged |
importance: | Undecided → Medium |
milestone: | none → 3.0.1 |
Changed in maas: | |
importance: | Medium → Critical |
Changed in maas: | |
assignee: | nobody → Christian Grabowski (cgrabowski) |
Changed in maas: | |
status: | Triaged → In Progress |
Changed in maas: | |
milestone: | 3.0.1 → 3.1.0 |
Changed in maas: | |
status: | In Progress → Fix Committed |
Changed in maas: | |
milestone: | 3.1.0 → 3.1.0-beta5 |
Changed in maas: | |
status: | Fix Committed → Fix Released |
Indeed, checking provisioningser ver/proxy/ config. py I see that the formatted_peers only contains the hostname and the port of the url in http_proxy.
By my reckoning, provisioningser ver/proxy/ config. py would need to be changed to look like:
formatted_peers = []
formatted_ peers.append( {
"address" : urlparse( peer).hostname, peer).port,
"username" : urlparse( peer).username,
"password" : urlparse( peer).password "peers" ] = formatted_peers
for peer in peer_proxies:
"port": urlparse(
})
context[
It might be a good idea to urlescape the username and password since spaces and other special characters are acceptable there.
And then provisioningser ver/templates/ proxy/maas- proxy.conf. template would need to have something like:
{{if peers}} {peer[' username' }}:{{peer[ 'password' }}
{{for peer in peers}}
{{if peer['username'] and peer['password']}}
cache_peer {{peer['address']}} parent {{peer['port']}} 0 no-query default login={
{{else}}
cache_peer {{peer['address']}} parent {{peer['port']}} 0 no-query default
{{endif}}
{{endfor}}
never_direct allow all
{{endif}}
I tried exactly this (assuming I didn't typo anything) and it works for me in the field.