Peer Proxy does not use provided authentication

Indeed, checking provisioningserver/proxy/config.py I see that the formatted_peers only contains the hostname and the port of the url in http_proxy.

By my reckoning, provisioningserver/proxy/config.py would need to be changed to look like:

    formatted_peers = []
    for peer in peer_proxies:
        formatted_peers.append({
            "address": urlparse(peer).hostname,
            "port": urlparse(peer).port,
            "username": urlparse(peer).username,
            "password": urlparse(peer).password
        })
    context["peers"] = formatted_peers

It might be a good idea to urlescape the username and password since spaces and other special characters are acceptable there.

And then provisioningserver/templates/proxy/maas-proxy.conf.template would need to have something like:

{{if peers}}
{{for peer in peers}}
{{if peer['username'] and peer['password']}}
cache_peer {{peer['address']}} parent {{peer['port']}} 0 no-query default login={{peer['username'}}:{{peer['password'}}
{{else}}
cache_peer {{peer['address']}} parent {{peer['port']}} 0 no-query default
{{endif}}
{{endfor}}
never_direct allow all
{{endif}}

I tried exactly this (assuming I didn't typo anything) and it works for me in the field.

I'm having what appears to be the same issue, 407 Proxy Authentication Required errors, when trying to commission a node. This inevitably leads to 00-maas-03-install-lldpd failing with "Unable to locate package lldpd".

Running the snap for maas 2.8, is there a way to apply the patch @vern described in above? (All of the snap files are read-only e.g., /snap/maas/7808/lib/python3.6/site-packages/provisioningserver/proxy/config.py). (I know this is probably not the right way to do it :) ) Thanks.

And in my case, there is also indeed a peer proxy with authentication required.

Alright, I've figured out how to apply @vern's changes:

1. snap download maas
2. unsquashfs maas_7808.snap # creates: squashfs-root
3. ..do some edits now...
4. snap try squashfs-root
5. Apply the snap connections:
   snap connect maas:avahi-observe :avahi-observe
   snap connect maas:maas-cli maas-cli:maas-cli
   snap connect maas:test-db-socket maas-test-db:db-socket
   snap connect maas:hardware-observe :hardware-observe
   snap connect maas:home :home
   snap connect maas:kernel-module-observe :kernel-module-observe
   snap connect maas:mount-observe :mount-observe
   snap connect maas:network :network
   snap connect maas:network-bind :network-bind
   snap connect maas:network-control :network-control
   snap connect maas:network-observe :network-observe
   snap connect maas:system-observe :system-observe
   snap connect maas:time-control :time-control

The changes almost worked, but I discovered one additional problem. When choosing the "Peer" option from http://localhost:5240/MAAS/r/settings/network/proxy, MAAS does not automatically re-render the maas-proxy.conf file, here:

/var/snap/maas/current/proxy/maas-proxy.conf

It's strange because if I switch to other options like "MAAS built-in" and click Save, then it does re-render maas-proxy.conf. But as soon as I switch back to "Peer" it does not re-render that file. So, as my final step I had to manually update the file and then restart squid. But then it all worked. (And worked well! :) )

I resolved my issue with re-rendering of maas-proxy.conf. Please disregard my previous report about it not re-rendering. I was able to notice in regiond.log that it was not re-rendering because it was actually crashing due to a typo from @vern's code above. Please note the following change needed:

@vern's original code (missing square brackets):
login={{peer['username'}}:{{peer['password'}}

Corrected code:
login={{peer['username']}}:{{peer['password']}}

Thanks.

Is there any chance the patch from @vern from #1 can be applied along with my correction in #5?

Thanks.

Hotfix snap pushed to the snapstore under "3.0/stable/proxy-auth-hotfix"