rpm-ostree icon indicating copy to clipboard operation
rpm-ostree copied to clipboard

Published 20 hours ago verified publisher icon coreos

How to use proxy server with rpm-ostree

Open rgruyters opened this issue 7 years ago • 15 comments

** Host system details ** Centos Atomic Host as VM

Provide the output of rpm-ostree status.

State: idle
Deployments:
● centos-atomic-host:centos-atomic-host/7/x86_64/standard
       Version: 7.20170405 (2017-04-10 20:31:05)
        Commit: 91fe03fef75652f68a9974261b391faaeb5bd20f33abf09bb1d45511ba2df04e
        OSName: centos-atomic-host
  GPGSignature: 1 signature
                Signature made Mon 10 Apr 2017 11:19:14 PM CEST using RSA key ID F17E745691BA8335
                Good signature from "CentOS Atomic SIG <[email protected]>"

** Expected vs actual behavior **

# rpm-ostree install oddjobd
Checking out tree 91fe03f... done
error: cannot update repo 'base': Cannot prepare internal mirrorlist: Curl error (7): Couldn't connect to server for http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=$infra [Failed to connect to 2607:f8f8:700:12::10: Network is unreachable]

Expected:

# rpm-ostree install oddjobd
...
Success!

Steps to reproduce it

Just run above command in a closed environment

Would you like to work on the issue?

Please let us know if you can work on it or the issue should be assigned to someone else.

rgruyters avatar May 01 '17 12:05 rgruyters

rpm-ostree uses https://github.com/rpm-software-management/libdnf/ which handles proxy configuration via the same mechanisms as the original yum. Did you add a proxy= entry to the file in /etc/yum.repos.d?

Note that for the libostree side (base tree/image) updates, you'll need to edit a different file; see https://github.com/projectatomic/rpm-ostree/issues/208

cgwalters avatar May 01 '17 13:05 cgwalters

@cgwalters I haven't yet tried it to edit yum. For the record I have Centos Atomic Host running. Don't know if that matters.

rgruyters avatar May 01 '17 18:05 rgruyters

@cgwalters in https://github.com/projectatomic/rpm-ostree/issues/208#issuecomment-171737861 is a little bit explained about the problem, unfortunately it doesn't make it clear (for me) where and how?

rgruyters avatar May 01 '17 18:05 rgruyters

Reference: https://github.com/projectatomic/atomic-site/pull/428

jberkus avatar May 04 '17 19:05 jberkus

@rgruyters To clarify, for proxy settings affecting rpm-ostree install, edit /etc/yum.conf//etc/dnf/dnf.conf. It can also be set per-repo rather than globally (at least for DNF -- see http://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo). (Edit: Actually the conf files are used by dnf and yum only and thus won't affect rpm-ostree. You'll have to edit the repo files themselves.)

For proxy settings affecting rpm-ostree upgrade/deploy/rebase, you can add the proxy= line to the remote config in e.g. /etc/ostree/remotes.d (see https://github.com/ostreedev/ostree/blob/a71d550/man/ostree.repo-config.xml#L143). You'll have to do systemctl reload rpm-ostreed afterwards (or just restart if you have an older version).

jlebon avatar May 04 '17 20:05 jlebon

@jlebon thanks for clearing this. Although I have checked but I didn't found a /etc/yum.conf on my system. Again to clarify, I have CentOS Atomic Host installed.

rgruyters avatar May 05 '17 17:05 rgruyters

Right, rpm-ostree uses libdnf which currently does not have a global configuration file, only per-repository.

cgwalters avatar May 05 '17 17:05 cgwalters

Oh right, sorry for the confusion there. I amended the comment for posterity.

jlebon avatar May 05 '17 18:05 jlebon

Really guys? Do we now have to edit proxys everywhere…?!

I work in different environments and thus already have to replace my proxy file in /etc/profile.d/ and change Gnome Shell’s and Firefox’s proxy settings every time. Now I would have to do that additionally for dnf and ostree and possibly other system services…?! O_o

fbruetting avatar Oct 29 '18 15:10 fbruetting

Found this snippet in #208:

$ mkdir -p /etc/systemd/system/rpm-ostreed.service.d
$ cat > /etc/systemd/system/rpm-ostreed.service.d/http-proxy.conf << EOF
[Service]
Environment="http_proxy=http://<my-proxy>"
EOF
$ systemctl daemon-reload
$ systemctl restart rpm-ostreed.service

This seems to work for rpm-ostree upgrade|install.

matyat avatar Oct 30 '18 10:10 matyat

rpm-ostree should read all_proxy, http_proxy and https_proxy variables like dnf and yum.

loupianche avatar Feb 27 '19 12:02 loupianche

Found this snippet in #208:

$ mkdir -p /etc/systemd/system/rpm-ostreed.service.d
$ cat > /etc/systemd/system/rpm-ostreed.service.d/http-proxy.conf << EOF
[Service]
Environment="http_proxy=http://<my-proxy>"
EOF
$ systemctl daemon-reload
$ systemctl restart rpm-ostreed.service

This seems to work for rpm-ostree upgrade|install.

saved my live!

Unfortunately rpm-ostree on FCOS32 ignored all my attempts using env vars. So at least from that point it must somehow differ from dnf/yum as those take env vars into account...

lz006 avatar Mar 09 '21 19:03 lz006

In case it helps anyone else, for the workaround I had to set https_proxy in addition to http_proxy.

pmcnabb avatar Sep 01 '22 13:09 pmcnabb

Found this snippet in #208:

$ mkdir -p /etc/systemd/system/rpm-ostreed.service.d
$ cat > /etc/systemd/system/rpm-ostreed.service.d/http-proxy.conf << EOF
[Service]
Environment="http_proxy=http://<my-proxy>"
EOF
$ systemctl daemon-reload
$ systemctl restart rpm-ostreed.service

This seems to work for rpm-ostree upgrade|install.

This worked for someone in https://discussion.fedoraproject.org/t/rpm-ostree-upgrade-and-proxy-server-timeout-was-reached/87051/10. Maybe we should document that as a workaround in the meantime?

travier avatar Aug 21 '23 08:08 travier

Unfortunately https://github.com/ostreedev/ostree-rs-ext/issues/582 means this no longer works for OCI layers - perhaps it's time for dedicated proxy configuration in rpm-ostreed.conf and appropriate plumbing to pass the options down to wherever it's required?

srd424 avatar Jan 05 '24 22:01 srd424