adb-atomic-developer-bundle
adb-atomic-developer-bundle copied to clipboard
projectatomic
Support proxies
SEE: https://bugzilla.redhat.com/show_bug.cgi?id=1313218
Description of problem: In an enterprise environment is typical to have a proxy that limits internet connection. It would be nice to have a proper documentation and even include something like vagrant-proxyconf in the CDK.
How reproduce: Try to get some docker image from outside the CDK with a proxy limiting internet connectivity.
Initial thoughts after reading https://docs.docker.com/engine/admin/systemd/#http-proxy
if ENV.has_key?('HTTP_PROXY')
HTTP_PROXY = ENV['HTTP_PROXY']
config.vm.provision "shell", inline: <<-SHELL
mkdir /etc/systemd/system/docker.service.d
echo '[Service]' > /etc/systemd/system/docker.service.d/http-proxy.conf
echo 'Environment="HTTP_PROXY=#{HTTP_PROXY}"' >> /etc/systemd/system/docker.service.d/http-proxy.conf
sudo systemctl daemon-reload
sudo systemctl restart docker
SHELL
end
If we have a proxy server in play, why don't we do the following?
Collect it via a variable in the Vagrantfile and pass that to sccli (or something similar).
Inside the box, set all of the environment variables for proxies in /etc/environment:
export http_proxy="http://proxysrv:8080/"
export https_proxy="https://proxysrv:8080/"
export ftp_proxy="ftp://proxysrv:8080/"
export no_proxy=".mylan.local,.domain1.com,host1,host2"
Also set up a yum proxy in /etc/yum.conf
proxy=http://proxysrv:8080/
This way the user just sets one variable and we do all the work. We can even add a set of vagrant service-manager proxy * commands.
Note that setting environment variables for the VM is not enough: OpenShift is running inside a container, and the proxy settings will not be propagated there.
There needs to be some code change (possibly in /opt/adb/openshift/openshift, the script that launches the container) for this to work properly.
@codificat good point. We could have sccli which launches openshift and other ADB services pass this environment variable.
@bexelbie @codificat Sounds good, will try to work on this issue soon.
This is blocking users to do download docker images in OpenShift if they are behind corporate proxy. Hence marking it as blocker.
Any proxy configurations would need to include /etc/sysconfig/atomic-openshift-master and /etc/sysconfig/atomic-openshift-node otherwise any build attempted in that installation will fail. Also note, that once PROXY servers are added to /etc/sysconfig/docker you'll need to add NO_PROXY for the service IP for the internal docker registry container service.
What's about added a service-manager enable proxy proxy-url bla -proxy-user bla -proxy-user bla. We then encapsulate all required steps to enable a proxy (Docker and OpenShift conf + whatever else we discover) into a script which we place in adb-utils. _service-manager- can then call this script to do all the provisioning.
@hferentschik Your suggestion looks like a step after vagrant up.
I would rather go with configuration options which will be part of vagrant up process to avoid unnecessary using of an extra command. Then, Vagrantfile will look like as below:
Vagrant.configure("2") do |config|
config.vm.box = "projectatomic/adb"
# Proxy Settings
config.servicemanager.http = "http://proxy_url:port/"
config.servicemanager.https = "https://proxy_url:port"
config.servicemanager.no_proxy = "localhost,127.0.0.1,.example.com"
end
This is fixed by https://github.com/projectatomic/adb-atomic-developer-bundle/pull/482 , but only for OpenShift Vagrantfile. We need to fix Docker, K8s and Mesos similarly