rcc icon indicating copy to clipboard operation
rcc copied to clipboard
verified publisher icon robocorp

Configuration settings for full offline mode in RCC 16.5?

Open gotoshekar opened this issue 3 months ago • 1 comments

Dear team, We're using RCC v16.5. Exported the holotree and wdm from an environment where full internet access is there. Then imported those into an environment where pubic website access is restricted. Setting the following envrionment variables in robot.yaml and also setting --no-build in "rcc run task" command.

PIP_DISABLE_PIP_VERSION_CHECK="1" PIP_NO_INDEX="1" RCC_DISABLE_TELEMETRY="1" RCC_NO_BUILD="1" RCC_OFFLINE="true" RCC_TELEMETRY="false" ROBOCORP_HOME="/home/opc/.orpa/.robot_runtime" WDM_CACHE="/home/opc/.orpa/.robot_runtime/home/webdrivers/.wdm" WDM_OFFLINE="true"

Still the external website calls are being made to cloudfare CDNs and the process gets stuck in SYS_SENT. Please advice how to stick to pure offline mode? Thanks

gotoshekar avatar Sep 30 '25 04:09 gotoshekar

Hey @gotoshekar - sorry you didn't get a response. I maintain a community fork of RCC and can help.

Those Cloudflare calls are likely OCSP certificate revocation checks from the TLS stack, not RCC itself. Here's how to fix it:

Step 1: Grab a build from my fork (optional)

My fork has telemetry disabled by default: github.com/joshyorko/rcc/releases

Download the binary for your platform from the release assets.

Step 2: Generate a settings template

rcc configure settings --defaults > settings.yaml

Step 3: Edit settings.yaml

certificates:
  verify-ssl: true
  ssl-no-revoke: true   # <-- This disables OCSP checks (the Cloudflare calls)

options:
  no-build: true

endpoints:
  telemetry:   # empty = disabled
  issues:      # empty = disabled
  downloads:   # empty = disabled
  pypi:        # empty = disabled
  conda:       # empty = disabled

Step 4: Create a profile and activate it

# Create profile file (profile_offline.yaml)
cat > profile_offline.yaml << 'EOF'
name: offline
description: "Fully offline profile"
settings:
  certificates:
    verify-ssl: true
    ssl-no-revoke: true
  options:
    no-build: true
  endpoints:
    telemetry: ""
    issues: ""
EOF

# Import and immediately activate
rcc configure import --filename profile_offline.yaml --switch

Or just manually copy settings.yaml to $ROBOCORP_HOME/settings.yaml.

Step 5: Set environment variables BEFORE running rcc

Your env vars in robot.yaml only apply inside the robot environment - they run too late. Set these in your shell first:

export RCC_ENDPOINT_TELEMETRY=""
export RCC_ENDPOINT_DOWNLOADS=""
export RCC_ENDPOINT_PYPI=""
export RCC_ENDPOINT_CONDA=""

What's probably causing your Cloudflare calls:

  1. OCSP checks - Certificate revocation checks (fix: ssl-no-revoke: true)
  2. webdriver-manager - Even with WDM_OFFLINE=true, it may still try to phone home. Pre-download drivers or pin versions.
  3. pip metadata - Despite PIP_NO_INDEX, pip can still make calls. Verify your holotree has everything cached.

Debug it

# Watch network connections during rcc execution
strace -e trace=network -f rcc run task 2>&1 | grep connect

Verify your holotree

rcc holotree catalogs
rcc holotree list

If those show your environment, --no-build should work without network.

Happy to help troubleshoot further - just ping me here or open an issue on my fork.

joshyorko avatar Dec 12 '25 16:12 joshyorko