Documentation for Proxy Configuration Could Use More Detail

Question

Documentation for Proxy Configuration Could Use More Detail

Closed this issue a year ago · 7 comments

manadart commented 6 years ago

See where I lent a hand to someone attempting to set this up here:
https://bugs.launchpad.net/juju/+bug/1830988

It is worth pointing out that https-proxy should use a HTTP protocol (without S).
An example bootstrap command with concrete examples would be helpful.
Explicitly stating that for LXD deployments, the address of the LXD server on the bridge network (maybe the whole bridge subnet) should be added to no-proxy.
For hosts inside the proxied network, it is also worth pointing out that the local environment should be set up to use the proxies, because deployment requires the Juju client to access the charm store directly before calling the Juju API.

Answer 1 · 2019-05-31T13:04:55.000Z

@manadart Thanks for this. 🍔

Answer 2 · 2019-05-31T15:00:23.000Z

After some RTFM and experimentation, here are some things to consider as well:

Exporting http_proxy and https_proxy environment variables could create problems with certain charms ( I know it does mess up etcd.) An alternative is to configure your model's juju-http-proxy and juju-https-proxy settings. For example:

juju bootstrap localhost lxd-bionic <insert --config no_proxy, http_proxy and https_proxy options as needed>
juju add _model <name>
juju model-config juju-http-proxy=http://squid.internal:3128 juju-https-proxy=http://squid.internal:3128

Any services deployed will also need to reach other machines on this host, so use juju-no-proxy to allow this. For example.
juju model-config juju-no-proxy=127.0.0.1,localhost,::1,10.51.29.0/24
(where lxd bridge has ip 10.51.29.1 and the nodes would have an ip of 10.51.29.X)

After you deploy your charm/bundle, you can also set individual charm proxy for those that need to use snap to install etc. For example:
juju config etcd snap_proxy=http://squid.internal:3128
juju config <insert charm name here> snap_proxy=http://squid.internal:3128 http_proxy=http://squid.internal:3128 https_proxy=http://squid.internal:3128

Answer 3 · 2019-05-31T15:02:46.000Z

@manjo-git Awesome. I may question you on some of this. 👍

Answer 4 · 2019-06-04T00:23:55.000Z

To begin, there is documentation on this. See Using the localhost cloud offline, linked from the Working offline page. I will start enhancing it based on the information in this issue.

Answer 5 · 2019-06-05T16:23:54.000Z

@manadart

For hosts inside the proxied network, it is also worth pointing out that the local environment should be set up to use the proxies, because deployment requires the Juju client to access the charm store directly before calling the Juju API.

By "hosts" you mean machines that can potentially house a Juju client?
When deploying a charm, my understanding was that the client makes a request to the controller, which performs the download.
If the above is true I do see how a non-remote LXD controller and the client are bound together.

Answer 6 · 2019-06-05T22:39:35.000Z

Enhance proxy configuration pages

Answer 7 · 2019-06-10T14:56:00.000Z

By "hosts" you mean machines that can potentially house a Juju client?

When deploying a charm, my understanding was that the client makes a request to the controller, which performs the download.

If the above is true I do see how a non-remote LXD controller and the client are bound together.

Yes.
The controller does download the charm itself, but the client accesses the charm meta-data to do some validation client-side before making that request.