Bug 44785 - Proxy settings of host are not inherited to docker containers
Proxy settings of host are not inherited to docker containers
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: App Center
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-4-errata
Assigned To: Felix Botner
Dirk Wiesenthal
:
Depends on: 44561
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-14 05:21 CEST by Dirk Wiesenthal
Modified: 2017-09-13 17:11 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 4: A User would return the product
User Pain: 0.229
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Wiesenthal univentionstaff 2017-06-14 05:21:05 CEST
Please fix for 4.1-4

+++ This bug was initially created as a clone of Bug #44561 +++

When UCS runs behind a proxy, the proxy settings of the host (proxy/http="http://10.200.30.254:8080" and proxy/https="https://10.200.30.254:8080") are not passed to the docker containers.

Please note that this is not about the docker daemon ("docker pull" works fine). This is about the applications inside the docker container. They cannot access the internet because they are not aware of the proxy.
This means that you cannot install Nextcloud/ownCloud plugins, for example (or install debugging tools inside the container). 

As a workaround, you can set this UCR variable BEFORE the App installation (thanks Dirk):

ucr set --force appcenter/apps/nextcloud/docker/params="--env http_proxy=http://10.200.30.254:8080 --env 
https_proxy=https://10.200.30.254:8080"

I think we should do this automatically as some kind of pre-hook before the main app installation, if proxy/http(s) is set on the host.

The challenge is, that ENV variables can only be passed to a container while it is being created. They cannot be changed for an existing container afterwards:
https://github.com/moby/moby/issues/8838#issuecomment-285789380

This means that we can only change the ENV variables before the installation or before an app upgrade, afaics. I think we also need something like "univention-app reinstall" that simply removes the current container and creates a new one without purging app data. But that's a separate bug.
Comment 1 Florian Best univentionstaff 2017-06-28 14:52:32 CEST
There is a Customer ID set so I set the flag "Enterprise Customer affected".
Comment 2 Felix Botner univentionstaff 2017-09-06 12:21:22 CEST
merged changes

univention-appcenter r82708 errata4.1-4
Comment 3 Dirk Wiesenthal univentionstaff 2017-09-12 15:26:11 CEST
OK, works
YAML OK
Comment 4 Arvid Requate univentionstaff 2017-09-13 17:11:49 CEST
<http://errata.software-univention.de/ucs/4.1/476.html>