First Last Prev Next    This bug is not in your last search results.
Bug 51031 - proxy/no_proxy not being considered in /etc/univention/templates/files/etc/systemd/system/docker.service.d/http-proxy.conf
proxy/no_proxy not being considered in /etc/univention/templates/files/etc/sy...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: App Center
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-4-errata
Assigned To: Christian Castens
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-03-27 17:06 CET by Valentin Heidelberger
Modified: 2020-05-06 14:39 CEST (History)
6 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.171
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Valentin Heidelberger univentionstaff 2020-03-27 17:06:41 CET 
The template file /etc/univention/templates/files/etc/systemd/system/docker.service.d/http-proxy.conf is very important because it configures docker's proxy settings. If docker's proxy settings are not right, the installation of apps will fail.

Contrary to UCR vars proxy/http_proxy and proxy/https_proxy, proxy/no_proxy is not part of the template. Instead "localhost,127.0.0.1" is being set as a default, if at least one of proxy/http or proxy/https is set.

proxy/no_proxy should be part of the template or there should at least be a way to configure it to be included other than changing the template.
Comment 1 Arvid Requate univentionstaff 2020-04-02 13:53:07 CEST 
A Ticket-Number is required to qualify a Bug as "School Customer Affected".

I've pushed this Bug into the ucsschool Trello Backlog.
Comment 2 Arvid Requate univentionstaff 2020-04-02 13:57:11 CEST 
Typo in last comment: sed 's/ucsschool Trello/appcenter Taiga'
Comment 3 Nico Gulden univentionstaff 2020-04-03 14:10:40 CEST 
See also https://docs.docker.com/config/daemon/#httphttps-proxy
Comment 4 Nico Gulden univentionstaff 2020-04-03 14:16:37 CEST 
Somehow the link in my previous comment does not work. Use https://docs.docker.com/config/daemon/systemd/ and see in the section "HTTP/HTTPS proxy"
Comment 5 Christian Castens univentionstaff 2020-04-22 13:08:57 CEST 
fix on branch ccastens/51031

https://git.knut.univention.de/univention/ucs/-/tree/ccastens/51031


If ucr variable 'proxy/no_proxy' is set, it's value will be added to the default 'NO_PROXY' part of the environment variable of univention-docker.

Example:
(ucr var)        proxy/no_proxy == 'test,1.2.3.4'
(docker env var) HTTPS_PROXY=... NO_PROXY=localhost,127.0.0.1,test,1.2.3.4

'proxy/no_proxy' is still only used when at least one of 'proxy/http' or 'proxy/https' is set.
In case ucr variable 'proxy/no_proxy' is not set, 'NO_PROXY' is set to the default value 'localhost,127.0.0.1'.
Comment 6 Christian Castens univentionstaff 2020-05-04 12:21:18 CEST 
Merged and built in 4.4-4

Successful build
Package: univention-docker
Version: 4.0.1-8A~4.4.0.202005041208
Branch: ucs_4.4-0
Scope: errata4.4-4

commit 14c93ec19085614748f3c88c31b0e916a50bdbf4
commit 646578d47e29a75a92b560e501124541e1e08577
commit 5e070b4190f15c32f676daa110e36fcc05948bc4
Comment 7 Felix Botner univentionstaff 2020-05-04 12:28:28 CEST 
OK - yaml
OK - univention-docker, no_proxy is evaluated in the template

ucr get proxy/no_proxy 
10.200.7.80,10.200.7.160

more /etc/systemd/system/docker.service.d/http-proxy.conf 
...
[Service]
Environment= "HTTP_PROXY=http://10.200.7.80:3128" "NO_PROXY=localhost,127.0.0.1,10.200.7.80,10.200.7.160"
Comment 8 Erik Damrose univentionstaff 2020-05-06 14:39:59 CEST 
<http://errata.software-univention.de/ucs/4.4/584.html>
First Last Prev Next    This bug is not in your last search results.