How do I get MAAS and Juju to recognize proxy settings in a deployment?
Solution 1
I am afraid this is currently not a supported configuration for MAAS (but i would be happy to be wrong on this).
I also have to use MAAS behind a proxy, and here is how i dealt with it:
importing the pxe images:
sudo http_proxy=http://my.proxy:3128/ maas-import-pxe-files
Edit /usr/share/maas/preseeds/enlist_userdata
set apt_proxy
#we cannot use maas as a proxy as maas itself is behind a proxy
#if we try, when we bootstrap zookeeper, it is not able to download archive.ubuntu.com/ubuntu/dists/precsie/Release
apt_proxy: http://my.proxy:3128/
Change /usr/share/maas/preseeds/preseed_master so that {{self.proxy}} is
d-i mirror/country string manual
d-i mirror/http/hostname string archive.ubuntu.com
d-i mirror/http/directory string /ubuntu
d-i mirror/http/proxy string http://my.proxy:3128/
Be sure to actually remove the {{self.proxy}} macro or it will be expanded anyway if you just comment it out.
Change /usr/share/maas/preseeds/generic
so that
d-i preseed/late_command string true && \
in-target sh -c 'f=$1; shift; echo $0 > $f && chmod 0440 $f $*' 'ubuntu ALL=(ALL) NOPASSWD: ALL' /etc/sudoers.d/maas && \
in-target wget --no-proxy "{{node_disable_pxe_url|escape.shell}}" --post-data "{{node_disable_pxe_data|escape.shell}}" -O /dev/null && \
true
is
d-i preseed/late_command string true && \
in-target sh -c 'f=$1; shift; echo $0 > $f && chmod 0440 $f $*' 'ubuntu ALL=(ALL) NOPASSWD: ALL' /etc/sudoers.d/maas && \
in-target wget --no-proxy "{{node_disable_pxe_url|escape.shell}}" --post-data "{{node_disable_pxe_data|escape.shell}}" -O /dev/null && \
in-target apt-key adv --keyserver-options http-proxy=http://my.proxy:3128/ --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys "0x376a290ec8068b11" && \
in-target sh -c 'http_proxy=http://my.proxy:3128/ https_proxy=http://my.proxy:3128/ apt-add-repository -m ppa:juju/pkgs --yes' && \
in-target sh -c 'http_proxy=http://my.proxy:3128/ https_proxy=http://my.proxy:3128/ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA' && \
true
There may be better way to do it, it may not work everywhere, but it worked for me.
Note that some charms must also be changed to use a proxy when they try to wget stuff from the internet or add some ppa.
Solution 2
In the settings page (the cog near the top right) look for the Network Configuration section. There's a box for setting the HTTP and HTTPS proxy.
This can also be set via maas-cli:
maas-cli $profile maas set-config name=http_proxy value=http://example.com/
(If you've not used maas-cli before, see the maas-cli docs to get started.)
Ross
Updated on September 18, 2022Comments
-
Ross almost 2 years
So, I have Ubuntu 12.04 LTS, installed MaaS from the initial bootup, and then added JUJU. I'm behind a proxy, so, added proxy to /etc/apt/apt.conf and also to /etc/wgetrc. Doing that I could then use maas-import-pxe-files.
Setup my environment, everything seems fine, but when I boot the nodes up they can't resolve archive.ubuntu.com. Is there somewhere I have to set my proxy information so it's passed onto the nodes that connect to the MaaS server? I don't see any action in any squid logs, and not sure where I should put my proxy to the outside world so it should be passed on.
Any assistance is greatly appreciated!
-
Ross about 11 yearsThanks so much! It's probably going to help me out a lot, I was also looking at apt-cache / apt-proxy to see if that would be able to help too.
-
Gavin Panella about 11 yearsUnfortunately the online docs are somewhat out of date in this regard. MAAS does let you specify a proxy (I've added a separate answer for that) and that should propagate through to nodes, and there's also no need any more to run maas-import-pxe-file manually.
-
Ross about 11 yearsThis is starting to clear things up a bit. I'm using the maas-dhcp and maas-dns. Now, my MaaS server is resolving OK, as it's pointing to another DNS. However, the nodes are pointing to the MaaS server for DNS, so, stopping to think about it - how are my my nodes even going to resolve the hostname if the MaaS server DNS doesn't have a forwarder or something pointing to my primary DNS. One of those, can't see the forrest for the trees situations I guess.
-
Ross about 11 yearsI've still got issues with it. Thing is, I've got MaaS to do dhcp and dns, but, since the nodes would be looking at the MaaS server for DNS, they can't resolve any of the addresses. I'm not sure if the MaaS server is meant to just pass on it's DNS settings, if I should add a forwarder to the correct DNS.
-
Ross about 11 yearsI can now see the nodes searching for the proxy, however, my next issue is that the nodes are just getting the DNS from the MaaS host. Should I be adding dns forwarding somewhere, so, the nodes look to the MaaS host and can also forward to the 'real' DNS so they can resolve correctly.
-
Raphaël Badin about 11 yearsYes, adding a fowarder is the way to do this: usually, in /etc/bind/named.conf.options, you should configure something like: paste.ubuntu.com/5800986
-
Frederick Nord about 8 yearsnote that this information does not apply to more recent versions of MAAS.