Re: Juju2 behind proxy

2017-03-30 Thread Dmitrii Shcherbakov 
Hi Vladimir,

I would white-list at least the following:

ubuntu-cloud.archive.canonical.com - TCP/80, TCP/443
cloud-images.ubuntu.com - TCP/80, TCP/443
keyserver.ubuntu.com - TCP/80, TCP/11371
archive.ubuntu.com - TCP/80, TCP/443
launchpad.net - TCP/22, TCP/80, TCP/443
launchpadlibrarian.net - TCP/80, TCP/443
jujucharms.com - TCP/80, TCP/443
entropy.ubuntu.com - TCP/443
streams.canonical.com - TCP/80, TCP/443

Also:
access to internal NTP server or access to ntp.ubuntu.com - UDP/123, TCP/123
access to internal DNS server or access to root DNS servers - UDP/53

If anything snap-related is used, it might be harder as multiple backend
instances are used judging by an strace of snapd.

nslookup search.apps.ubuntu.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: search.apps.ubuntu.com
Address: 162.213.33.196
Name: search.apps.ubuntu.com
Address: 162.213.33.200

nslookup public.apps.ubuntu.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: public.apps.ubuntu.com
Address: 162.213.33.91
Name: public.apps.ubuntu.com
Address: 162.213.33.92

During the installation of a snap a bunch of other addresses are used:

69.88.149.x

RDNS for all of them points to cdce.ams002.internap.com which seems to be a
CDN provider's name (DNS load-balancing).

nslookup cdce.ams002.internap.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: cdce.ams002.internap.com
Address: 69.88.149.137
Name: cdce.ams002.internap.com
Address: 69.88.149.141
Name: cdce.ams002.internap.com
Address: 69.88.149.135
Name: cdce.ams002.internap.com
Address: 69.88.149.138
Name: cdce.ams002.internap.com
Address: 69.88.149.136
Name: cdce.ams002.internap.com
Address: 69.88.149.140
Name: cdce.ams002.internap.com
Address: 69.88.149.142
Name: cdce.ams002.internap.com
Address: 69.88.149.139

You can get those by running something like the following and a `snap
install` or `snap find` commands in parallel:
sudo strace -f -s512 -p `pgrep -f snapd` |& grep -i 'connect'

[pid 24765] connect(11, {sa_family=AF_INET, sin_port=htons(0),
sin_addr=inet_addr("69.88.149.138")}, 16) = 0
[pid 24765] connect(11, {sa_family=AF_INET, sin_port=htons(443),
sin_addr=inet_addr("69.88.149.139")}, 16 

I'd start with those but there might be others depending on which charms do
you use (some non-core charms require external repositories so additional
addresses might need to be white-listed).

Best Regards,
Dmitrii Shcherbakov

Field Software Engineer
IRC (freenode): Dmitrii-Sh

On Tue, Mar 28, 2017 at 4:40 PM, Vladimir Burlakov  wrote:

> Hello guys,
> I wonder, if you can you tell, is there any way to get a list of domains
> (urls), where maas/juju getting os images, services etc. by default.., i
> mean something like "whitelist"..
> Now, i'm in a process of getting this from our firewall, but maybe such
> list is already there..
> just, in our enviroinment, we have some security restrictions, and we
> should provide white list to our security team..
>
> Thanks,
> Vladimir
>
> 21 февр. 2017 г., в 4:49, Menno Smits 
> написал(а):
>
> On 10 February 2017 at 19:07, Mark Shuttleworth  wrote:
>
>> On 09/02/17 12:27, Vladimir Burlakov wrote:
>> > Hi Guys,
>> > Thank you a lot, it’s worked, you really helped me. :) as said my
>> > friend:  "community - is the power !"
>>
>> :)
>>
>> Welcome aboard, Vladimir!
>>
>> One question - are we good about passing this proxy information on to
>> the various machines that get spun up? Ubuntu, CentOS, Windows etc all
>> have ways to use proxy info, and I'm interested in whether we rigorously
>> pass this to them via cloud-init.
>>
>
> ​Proxy information is passed to cloud-init for Ubuntu and CentOS machines
> but doesn't appear to be used for Windows machines. I've filed this ticket
> regarding that: ​​https://bugs.launchpad.net/juju/+bug/1666351​​
>
> ​It's also worth noting that we recently identified and fixed a
> long-standing issue with respect to handling of proxy configuration. In
> Juju versions before 2.1-rc2 it was possible for the intended proxy
> configuration to sometimes not be in place due to the way that Go handles
> the various proxy environment variables. ​See https://bugs.launchpad.
> net/juju/+bug/1654591
>
> - Menno
>
>
>
> --
> Juju mailing list
> Juju@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/juju
>
>
-- 
Juju mailing list
Juju@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/juju

Re: Juju2 behind proxy

2017-03-28 Thread Vladimir Burlakov 
Hello guys, 
I wonder, if you can you tell, is there any way to get a list of domains 
(urls), where maas/juju getting os images, services etc. by default.., i mean 
something like "whitelist".. 
Now, i'm in a process of getting this from our firewall, but maybe such list is 
already there..
just, in our enviroinment, we have some security restrictions, and we should 
provide white list to our security team..

Thanks, 
Vladimir

> 21 февр. 2017 г., в 4:49, Menno Smits  написал(а):
> 
> On 10 February 2017 at 19:07, Mark Shuttleworth  > wrote:
> On 09/02/17 12:27, Vladimir Burlakov wrote:
> > Hi Guys,
> > Thank you a lot, it’s worked, you really helped me. :) as said my
> > friend:  "community - is the power !"
> 
> :)
> 
> Welcome aboard, Vladimir!
> 
> One question - are we good about passing this proxy information on to
> the various machines that get spun up? Ubuntu, CentOS, Windows etc all
> have ways to use proxy info, and I'm interested in whether we rigorously
> pass this to them via cloud-init.
> 
> ​Proxy information is passed to cloud-init for Ubuntu and CentOS machines but 
> doesn't appear to be used for Windows machines. I've filed this ticket 
> regarding that: ​​https://bugs.launchpad.net/juju/+bug/1666351 
> ​​
> 
> ​It's also worth noting that we recently identified and fixed a long-standing 
> issue with respect to handling of proxy configuration. In Juju versions 
> before 2.1-rc2 it was possible for the intended proxy configuration to 
> sometimes not be in place due to the way that Go handles the various proxy 
> environment variables. ​See https://bugs.launchpad.net/juju/+bug/1654591 
> 
> 
> - Menno

-- 
Juju mailing list
Juju@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/juju

Re: Juju2 behind proxy

2017-02-20 Thread Menno Smits 
On 10 February 2017 at 19:07, Mark Shuttleworth  wrote:

> On 09/02/17 12:27, Vladimir Burlakov wrote:
> > Hi Guys,
> > Thank you a lot, it’s worked, you really helped me. :) as said my
> > friend:  "community - is the power !"
>
> :)
>
> Welcome aboard, Vladimir!
>
> One question - are we good about passing this proxy information on to
> the various machines that get spun up? Ubuntu, CentOS, Windows etc all
> have ways to use proxy info, and I'm interested in whether we rigorously
> pass this to them via cloud-init.
>

​Proxy information is passed to cloud-init for Ubuntu and CentOS machines
but doesn't appear to be used for Windows machines. I've filed this ticket
regarding that: ​​https://bugs.launchpad.net/juju/+bug/1666351​​

​It's also worth noting that we recently identified and fixed a
long-standing issue with respect to handling of proxy configuration. In
Juju versions before 2.1-rc2 it was possible for the intended proxy
configuration to sometimes not be in place due to the way that Go handles
the various proxy environment variables. ​See
https://bugs.launchpad.net/juju/+bug/1654591

- Menno
-- 
Juju mailing list
Juju@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/juju

Re: Juju2 behind proxy

2017-02-20 Thread Charles Butler 
Greetings Vladimir,

As an author of the Canonical Distribution of Kubernetes charms I'm curious
which connection attempts were blocking you. We've taken great care with
respect to ensuring the charms will work in an offline environment. Our
last hold-out issue was with the docker images. Docker just simply doesn't
respect the system level proxy variables and necessitated an additional
level of configuration on the charms to pass this through.

Could you perhaps retry the deployment in your limited egress env and pass
the proxy values to the kubernetes-worker charm?

juju config kubernetes-worker http_proxy=http://my.proxy: https_proxy=
http://my.proxy: no_proxy=10.0.0.1

as a basic example of what you would issue to the charm to configure the
container runtime engine proxy variables. Sub the proxy config values as
appropriate.

I'm open to better methods to do this, which I think we can get committed
in short order, such as reading from the system level variables and then
re-render the systemd template with those exported.  (thanks for the idea!)

However, until such a time that we have that reworked, I'm highly
interested in if there were other blocking factors in your setup.

Thanks and all the best,


On Mon, Feb 20, 2017 at 4:26 AM Vladimir Burlakov  wrote:

> Hi Mark,
> Some thoughts/tests on how charms works after/in deployment state in proxy
> environment, f.e in deploying Kubernetes charm we stuck, cause application
> trying to connect to public http/s servers without proxy,  and it not reads
> system settings for proxy .. so maybe there (in juju) should be an option
> to redirect all (or well known, such as http/https/ftp) connection to
> outside through juju controller using it as gateway or through proxy
> itself?!
> Or am I mistaken and this option is already there? :)
>
> Thanks,
> Vladimir
>
>
> > 10 февр. 2017 г., в 9:07, Mark Shuttleworth 
> написал(а):
> >
> > On 09/02/17 12:27, Vladimir Burlakov wrote:
> >> Hi Guys,
> >> Thank you a lot, it’s worked, you really helped me. :) as said my
> >> friend:  "community - is the power !"
> >
> > :)
> >
> > Welcome aboard, Vladimir!
> >
> > One question - are we good about passing this proxy information on to
> > the various machines that get spun up? Ubuntu, CentOS, Windows etc all
> > have ways to use proxy info, and I'm interested in whether we rigorously
> > pass this to them via cloud-init.
> >
> > Mark
>
>
> --
> Juju mailing list
> Juju@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/juju
>
-- 
Juju Charmer
Canonical Group Ltd.
Ubuntu - Linux for human beings | www.ubuntu.com
Juju - The fastest way to model your application | www.jujucharms.com
-- 
Juju mailing list
Juju@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/juju

Re: Re[2]: Juju2 behind proxy

2017-02-20 Thread Menno Smits 
Transparently redirecting requests to a proxy is something that Juju
*could* do but it could lead to other problems. HTTPS in particular is
quite tricky to proxy in a transparent way (with good reason!) without
changes in the client (which it sounds like you're trying to avoid).

Our of HTTP, HTTPS and FTP, only HTTP lends itself to straightforward
transparent proxying.


On 21 February 2017 at 01:08, Evgeny Zobnitsev  wrote:

> Hello,
>
> That there are a lot if applications that does not support proxy settings
> in juju environment, it is understandable. But we was thinking to enable
> option, that enables "transparent proxy", so just grab the well known ports
> and forward them according to the juju proxy settings...
> ___
> Best,
> Evgeny
>
>
> Monday, 20 February 2017, 12:51 +0300 from Merlijn Sebrechts <
> merlijn.sebrec...@gmail.com>:
>
> The issue with an https proxy is that this is an application level tunnel,
> not a network level tunnel. This means that EVERY application needs to
> change its behavior. You can't change this from the OS level. Juju
> correctly sets the https proxy variables, but those are only suggestions.
> It is still up to the application to respect this. A bunch of applications
> and libraries don't do that.
>
> We've used an http proxy for a while, but we switched to a NATted setup
> because there were just too much issues (outside of the control of Juju),
> and fixing them all slowed us down a lot.
>
> 2017-02-20 10:25 GMT+01:00 Vladimir Burlakov  >:
>
> Hi Mark,
> Some thoughts/tests on how charms works after/in deployment state in proxy
> environment, f.e in deploying Kubernetes charm we stuck, cause application
> trying to connect to public http/s servers without proxy,  and it not reads
> system settings for proxy .. so maybe there (in juju) should be an option
> to redirect all (or well known, such as http/https/ftp) connection to
> outside through juju controller using it as gateway or through proxy
> itself?!
> Or am I mistaken and this option is already there? :)
>
> Thanks,
> Vladimir
>
>
> > 10 февр. 2017 г., в 9:07, Mark Shuttleworth  >
> написал(а):
> >
> > On 09/02/17 12:27, Vladimir Burlakov wrote:
> >> Hi Guys,
> >> Thank you a lot, it’s worked, you really helped me. :) as said my
> >> friend:  "community - is the power !"
> >
> > :)
> >
> > Welcome aboard, Vladimir!
> >
> > One question - are we good about passing this proxy information on to
> > the various machines that get spun up? Ubuntu, CentOS, Windows etc all
> > have ways to use proxy info, and I'm interested in whether we rigorously
> > pass this to them via cloud-init.
> >
> > Mark
>
>
> --
> Juju mailing list
> Juju@lists.ubuntu.com
> 
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/juju
>
>
> --
> Juju mailing list
> Juju@lists.ubuntu.com
> 
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/juju
>
>
> --
> Juju mailing list
> Juju@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/juju
>
>
-- 
Juju mailing list
Juju@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/juju

Re[2]: Juju2 behind proxy

2017-02-20 Thread Evgeny Zobnitsev 

Hello,

That there are a lot if applications that does not support proxy settings in 
juju environment, it is understandable. But we was thinking to enable option, 
that enables "transparent proxy", so just grab the well known ports and forward 
them according to the juju proxy settings...
___
Best, 
Evgeny

Monday, 20 February 2017, 12:51 +0300 from Merlijn Sebrechts  
:
>The issue with an https proxy is that this is an application level tunnel, not 
>a network level tunnel. This means that EVERY application needs to change its 
>behavior. You can't change this from the OS level. Juju correctly sets the 
>https proxy variables, but those are only suggestions. It is still up to the 
>application to respect this. A bunch of applications and libraries don't do 
>that.
>
>We've used an http proxy for a while, but we switched to a NATted setup 
>because there were just too much issues (outside of the control of Juju), and 
>fixing them all slowed us down a lot.
>
>2017-02-20 10:25 GMT+01:00 Vladimir Burlakov  < v...@fgts.ru > :
>>Hi Mark,
>>Some thoughts/tests on how charms works after/in deployment state in proxy 
>>environment, f.e in deploying Kubernetes charm we stuck, cause application 
>>trying to connect to public http/s servers without proxy,  and it not reads 
>>system settings for proxy .. so maybe there (in juju) should be an option to 
>>redirect all (or well known, such as http/https/ftp) connection to outside 
>>through juju controller using it as gateway or through proxy itself?!
>>Or am I mistaken and this option is already there? :)
>>
>>Thanks,
>>Vladimir
>>
>>
>>> 10 февр. 2017 г., в 9:07, Mark Shuttleworth < m...@ubuntu.com > написал(а):
>>>
>>> On 09/02/17 12:27, Vladimir Burlakov wrote:
 Hi Guys,
 Thank you a lot, it’s worked, you really helped me. :) as said my
 friend:  "community - is the power !"
>>>
>>> :)
>>>
>>> Welcome aboard, Vladimir!
>>>
>>> One question - are we good about passing this proxy information on to
>>> the various machines that get spun up? Ubuntu, CentOS, Windows etc all
>>> have ways to use proxy info, and I'm interested in whether we rigorously
>>> pass this to them via cloud-init.
>>>
>>> Mark
>>
>>
>>--
>>Juju mailing list
>>Juju@lists.ubuntu.com
>>Modify settings or unsubscribe at:  
>>https://lists.ubuntu.com/mailman/listinfo/juju
>
>-- 
>Juju mailing list
>Juju@lists.ubuntu.com
>Modify settings or unsubscribe at:  
>https://lists.ubuntu.com/mailman/listinfo/juju
-- 
Juju mailing list
Juju@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/juju

Re: Juju2 behind proxy

2017-02-20 Thread Merlijn Sebrechts 
The issue with an https proxy is that this is an application level tunnel,
not a network level tunnel. This means that EVERY application needs to
change its behavior. You can't change this from the OS level. Juju
correctly sets the https proxy variables, but those are only suggestions.
It is still up to the application to respect this. A bunch of applications
and libraries don't do that.

We've used an http proxy for a while, but we switched to a NATted setup
because there were just too much issues (outside of the control of Juju),
and fixing them all slowed us down a lot.

2017-02-20 10:25 GMT+01:00 Vladimir Burlakov :

> Hi Mark,
> Some thoughts/tests on how charms works after/in deployment state in proxy
> environment, f.e in deploying Kubernetes charm we stuck, cause application
> trying to connect to public http/s servers without proxy,  and it not reads
> system settings for proxy .. so maybe there (in juju) should be an option
> to redirect all (or well known, such as http/https/ftp) connection to
> outside through juju controller using it as gateway or through proxy
> itself?!
> Or am I mistaken and this option is already there? :)
>
> Thanks,
> Vladimir
>
>
> > 10 февр. 2017 г., в 9:07, Mark Shuttleworth 
> написал(а):
> >
> > On 09/02/17 12:27, Vladimir Burlakov wrote:
> >> Hi Guys,
> >> Thank you a lot, it’s worked, you really helped me. :) as said my
> >> friend:  "community - is the power !"
> >
> > :)
> >
> > Welcome aboard, Vladimir!
> >
> > One question - are we good about passing this proxy information on to
> > the various machines that get spun up? Ubuntu, CentOS, Windows etc all
> > have ways to use proxy info, and I'm interested in whether we rigorously
> > pass this to them via cloud-init.
> >
> > Mark
>
>
> --
> Juju mailing list
> Juju@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/juju
>
-- 
Juju mailing list
Juju@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/juju

Re: Juju2 behind proxy

2017-02-20 Thread Vladimir Burlakov 
Hi Mark, 
Some thoughts/tests on how charms works after/in deployment state in proxy 
environment, f.e in deploying Kubernetes charm we stuck, cause application 
trying to connect to public http/s servers without proxy,  and it not reads 
system settings for proxy .. so maybe there (in juju) should be an option to 
redirect all (or well known, such as http/https/ftp) connection to outside 
through juju controller using it as gateway or through proxy itself?! 
Or am I mistaken and this option is already there? :)

Thanks,
Vladimir
 

> 10 февр. 2017 г., в 9:07, Mark Shuttleworth  написал(а):
> 
> On 09/02/17 12:27, Vladimir Burlakov wrote:
>> Hi Guys, 
>> Thank you a lot, it’s worked, you really helped me. :) as said my
>> friend:  "community - is the power !"
> 
> :)
> 
> Welcome aboard, Vladimir!
> 
> One question - are we good about passing this proxy information on to
> the various machines that get spun up? Ubuntu, CentOS, Windows etc all
> have ways to use proxy info, and I'm interested in whether we rigorously
> pass this to them via cloud-init.
> 
> Mark


-- 
Juju mailing list
Juju@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/juju

Re: Juju2 behind proxy

2017-02-09 Thread Mark Shuttleworth 
On 09/02/17 12:27, Vladimir Burlakov wrote:
> Hi Guys, 
> Thank you a lot, it’s worked, you really helped me. :) as said my
> friend:  "community - is the power !"

:)

Welcome aboard, Vladimir!

One question - are we good about passing this proxy information on to
the various machines that get spun up? Ubuntu, CentOS, Windows etc all
have ways to use proxy info, and I'm interested in whether we rigorously
pass this to them via cloud-init.

Mark

-- 
Juju mailing list
Juju@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/juju

Re: Juju2 behind proxy

2017-02-09 Thread Vladimir Burlakov 
Hi Guys, 
Thank you a lot, it’s worked, you really helped me. :) as said my friend:  
"community - is the power !"

Best, 
Vladimir 


> 9 февр. 2017 г., в 6:35, Menno Smits  написал(а):
> 
> One thing to be aware of is that many of the downloads done for a given model 
> (for example charms and resources) are done on the controller. This means you 
> need to set the proxy settings for the controller model as well as any other 
> models hosted on the controller. This is probably somewhat unexpected but 
> it's the way things work at the moment.
> 
> If you provide the proxy settings at bootstrap time (either on the command 
> line or as part of the cloud definition) then the controller and all models 
> will end up using the same proxy settings. If you have an existing controller 
> to change proxy settings for you'll want to make the change using "juju 
> model-defaults http_proxy=... https_proxy=..." and then apply that to each 
> model (including the controller model) using "juju model-config --reset 
> http_proxy https_proxy -m ".
> 
> On 9 February 2017 at 06:04, Reed O'Brien  > wrote:
> On Wed, Feb 8, 2017 at 8:31 AM, John Meinel  > wrote:
> > There is model configuration that you can set to tell juju what the proxies
> > are. Normally you set them at bootstrap time with:
> >   juju bootstrap --model-default http-proxy=http://... --model-default
> > https-proxy... --model-default no-proxy=
> >
> > You can also put these settings into ~/.local/share/clouds.yaml if you know
> > that you always want them set for a given cloud.
> 
> You can also set it on an existing model:
> 
> $ juju model-config http-proxy=http://example.com/foo 
> 
> Cheers,
> Reed
> 
> > John
> > =:->
> >
> > On Feb 8, 2017 8:09 PM, "Vladimir Burlakov"  > > wrote:
> >
> > Hi Team!
> > sorry for newbie question, but can you tell, is it possible to use juju2
> > (2.0.2-xenial-amd64) behind the firewall with only proxy (http/s) available?
> > i tried to change proxy settings in apt, environment variables and in
> > «config.yaml» on a controller but it did not helped.
> >
> > Thanks,
> > Vladimir
> >
> >
> > --
> > Juju mailing list
> > Juju@lists.ubuntu.com 
> > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/juju 
> > 
> >
> >
> >
> > --
> > Juju mailing list
> > Juju@lists.ubuntu.com 
> > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/juju 
> > 
> >
> 
> 
> 
> --
> Reed O'Brien
> ✉ reed.obr...@canonical.com 
> ✆ 415-562-6797 
> 💻 redir
> 
> --
> Juju mailing list
> Juju@lists.ubuntu.com 
> Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/juju 
> 
> 
> -- 
> Juju mailing list
> Juju@lists.ubuntu.com
> Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/juju

-- 
Juju mailing list
Juju@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/juju

Re: Juju2 behind proxy

2017-02-08 Thread Menno Smits 
One thing to be aware of is that many of the downloads done for a given
model (for example charms and resources) are done on the controller. This
means you need to set the proxy settings for the controller model as well
as any other models hosted on the controller. This is probably somewhat
unexpected but it's the way things work at the moment.

If you provide the proxy settings at bootstrap time (either on the command
line or as part of the cloud definition) then the controller and all models
will end up using the same proxy settings. If you have an existing
controller to change proxy settings for you'll want to make the change
using "juju model-defaults http_proxy=... https_proxy=..." and then apply
that to each model (including the controller model) using "juju
model-config --reset http_proxy https_proxy -m ".

On 9 February 2017 at 06:04, Reed O'Brien  wrote:

> On Wed, Feb 8, 2017 at 8:31 AM, John Meinel 
> wrote:
> > There is model configuration that you can set to tell juju what the
> proxies
> > are. Normally you set them at bootstrap time with:
> >   juju bootstrap --model-default http-proxy=http://... --model-default
> > https-proxy... --model-default no-proxy=
> >
> > You can also put these settings into ~/.local/share/clouds.yaml if you
> know
> > that you always want them set for a given cloud.
>
> You can also set it on an existing model:
>
> $ juju model-config http-proxy=http://example.com/foo
>
> Cheers,
> Reed
>
> > John
> > =:->
> >
> > On Feb 8, 2017 8:09 PM, "Vladimir Burlakov"  wrote:
> >
> > Hi Team!
> > sorry for newbie question, but can you tell, is it possible to use juju2
> > (2.0.2-xenial-amd64) behind the firewall with only proxy (http/s)
> available?
> > i tried to change proxy settings in apt, environment variables and in
> > «config.yaml» on a controller but it did not helped.
> >
> > Thanks,
> > Vladimir
> >
> >
> > --
> > Juju mailing list
> > Juju@lists.ubuntu.com
> > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/juju
> >
> >
> >
> > --
> > Juju mailing list
> > Juju@lists.ubuntu.com
> > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/juju
> >
>
>
>
> --
> Reed O'Brien
> ✉ reed.obr...@canonical.com
> ✆ 415-562-6797
> 💻 redir
>
> --
> Juju mailing list
> Juju@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/
> mailman/listinfo/juju
>
-- 
Juju mailing list
Juju@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/juju

Re: Juju2 behind proxy

2017-02-08 Thread Reed O'Brien 
On Wed, Feb 8, 2017 at 8:31 AM, John Meinel  wrote:
> There is model configuration that you can set to tell juju what the proxies
> are. Normally you set them at bootstrap time with:
>   juju bootstrap --model-default http-proxy=http://... --model-default
> https-proxy... --model-default no-proxy=
>
> You can also put these settings into ~/.local/share/clouds.yaml if you know
> that you always want them set for a given cloud.

You can also set it on an existing model:

$ juju model-config http-proxy=http://example.com/foo

Cheers,
Reed

> John
> =:->
>
> On Feb 8, 2017 8:09 PM, "Vladimir Burlakov"  wrote:
>
> Hi Team!
> sorry for newbie question, but can you tell, is it possible to use juju2
> (2.0.2-xenial-amd64) behind the firewall with only proxy (http/s) available?
> i tried to change proxy settings in apt, environment variables and in
> «config.yaml» on a controller but it did not helped.
>
> Thanks,
> Vladimir
>
>
> --
> Juju mailing list
> Juju@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/juju
>
>
>
> --
> Juju mailing list
> Juju@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/juju
>



-- 
Reed O'Brien
✉ reed.obr...@canonical.com
✆ 415-562-6797
💻 redir

-- 
Juju mailing list
Juju@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/juju

Re: Juju2 behind proxy

2017-02-08 Thread John Meinel 
There is model configuration that you can set to tell juju what the proxies
are. Normally you set them at bootstrap time with:
  juju bootstrap --model-default http-proxy=http://... --model-default
https-proxy... --model-default no-proxy=

You can also put these settings into ~/.local/share/clouds.yaml if you know
that you always want them set for a given cloud.

John
=:->

On Feb 8, 2017 8:09 PM, "Vladimir Burlakov"  wrote:

Hi Team!
sorry for newbie question, but can you tell, is it possible to use juju2
(2.0.2-xenial-amd64) behind the firewall with only proxy (http/s) available?
i tried to change proxy settings in apt, environment variables and in
«config.yaml» on a controller but it did not helped.

Thanks,
Vladimir


--
Juju mailing list
Juju@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/
mailman/listinfo/juju
-- 
Juju mailing list
Juju@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/juju

Juju2 behind proxy

2017-02-08 Thread Vladimir Burlakov 
Hi Team!
sorry for newbie question, but can you tell, is it possible to use juju2 
(2.0.2-xenial-amd64) behind the firewall with only proxy (http/s) available? 
i tried to change proxy settings in apt, environment variables and in 
«config.yaml» on a controller but it did not helped.

Thanks, 
Vladimir 


-- 
Juju mailing list
Juju@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/juju