Skip to content
This repository has been archived by the owner. It is now read-only.

toolbox stopped working after update due to rkt not using proxy #1869

Closed
mscribe opened this issue Mar 16, 2017 · 6 comments
Closed

toolbox stopped working after update due to rkt not using proxy #1869

mscribe opened this issue Mar 16, 2017 · 6 comments
Assignees

Comments

@mscribe
Copy link

@mscribe mscribe commented Mar 16, 2017

Issue Report

Bug

Container Linux Version

stable (1298.5.0)

Environment

desktop computer

Expected Behavior

Contents of ~/.toolboxrc:

TOOLBOX_DOCKER_IMAGE=centos

Run toolbox:

/usr/bin/toolbox

Then, centos should be fetched and used.

Actual Behavior

Everything used to work as expected behind a proxy. However, after the update, this error started showing after running toolbox:

fetch: Get https://registry-1.docker.io/v2/: dial tcp: lookup registry-1.docker.io: no such host

Running this works:

docker pull centos

Running this also works:

curl https://www.google.com

I peaked inside of /usr/bin/toolbox and tried running this, which does NOT work:

sudo rkt --insecure-options=image fetch "docker://centos:latest"

It throws that fetch error mentioned above.

Reproduction Steps

  1. Configure coreos to run behind a proxy server.
  2. Run toolbox.
@lucab
Copy link
Member

@lucab lucab commented Mar 16, 2017

rkt does honor the http_proxy= env flag, so I think it is either not set in your calling environment or not passed through sudo. Can you please double check manually directly in a root shell if the variable is set and how rkt reacts to it? Also, this strangely looks more similar to a DNS issue than an HTTP proxy one.

@mscribe
Copy link
Author

@mscribe mscribe commented Mar 16, 2017

Thanks for the quick response!

The proxy environment variable wasn't available with sudo; I confirmed that with:

sudo -s
echo $http_proxy

This worked:

sudo -s
export http_proxy=http://proxy...com:80
rkt --insecure-options=image fetch "docker://centos:latest"

In the past, things were working when all I had was an /etc/profile.d/proxy.sh file with my proxy details. I also tried putting the proxy info in /etc/profile.env to debug this problem, which didn't help. Since environment variables in those files aren't available with sudo rkt, what is the proper way in coreos to make the toolbox command work as expected behind a proxy?

@lucab
Copy link
Member

@lucab lucab commented Mar 16, 2017

what is the proper way in coreos to make the toolbox command work as expected behind a proxy?

Non-authoritative answer: I'd probably go with a keep_env entry in the sudoers file.

Not sure if the toolbox wrapper should be adjusted in any way.

/cc @dm0-

@mscribe
Copy link
Author

@mscribe mscribe commented Mar 16, 2017

I created a file /etc/sudoers.d/bill that contains:

Defaults env_keep += "http_proxy"

Now, when I run toolbox, it says:

fetch: attempted fallback to API v1 but not supported
@dm0-
Copy link

@dm0- dm0- commented Mar 16, 2017

Can you try copying /usr/bin/toolbox to some writeable location and replacing sudo rkt with sudo -E rkt? You shouldn't need to make any sudoers customizations with that. I submitted a pull request with that change, which should restore the behavior you had before.

@mscribe
Copy link
Author

@mscribe mscribe commented Mar 16, 2017

I copied /usr/bin/toolbox, added -E and got the same error after removing /etc/sudoers.d/bill. That confirmed that the fix you did is good, and will stop me from having to add a file in /etc/sudoers.d/. I realized that since my .toolboxrc file was missing TOOLBOX_DOCKER_TAG, it used the one for Fedora (24) that was hard coded in /usr/bin/toolbox. When I added TOOLBOX_DOCKER_TAG=latest, it worked. It might make sense to not use 24 as the default tag for all images, but my problems are over after your commit gets pushed in an update to my desktop. Thanks for your help!

This ticket can be closed.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

3 participants
You can’t perform that action at this time.