Offline-mode documentation

[niedbalski]

Hello,

The only publicly available reference I can locate for doing off-line Juju deployments is https://juju.ubuntu.com/docs/howto-offline-charms.html.

However, there are a few other things we also should be covering on this document:

1. How to synchronize the juju tools locally.
2. Setting up a package mirroring using apt-proxy for packages update/install
3. Configure squid or http/https proxy
4. How to deal with charms that requires internet access for fetching arbitrary resources.
5. Step by step example of an off-line deployment.

[mbruzek]

Thanks for the ideas. I agree with this issue. I have been using http_proxy and https_proxy settings in a restrictive environments.

I also wanted to add some documenation about no_proxy key that Juju accepts. You would noproxy stuff like localhost, 10.0.3.1, and the state servers own ip address, but proxy the rest of the traffic.

The GNU documentation for the proxy values can be found here:
http://www.gnu.org/software/wget/manual/html_node/Proxies.html

Thank you for the issue!

[anastasiamac]

I was under the impression that no-proxy should not have IPs, only domains.... As in 'a list of domains that proxy should not be used for' from http://www.gnu.org/software/wget/manual/html_node/Proxies.html
no_proxy' This variable should contain a comma-separated list of domain extensions proxy should _not_ be used for. For instance, if the value ofno_proxy' is `.mit.edu', proxy will not be used to retrieve documents from MIT.

[kwmonroe]

This issue is super old, but still relevant. In fact, we've seen lots more people in #juju asking about proxy settings for juju since 2.0 was released (eg, #1676). I'd like to propose something like the following for an offline/restrictive juju environment doc:

---

Juju works in restricted network environments and honors various proxy settings (see *-proxy options here. There are 2 places to configure proxies when bootstrapping juju:

• The bootstrap unit itself may need proxy information to retrieve various packages. This is configured with --config options during bootstrap.

• Models may also need this proxy information if charms deployed in those models require external network access (for example, access to pypi to install requisite pip packages). This is configured with --model-default options during bootstrap.

As an example, consider an environment where all network traffic must go through an http://squid.internal:3128 proxy. We plan to deploy charms locally with lxd, so we need to ensure all inter-container traffic is not proxied. This can be achieved as follows:

## no proxy for localhost, our eth0 ip address, and our lxd subnet
$ export no_proxy=`echo localhost 10.245.67.130 10.44.139.{1..255} | sed 's/ /,/g'`
$ export http_proxy=http://squid.internal:3128
$ export https_proxy=http://squid.internal:3128

And now, bootstrap juju with appropriate proxy configuration:

$ juju bootstrap \
--config http-proxy=$http_proxy \
--config https-proxy=$https_proxy \
--config no-proxy=$no_proxy \
--model-default http-proxy=$http_proxy \
--model-default https-proxy=$https_proxy \
--model-default no-proxy=$no_proxy \
localhost

---

I would make a formal PR for the above, but I'm not sure where it would fit best. Perhaps as a section in the models-config page? Maybe on its own page? Wadda you think @mbruzek @evilnick @niedbalski?

[evilnick]

I think we need a new page that deals specifically with the issues arising from operating in a constrained environment, and then link to it from other relevant sections of the documentation (e.g. the charm deploying page, controllers page etc).

Thanks @kwmonroe for this work. I will add a work item for us to add such a page and update this issue when we have done so.