Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question: Working with proxies #103

Closed
peterabbott opened this issue Dec 14, 2015 · 3 comments
Closed

Question: Working with proxies #103

peterabbott opened this issue Dec 14, 2015 · 3 comments

Comments

@peterabbott
Copy link
Contributor

Sorry to keep asking questions.

I have been battling to get test-kitchen + kitchen-puppet + kitchen-docker working behind a proxy. I have hit this issue that was on the ansible forum that @neillturner commented on (neillturner/kitchen-ansible#7).

To get kitchen-docker working I need to add http_proxy to the driver_config. This allows me to create a container, but installing puppet on the container fails. If I remove http_proxy after create but before converge I get passed the initial puppet install but fails on installing Chef (to run the tests). It appears that the do_download task from test-kitchen is not honouring proxy settings defined in the config -https://github.com/neillturner/kitchen-puppet/blob/master/lib/kitchen/provisioner/puppet_apply.rb#L326 and https://github.com/test-kitchen/test-kitchen/blob/master/support/download_helpers.sh

Is this something anybody might have seen before?

My current thought is to disable the chef installer and have docker update ruby version from 1.8 during the provision phase. Having written my thoughts out, I think that might actually be the nicest solution, just curious if anybody else has seen this kind of thing.

Happy to close this if you don't have any thoughts/comments on the question.
@neillturner
Copy link
Owner

in the logs you should see the puppet command that is being run
Going to invoke puppet apply with: xxxxxxxxxxxxxxxxxxxxxx
also try running with debug.
kitchen converge myserver-platform -l debug
you could try with a different driver ie kitchen-ec2 or vagrant and see if the hhps-proxy works then it might be something with docker (not saying the bug is in docker but maybe proxies don't work in the same way as you have a extra server layer).

@peterabbott
Copy link
Contributor Author

Tried Vagrant. Not so much an issue with EC2 as that runs outside our proxy. Get the same issue with Vagrant.

I have some changes that helps run the provision phase, at least for me, but I am not sure if it is something we should really need in general: https://github.com/peterabbott/kitchen-puppet/tree/feature/http_proxy_changes

The issue I now see is trying to get past the firewall to install Chef. The method #{sudo('sh')} /tmp/install.sh fails because the script does not know how to get the proxy.

With the changes above the only way I can get a successful run is with require_chef_for_busser: false and setting the verifier to name: dummy. Still need to workout solution for the verify stage.

At home all this works fine, it is just our "wonderful" corporate proxy that is not only inflexible but also decides to rewrite ssl certs :(

@peterabbott
Copy link
Contributor Author

A different solution that allows me to install chef is to add this to the platform (in this case kitchen-docker) provision phase:

  provision_command:
        - echo "export httpx_proxy=<%= ENV['http_proxy'] %>" | tee -a /etc/profile.d/proxy.sh
        - echo "export https_proxy=<%= ENV['http_proxy'] %>" | tee -a /etc/profile.d/proxy.sh

that gets me Chef but it fails on the install of busser and the plugins because of the SSL cert verification.

Again that is my environment issue so I'll close this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@neillturner @peterabbott