Does anyone tried to setup OOM behind proxy?In the latest code of OOM, as we are using helm, there has been some changes in folder structure and files too. I couldn't get how and where to add the proxy details. For example for appc-dgbuilder or sdnc-dgbuilder I need to add proxy. I added the proxy details as part of env variables at https://github.com/onap/oom/blob/master/kubernetes/common/dgbuilder/templates/deployment.yaml#L47. But seems like it is not working. Can anyone help me solve this issue?
Do you intend to operate ONAP such that the proxy will prove internet access or are you trying to operate ONAP with local repositories such that no external internet access is required? It is a goal of the OOM team to provide the latter through overrides on environment variables but this capability isn't complete yet (a candidate feature for Casablanca). If you're just trying to setup proxies this should be possible but probably requires quite a bit of work. Sorry I don't have an easy answer.
By changing this repository parameter one can redirect the docker downloads from the standard ONAP Nexus to a private instance. Unfortunately, some of the components reach out directly from their docker containers to the internet to download other artifacts so we'll need to track down all of these occurrences and fix them one by one. If you were able to make a list of these internet accesses that would be very helpful.
Thanks, Roger
P.S. Verification of this existing functionality would be very helpful as well!
I am also trying to setup OOM behind a corporate proxy. In this case, I can setup Docker and Kubernetes along with Rancher
In this case, I added these following lines to configure proxy within `OOM` script before `docker run` command in onap_install() function
onap_install()
if [ -n "$PROXY_URL" ]
then
echo "export http_proxy=\"$PROXY_URL\"" | sudo tee -a /etc/default/docker
echo "export https_proxy=\"$PROXY_URL\"" | sudo tee -a /etc/default/docker
echo "export HTTP_PROXY=\"$PROXY_URL\"" | sudo tee -a /etc/default/docker
echo "export HTTPS_PROXY=\"$PROXY_URL\"" | sudo tee -a /etc/default/docker
SERVICE_DIR=/etc/systemd/system/docker.service.d
if [ ! -e $SERVICE_DIR ]; then
sudo mkdir -p $SERVICE_DIR
echo "Environment=\"http_proxy=$PROXY_URL\" \"https_proxy=$PROXY_URL\"
\"HTTP_PROXY=$PROXY_URL\" \"HTTPS_PROXY=$PROXY_URL\"" | sudo tee -a
$SERVICE_DIR/http-proxy.conf
echo "[Service]" | sudo tee -a $SERVICE_DIR/http-proxy.conf
sudo systemctl daemon-reload
sudo systemctl restart docker
fi
fi
PROXY_URL ="http://username:password@url:port"
However it turns out that some docker containers are still not working properly. For example `sdnc-ansible-server` container, that seems has errors which are related with proxy configuration.
Logs from `sdnc-ansible-server`
7/4/2018 2:52:57 PME: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/p/pycurl/python3-pycurl_7.43.0-1ubuntu1_amd64.deb Temporary failure resolving 'archive.ubuntu.com'
7/4/2018 2:52:57 PM
7/4/2018 2:52:57 PME: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/s/software-properties/python3-software-properties_0.96.20.7_all.deb Temporary failure resolving 'archive.ubuntu.com'
7/4/2018 2:52:57 PM
7/4/2018 2:52:57 PME: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/s/software-properties/software-properties-common_0.96.20.7_all.deb Temporary failure resolving 'archive.ubuntu.com'
7/4/2018 2:52:57 PM
7/4/2018 2:52:57 PME: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/u/unattended-upgrades/unattended-upgrades_0.90ubuntu0.9_all.deb Temporary failure resolving 'archive.ubuntu.com'
7/4/2018 2:52:57 PM
7/4/2018 2:52:57 PME: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
7/4/2018 2:52:57 PM./startAnsibleServer.sh: line 11: apt-add-repository: command not found
Do you think this kind of error is also related with proxy?
find the docker diff file and open in vim and add the proxy values to the script
or you can modify helm templates to pass the proxy values as an environment variables to containers. However you must have to make sure no_proxy set with all relevant values in most cases and each case would be different. I will soon post a document which describes all the details for each component in Wiki.
I am making significant progress behind proxy. Able to instantiate DCAE and policy. However I am seeing issues with AAF and CLAMP. I don't think problems are because of proxy but somehow I see pods are being restart without any errors in logs.
kranthi guttikonda, sure that would be more helpful. I fixed some of the component issues like DMaaP, SDNC etc., But I am facing major issues in policy, DCAE and SO(partially). Your document will help me here to solve these issues.
Regarding Clamp, is it holding at spring application context. If it is, then I commented the liveness probe of clamp container in deployment.yaml and then it worked fine.
Bharath Thiruveedula Yes, I have made that trick already and it worked fine and for aaf added the proxy in helm template scripts for aaf-cm, now everything seems fine. You shouldn't edit the deployment.yaml instead disable liveness probe: enabled=false in values.yaml or increase the delaystart value for liveness probe
Does anyone tried to setup OOM behind proxy?In the latest code of OOM, as we are using helm, there has been some changes in folder structure and files too. I couldn't get how and where to add the proxy details. For example for appc-dgbuilder or sdnc-dgbuilder I need to add proxy. I added the proxy details as part of env variables at https://github.com/onap/oom/blob/master/kubernetes/common/dgbuilder/templates/deployment.yaml#L47. But seems like it is not working. Can anyone help me solve this issue?
kranthi guttikonda any help here?
Hi Bharath,
Do you intend to operate ONAP such that the proxy will prove internet access or are you trying to operate ONAP with local repositories such that no external internet access is required? It is a goal of the OOM team to provide the latter through overrides on environment variables but this capability isn't complete yet (a candidate feature for Casablanca). If you're just trying to setup proxies this should be possible but probably requires quite a bit of work. Sorry I don't have an easy answer.
Cheers, Roger
Hi Roger Maitland. I was referring to former case.
But I was not aware of latter case, can you point me to JIRA topic so that I can track on it?
Part of the functionality is already there. If you look at the OOM User Guide Configuration section you'll see:
By changing this repository parameter one can redirect the docker downloads from the standard ONAP Nexus to a private instance. Unfortunately, some of the components reach out directly from their docker containers to the internet to download other artifacts so we'll need to track down all of these occurrences and fix them one by one. If you were able to make a list of these internet accesses that would be very helpful.
Thanks, Roger
P.S. Verification of this existing functionality would be very helpful as well!
Dear All
I am also trying to setup OOM behind a corporate proxy. In this case, I can setup Docker and Kubernetes along with Rancher
In this case, I added these following lines to configure proxy within `OOM` script before `docker run` command in onap_install() function
onap_install() if [ -n "$PROXY_URL" ] then echo "export http_proxy=\"$PROXY_URL\"" | sudo tee -a /etc/default/docker echo "export https_proxy=\"$PROXY_URL\"" | sudo tee -a /etc/default/docker echo "export HTTP_PROXY=\"$PROXY_URL\"" | sudo tee -a /etc/default/docker echo "export HTTPS_PROXY=\"$PROXY_URL\"" | sudo tee -a /etc/default/docker SERVICE_DIR=/etc/systemd/system/docker.service.d if [ ! -e $SERVICE_DIR ]; then sudo mkdir -p $SERVICE_DIR echo "Environment=\"http_proxy=$PROXY_URL\" \"https_proxy=$PROXY_URL\" \"HTTP_PROXY=$PROXY_URL\" \"HTTPS_PROXY=$PROXY_URL\"" | sudo tee -a $SERVICE_DIR/http-proxy.conf echo "[Service]" | sudo tee -a $SERVICE_DIR/http-proxy.conf sudo systemctl daemon-reload sudo systemctl restart docker fi fi PROXY_URL ="http://username:password@url:port"However it turns out that some docker containers are still not working properly.
For example `sdnc-ansible-server` container, that seems has errors which are related with proxy configuration.
Logs from `sdnc-ansible-server`
Do you think this kind of error is also related with proxy?
Regards
Ade
Rahmad Ade Putra
updatedb
locate startAnsibleServer.sh
find the docker diff file and open in vim and add the proxy values to the script
or you can modify helm templates to pass the proxy values as an environment variables to containers. However you must have to make sure no_proxy set with all relevant values in most cases and each case would be different. I will soon post a document which describes all the details for each component in Wiki.
Bharath Thiruveedula
I am making significant progress behind proxy. Able to instantiate DCAE and policy. However I am seeing issues with AAF and CLAMP. I don't think problems are because of proxy but somehow I see pods are being restart without any errors in logs.
kranthi guttikonda, sure that would be more helpful. I fixed some of the component issues like DMaaP, SDNC etc., But I am facing major issues in policy, DCAE and SO(partially). Your document will help me here to solve these issues.
Regarding Clamp, is it holding at spring application context. If it is, then I commented the liveness probe of clamp container in deployment.yaml and then it worked fine.
Bharath Thiruveedula Yes, I have made that trick already and it worked fine and for aaf added the proxy in helm template scripts for aaf-cm, now everything seems fine. You shouldn't edit the deployment.yaml instead disable liveness probe: enabled=false in values.yaml or increase the delaystart value for liveness probe