Re: Juju2 behind proxy
On Wed, Feb 8, 2017 at 8:31 AM, John Meinel wrote: > There is model configuration that you can set to tell juju what the proxies > are. Normally you set them at bootstrap time with: > juju bootstrap --model-default http-proxy=http://... --model-default > https-proxy... --model-default no-proxy= > > You can also put these settings into ~/.local/share/clouds.yaml if you know > that you always want them set for a given cloud. You can also set it on an existing model: $ juju model-config http-proxy=http://example.com/foo Cheers, Reed > John > =:-> > > On Feb 8, 2017 8:09 PM, "Vladimir Burlakov" wrote: > > Hi Team! > sorry for newbie question, but can you tell, is it possible to use juju2 > (2.0.2-xenial-amd64) behind the firewall with only proxy (http/s) available? > i tried to change proxy settings in apt, environment variables and in > «config.yaml» on a controller but it did not helped. > > Thanks, > Vladimir > > > -- > Juju mailing list > Juju@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/juju > > > > -- > Juju mailing list > Juju@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/juju > -- Reed O'Brien ✉ reed.obr...@canonical.com ✆ 415-562-6797 💻 redir -- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
Re: Faster LXD bootstraps and provisioning
On Mon, Aug 15, 2016 at 10:30 PM John Meinel wrote: > ... >> > > >> +### tuple ### allow any 8000 0.0.0.0/0 any 0.0.0.0/0 in >> +-A ufw-user-input -p tcp --dport 8000 -j ACCEPT >> +-A ufw-user-input -p udp --dport 8000 -j ACCEPT >> + >> >> > If I'm reading this one correctly, it also means that anyone from *any* IP > address (not restricted to your local network). So anyone that can get to > port 8000 on your machine can proxy to any other public website. Now, I'd > guess that you also run a NAT router so this may not actually be opening up > an open proxy for the world to access, but it seems a little bit iffy to > put into a general guide. > Good eyes! I am behind a NAT, so it doesn't matter too much. My network is IPv6 internally (and externally) and I am not 100% on ipv6 local vs global links and avahi. So I just made a rule to allow the port from anywhere. I hope to make it more robust and update the wiki RSN™. -- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
Re: Faster LXD bootstraps and provisioning
Yes thanks for doing the work to share this menn0. It is much appreciated. I also needed to change the following in squid-deb-proxy (even though I added a bunch of domains to /etc/squid-deb-proxy/mirror-dstdomain.acl.d/10-default): --- a/squid-deb-proxy/squid-deb-proxy.conf +++ b/squid-deb-proxy/squid-deb-proxy.conf @@ -80,12 +80,12 @@ http_access deny blockedpkgs # allow access only to official archive mirrors # uncomment the third and fouth line to permit any unlisted domain #http_access deny !to_archive_mirrors -http_access allow !to_archive_mirrors +http_access allow all #!to_archive_mirrors # don't cache domains not listed in the mirrors file # uncomment the third and fourth line to cache any unlisted domains #cache deny !to_archive_mirrors -cache allow !to_archive_mirrors +cache allow all # allow access from our network and localhost http_access allow allowed_networks And update some firewall rules aside from the ones shipped with squid (tcp only is prolly fine here): diff --git a/ufw/user.rules b/ufw/user.rules index 121b5b5..4cca3b0 100644 --- a/ufw/user.rules +++ b/ufw/user.rules @@ -47,6 +47,10 @@ ### tuple ### allow tcp 2048,3128,3130,3401,4827 0.0.0.0/0 any 0.0.0.0/0 Squid - in -A ufw-user-input -p tcp -m multiport --dports 2048,3128,3130,3401,4827 -j ACCEPT -m comment --comment 'dapp_Squid' +### tuple ### allow any 8000 0.0.0.0/0 any 0.0.0.0/0 in +-A ufw-user-input -p tcp --dport 8000 -j ACCEPT +-A ufw-user-input -p udp --dport 8000 -j ACCEPT + ### END RULES ### ### LOGGING ### diff --git a/ufw/user6.rules b/ufw/user6.rules index 2c1aac4..d48de60 100644 --- a/ufw/user6.rules +++ b/ufw/user6.rules @@ -47,6 +47,10 @@ ### tuple ### allow tcp 2048,3128,3130,3401,4827 ::/0 any ::/0 Squid - in -A ufw6-user-input -p tcp -m multiport --dports 2048,3128,3130,3401,4827 -j ACCEPT -m comment --comment 'dapp_Squid' +### tuple ### allow any 8000 ::/0 any ::/0 in +-A ufw6-user-input -p tcp --dport 8000 -j ACCEPT +-A ufw6-user-input -p udp --dport 8000 -j ACCEPT I've also added the config items to clouds.yaml and they work there. I'll update the wiki later this or next week. On Mon, Aug 15, 2016 at 2:27 PM Casey Marshall wrote: > Menno, > This is great and thanks for sharing! > > In case anyone else runs into this.. charms that install from PPAs will > fail with this squid-deb-proxy setup. You'll need to allow archive mirrors > for this to work. See > https://1337.tips/ubuntu-cache-packages-using-squid-deb-proxy/ for an > example. > > On Mon, Aug 15, 2016 at 9:31 AM, Rafael Gonzalez < > rafael.gonza...@canonical.com> wrote: > >> Hi Menno, >> >> Thanks for putting this together, great tips. I recently ran into an >> issue which others could see as well. >> >> One may need to adjust the following for large bundle deployments on >> LXD. A bundle deployment fails with errors about "Too many files open." >> This will increase number of max open files: >> >> echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf && >> sudo sysctl -p >> >> >> Regards, >> >> Rafael O. Gonzalez >> Canonical, Solutions Architect >> rgo...@canonical.com >> 1-646-481-7232 >> >> >> >> On Sun, Aug 14, 2016 at 8:07 PM, Menno Smits >> wrote: >> >>> I've put together a few tips on the wiki for speeding up bootstrap and >>> provisioning times when using the Juju lxd provider. I find these >>> techniques helpful when checking my work or investigating bugs - situations >>> where you end up bootstrapping and deploying many times. >>> >>> https://github.com/juju/juju/wiki/Faster-LXD >>> >>> If you have your own techniques, or improvements to what I'm doing, >>> please update the article. >>> >>> - Menno >>> >>> >>> >>> >>> >>> >>> >>> -- >>> Juju-dev mailing list >>> juju-...@lists.ubuntu.com >>> Modify settings or unsubscribe at: >>> https://lists.ubuntu.com/mailman/listinfo/juju-dev >>> >>> >> >> -- >> Juju-dev mailing list >> juju-...@lists.ubuntu.com >> Modify settings or unsubscribe at: >> https://lists.ubuntu.com/mailman/listinfo/juju-dev >> >> > -- > Juju-dev mailing list > juju-...@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/juju-dev > -- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
Re: LXD v2.0.0-rc8 does not work with Juju v2.0-beta3
np On Thu, Apr 7, 2016 at 10:31 AM, roger peppe wrote: > On 7 April 2016 at 17:34, Reed O'Brien wrote: > >> Do you want to NAT the IPv4 traffic? n > > > > You do want to NAT the traffic, unless you have routing explicitly setup. > > Ah, thanks. I knew it must be something stupid like that. > It now bootstraps and works OK, yay! Thanks Reed. > -- Reed O'Brien ✉ reed.obr...@canonical.com ✆ 415-562-6797 -- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
Re: LXD v2.0.0-rc8 does not work with Juju v2.0-beta3
> Do you want to NAT the IPv4 traffic? n You do want to NAT the traffic, unless you have routing explicitly setup. On Thu, Apr 7, 2016 at 9:17 AM, roger peppe wrote: > OK, thanks, that gets me further. I'd used the netmask from the > example value in the default /etc/default/lxd-bridge - I assumed they were > the same format, as the values were. > > ## IPv4 netmask (e.g. 255.255.255.0) > > Now my bootstrap is stuck further on while installing cpu-checker: > > http://paste.ubuntu.com/15673131/ > > It's been like that for about an hour now. I should probably have > bootstrapped > with debug enabled, I guess. It may be a related issue if I mucked > up the lxd bridge configuration somehow again. > > > On 7 April 2016 at 16:25, Reed O'Brien wrote: > > I think you need to enter the CIDR netmask as a bit len, e.g. 24 rather > than > > as 255.255.255.0. > > > > See > > > https://github.com/reedobrien/juju-notes/blob/master/writing-a-ci-test.md > > and the section on LXD for my personal notes about a working config. > > > > HTH, > > Reed > > > > On Thu, Apr 7, 2016 at 8:14 AM, roger peppe > > wrote: > >> > >> I tried it. I get this error after typing in lots of ipv4 details: > >> > >> /var/lib/dpkg/info/lxd.postinst: 8: /var/lib/dpkg/info/lxd.postinst: > >> arithmetic expression: expecting ')': " 5 - (255.255.255.0 / 8) " > >> > >> My full interaction was as follows: http://paste.ubuntu.com/15671384/ > >> > >> > >> On 7 April 2016 at 15:57, John Meinel wrote: > >> > Did you run dpkg-reconfigure lxd ? That's what I ran once I installed > >> > the > >> > new lxd package and it seemed to get things working. Tycho added some > >> > helpful prompts as part of "juju bootstrap" to point users in the > right > >> > direction if LXD looks to be improperly configured. > >> > > >> > https://github.com/juju/juju/pull/4984 > >> > > >> > > >> > I'm trying to land that now. > >> > > >> > John > >> > =:-> > >> > > >> > On Apr 7, 2016 6:19 PM, "roger peppe" > wrote: > >> > > >> > To add to this conversation, I have encountered this issue today > >> > and have been unable to resolve it so far in the limited time > >> > I've been able to spend on it. > >> > > >> > I'm running on Trusty; I have the new version of lxd and the > >> > latest version of Juju tip. > >> > > >> > In my case, the issue seems to be that my lcdbr0 interface > >> > has no IPv4 addresses (I've tried fiddling with > /etc/default/lxd-bridge > >> > and restarting various things to avail) and that the > >> > utils.GetAddressForInterface > >> > function excludes all IPv4 addresses. I'm thinking that it shouldn't > do > >> > that, > >> > but that might not be the only thing that's wrong. > >> > > >> > > >> > > >> > On 7 April 2016 at 05:10, Pete Vander Giessen > wrote: > >> >> Hi All, > >> >> > >> >> Thank you very much for posting this thread. I've been following the > >> >> "getting started" developer's guide at > >> >> https://jujucharms.com/docs/devel/getting-started, and this info > got me > >> >> unstuck. > >> >> > >> >> I figured that I'd mention that, when I ran dpkg-reconfigure, I had > to > >> >> create an ipv4 subnet, rather than letting lxd use a proxy, as it > does > >> >> by > >> >> default on a fresh install of Xenial. I'm not sure if it's > necessarily > >> >> related to the bridge issue, but I figured I'd be chatty about it in > >> >> this > >> >> thread, just in case it helps someone else get themselves unblocked, > >> >> too > >> >> (relevant debug logs posted below my sig). > >> >> > >> >> Thanks again, > >> >> > >> >> ~ PeteVG > >> >> > >> >> Logs from my install, before explicitly setting up the subnet: > >> >> > >> >> ~$ juju bootstrap --config default-series=xenial lxd-test lxd --debug > >> >> 2016-04-07 03:51:01 INFO juju.cmd supercommand.go:60 running juju > >> >> [2.0
Re: LXD v2.0.0-rc8 does not work with Juju v2.0-beta3
I think you need to enter the CIDR netmask as a bit len, e.g. 24 rather than as 255.255.255.0. See https://github.com/reedobrien/juju-notes/blob/master/writing-a-ci-test.md and the section on LXD for my personal notes about a working config. HTH, Reed On Thu, Apr 7, 2016 at 8:14 AM, roger peppe wrote: > I tried it. I get this error after typing in lots of ipv4 details: > > /var/lib/dpkg/info/lxd.postinst: 8: /var/lib/dpkg/info/lxd.postinst: > arithmetic expression: expecting ')': " 5 - (255.255.255.0 / 8) " > > My full interaction was as follows: http://paste.ubuntu.com/15671384/ > > > On 7 April 2016 at 15:57, John Meinel wrote: > > Did you run dpkg-reconfigure lxd ? That's what I ran once I installed the > > new lxd package and it seemed to get things working. Tycho added some > > helpful prompts as part of "juju bootstrap" to point users in the right > > direction if LXD looks to be improperly configured. > > > > https://github.com/juju/juju/pull/4984 > > > > > > I'm trying to land that now. > > > > John > > =:-> > > > > On Apr 7, 2016 6:19 PM, "roger peppe" wrote: > > > > To add to this conversation, I have encountered this issue today > > and have been unable to resolve it so far in the limited time > > I've been able to spend on it. > > > > I'm running on Trusty; I have the new version of lxd and the > > latest version of Juju tip. > > > > In my case, the issue seems to be that my lcdbr0 interface > > has no IPv4 addresses (I've tried fiddling with /etc/default/lxd-bridge > > and restarting various things to avail) and that the > > utils.GetAddressForInterface > > function excludes all IPv4 addresses. I'm thinking that it shouldn't do > > that, > > but that might not be the only thing that's wrong. > > > > > > > > On 7 April 2016 at 05:10, Pete Vander Giessen wrote: > >> Hi All, > >> > >> Thank you very much for posting this thread. I've been following the > >> "getting started" developer's guide at > >> https://jujucharms.com/docs/devel/getting-started, and this info got me > >> unstuck. > >> > >> I figured that I'd mention that, when I ran dpkg-reconfigure, I had to > >> create an ipv4 subnet, rather than letting lxd use a proxy, as it does > by > >> default on a fresh install of Xenial. I'm not sure if it's necessarily > >> related to the bridge issue, but I figured I'd be chatty about it in > this > >> thread, just in case it helps someone else get themselves unblocked, too > >> (relevant debug logs posted below my sig). > >> > >> Thanks again, > >> > >> ~ PeteVG > >> > >> Logs from my install, before explicitly setting up the subnet: > >> > >> ~$ juju bootstrap --config default-series=xenial lxd-test lxd --debug > >> 2016-04-07 03:51:01 INFO juju.cmd supercommand.go:60 running juju > >> [2.0-beta3 > >> gc go1.6] > >> 2016-04-07 03:51:01 INFO cmd cmd.go:141 cloud "lxd" not found, trying > as a > >> provider name > >> 2016-04-07 03:51:01 INFO cmd cmd.go:141 no credentials found, checking > >> environment > >> 2016-04-07 03:51:01 DEBUG juju.cmd.juju.commands bootstrap.go:363 > >> preparing > >> controller with config: map[default-series:xenial type:lxd name:admin > >> uuid:9925cf81-618b-4d50-8f77-b16447c921d8 > >> controller-uuid:9925cf81-618b-4d50-8f77-b16447c921d8] > >> 2016-04-07 03:51:01 ERROR cmd supercommand.go:448 invalid config: no > >> addresses match > >> > >> > >> On Wed, Apr 6, 2016 at 5:30 PM Reed O'Brien > >> wrote: > >>> > >>> The rename works if you haven't removed `lxc1` which removes the > original > >>> `lxcbr0`. If you have you will need to correctly configure another > bridge > >>> as > >>> the new `lxcbr0` that is created has the same configuration as `lxdbr0` > >>> if > >>> you configured an `lxdbr0`... For me this led to two bridges with the > >>> same > >>> address info, which didn't work out so slick. > >>> > >>> Also, you need to `systemctl stop lxd-bridge.service && systemctl > restart > >>> lxd.service` in the correct order. > >>> > >>> On Wed, Apr 6, 2016 at 2:22 PM, Andrew McDermott > >>> wrote: > >>>> > >>>
Re: LXD v2.0.0-rc8 does not work with Juju v2.0-beta3
The rename works if you haven't removed `lxc1` which removes the original `lxcbr0`. If you have you will need to correctly configure another bridge as the new `lxcbr0` that is created has the same configuration as `lxdbr0` if you configured an `lxdbr0`... For me this led to two bridges with the same address info, which didn't work out so slick. Also, you need to `systemctl stop lxd-bridge.service && systemctl restart lxd.service` in the correct order. On Wed, Apr 6, 2016 at 2:22 PM, Andrew McDermott < andrew.mcderm...@canonical.com> wrote: > I think you'll need to `service lxd-bridge restart' in either case. > > On 6 April 2016 at 22:18, Horacio Duran > wrote: > >> yes, that workaround works, also you can change /etc/default/lxd-bridge >> and restart the lxd-bridge service. >> >> On Wed, Apr 6, 2016 at 6:12 PM, Casey Marshall < >> casey.marsh...@canonical.com> wrote: >> >>> On Wed, Apr 6, 2016 at 2:51 PM, Alexis Bruemmer < >>> alexis.bruem...@canonical.com> wrote: >>> >>>> >>>> Hi All, >>>> >>>> As recently highlighted in bug https://bugs.launchpad.net/bugs/1566589 the >>>> latest LXD will not work with Juju 2.0-beta3. This is a result of LXD >>>> moving to use a default bridge of lxdbr0 and Juju expecting lxcbr0. Thanks >>>> to the heads up and help from the LXD team there is a fix for this in Juju >>>> master that will be available in the release next week. However, until >>>> then Juju 2.0-beta3 will not work with the latest LXD (v2.0.0-rc8). >>>> >>> >>> If you `dpkg-reconfigure lxd` and name the bridge "lxcbr0", does this >>> work for beta3? I've been able to bootstrap with latest LXD and current >>> Juju master (beta4) by configuring LXD this way. >>> >>> >>>> >>>> Alexis >>>> >>>> -- >>>> Alexis Bruemmer >>>> Juju Core Manager, Canonical Ltd. >>>> (503) 686-5018 >>>> alexis.bruem...@canonical.com >>>> >>>> -- >>>> Juju mailing list >>>> Juju@lists.ubuntu.com >>>> Modify settings or unsubscribe at: >>>> https://lists.ubuntu.com/mailman/listinfo/juju >>>> >>>> >>> >>> -- >>> Juju-dev mailing list >>> juju-...@lists.ubuntu.com >>> Modify settings or unsubscribe at: >>> https://lists.ubuntu.com/mailman/listinfo/juju-dev >>> >>> >> >> -- >> Juju-dev mailing list >> juju-...@lists.ubuntu.com >> Modify settings or unsubscribe at: >> https://lists.ubuntu.com/mailman/listinfo/juju-dev >> >> > > > -- > Andrew McDermott > Juju Core Sapphire team <http://juju.ubuntu.com> > > -- > Juju-dev mailing list > juju-...@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/juju-dev > > -- Reed O'Brien ✉ reed.obr...@canonical.com ✆ 415-562-6797 -- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
