We use linux servers on-premise and have mirrored the RPM repo so that we can install the az cli onto Rocky Linux servers. This works great. But we are having an issue with sometimes logging in and/or downloading extensions. Trying to add all the domains listed in the az cli endpoint list (https://learn.microsoft.com/en-us/cli/azure/azure-cli-endpoints?tabs=azure-cloud) to our firewall is not an easy process, nor is it guaranteed to work since we have some special filtering in the Palo Alto firewalls. Also, we normally do not allow servers to connect to the internet.
Is there a way to mirror the extensions locally like we do with the RPMs? Or is there a way to use a single domain for all az cli commands? Like a proxy on MS side.
Related command
az extension add --name azure-devops
Errors
Please ensure you have network connection. Error detail: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
Issue script & Debug output
# az extension add --name azure-devops --debug
cli.knack.cli: Command arguments: ['extension', 'add', '--name', 'azure-devops', '--debug']
cli.knack.cli: __init__ debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7f41d5870160>, <function OutputProducer.on_global_arguments at 0x7f41d5585d30>, <function CLIQuery.on_global_arguments at 0x7f41d53181f0>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'extension': ['azure.cli.command_modules.extension']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: extension 0.002 1 7
cli.azure.cli.core: Total (1) 0.002 1 7
cli.azure.cli.core: Loaded 1 groups, 7 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : extension add
cli.azure.cli.core: Command table: extension add
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7f41d1c5db80>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/root/.azure/commands/2023-10-11.10-52-39.extension_add.1076373.log'.
az_command_data_logger: command args: extension add --name {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x7f41d1c06790>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x7f41d1c2a8b0>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x7f41d1bce670>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7f41d5585dc0>, <function CLIQuery.handle_query_parameter at 0x7f41d5318280>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x7f41d1bce5e0>]
urllib3.connectionpool: Starting new HTTPS connection (1): aka.ms:443
urllib3.connectionpool: https://aka.ms:443 "GET /azure-cli-extension-index-v1 HTTP/1.1" 301 0
urllib3.connectionpool: Starting new HTTPS connection (1): azcliextensionsync.blob.core.windows.net:443
urllib3.connectionpool: https://azcliextensionsync.blob.core.windows.net:443 "GET /index1/index.json HTTP/1.1" 200 3282073
cli.azure.cli.core.extension._resolve: Candidates ['azure_devops-0.12.0-py2.py3-none-any.whl', 'azure_devops-0.17.0-py2.py3-none-any.whl', 'azure_devops-0.21.0-py2.py3-none-any.whl', 'azure_devops-0.26.0-py2.py3-none-any.whl']
cli.azure.cli.core.extension._resolve: Candidates ['azure_devops-0.12.0-py2.py3-none-any.whl', 'azure_devops-0.17.0-py2.py3-none-any.whl', 'azure_devops-0.21.0-py2.py3-none-any.whl', 'azure_devops-0.26.0-py2.py3-none-any.whl']
cli.azure.cli.core.extension._resolve: Candidates ['azure_devops-0.12.0-py2.py3-none-any.whl', 'azure_devops-0.17.0-py2.py3-none-any.whl', 'azure_devops-0.21.0-py2.py3-none-any.whl', 'azure_devops-0.26.0-py2.py3-none-any.whl']
cli.azure.cli.core.extension._resolve: Candidates ['azure_devops-0.12.0-py2.py3-none-any.whl', 'azure_devops-0.17.0-py2.py3-none-any.whl', 'azure_devops-0.21.0-py2.py3-none-any.whl', 'azure_devops-0.26.0-py2.py3-none-any.whl']
cli.azure.cli.core.extension._resolve: Chosen {'downloadUrl': 'https://github.com/Azure/azure-devops-cli-extension/releases/download/20230127.2/azure_devops-0.26.0-py2.py3-none-any.whl', 'filename': 'azure_devops-0.26.0-py2.py3-none-any.whl', 'metadata': {'azext.minCliCoreVersion': '2.30.0', 'classifiers': ['Development Status :: 4 - Beta', 'Intended Audience :: Developers', 'Intended Audience :: System Administrators', 'Programming Language :: Python', 'Programming Language :: Python :: 3', 'Programming Language :: Python :: 3.4', 'Programming Language :: Python :: 3.5', 'Programming Language :: Python :: 3.6', 'License :: OSI Approved :: MIT License'], 'extensions': {'python.details': {'contacts': [{'email': 'VSTS_Social@microsoft.com', 'name': 'Microsoft', 'role': 'author'}], 'document_names': {'description': 'DESCRIPTION.rst'}, 'project_urls': {'Home': 'https://github.com/Microsoft/azure-devops-cli-extension'}}}, 'extras': [], 'generator': 'bdist_wheel (0.30.0)', 'license': 'MIT', 'metadata_version': '2.0', 'name': 'azure-devops', 'run_requires': [{'requires': ['distro (==1.3.0)']}], 'summary': 'Tools for managing Azure DevOps.', 'version': '0.26.0'}, 'sha256Digest': '565fc207f1740c26957f382fe2eefabec254011fb2d1b50c0e540f894f47dcbe'}
cli.azure.cli.core.extension.operations: Extension source is url? True
cli.azure.cli.core.extension.operations: Downloading https://github.com/Azure/azure-devops-cli-extension/releases/download/20230127.2/azure_devops-0.26.0-py2.py3-none-any.whl to /tmp/tmp_bah_tmd/azure_devops-0.26.0-py2.py3-none-any.whl
urllib3.connectionpool: Starting new HTTPS connection (1): github.com:443
cli.azure.cli.core.azclierror: Traceback (most recent call last):
File "/lib64/az/lib/python3.9/site-packages/urllib3/connectionpool.py", line 714, in urlopen
httplib_response = self._make_request(
File "/lib64/az/lib/python3.9/site-packages/urllib3/connectionpool.py", line 403, in _make_request
self._validate_conn(conn)
File "/lib64/az/lib/python3.9/site-packages/urllib3/connectionpool.py", line 1053, in _validate_conn
conn.connect()
File "/lib64/az/lib/python3.9/site-packages/urllib3/connection.py", line 419, in connect
self.sock = ssl_wrap_socket(
File "/lib64/az/lib/python3.9/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(
File "/lib64/az/lib/python3.9/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib64/python3.9/ssl.py", line 501, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib64/python3.9/ssl.py", line 1041, in _create
self.do_handshake()
File "/usr/lib64/python3.9/ssl.py", line 1310, in do_handshake
self._sslobj.do_handshake()
ConnectionResetError: [Errno 104] Connection reset by peer
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/lib64/az/lib/python3.9/site-packages/requests/adapters.py", line 486, in send
resp = conn.urlopen(
File "/lib64/az/lib/python3.9/site-packages/urllib3/connectionpool.py", line 798, in urlopen
retries = retries.increment(
File "/lib64/az/lib/python3.9/site-packages/urllib3/util/retry.py", line 550, in increment
raise six.reraise(type(error), error, _stacktrace)
File "/lib64/az/lib/python3.9/site-packages/urllib3/packages/six.py", line 769, in reraise
raise value.with_traceback(tb)
File "/lib64/az/lib/python3.9/site-packages/urllib3/connectionpool.py", line 714, in urlopen
httplib_response = self._make_request(
File "/lib64/az/lib/python3.9/site-packages/urllib3/connectionpool.py", line 403, in _make_request
self._validate_conn(conn)
File "/lib64/az/lib/python3.9/site-packages/urllib3/connectionpool.py", line 1053, in _validate_conn
conn.connect()
File "/lib64/az/lib/python3.9/site-packages/urllib3/connection.py", line 419, in connect
self.sock = ssl_wrap_socket(
File "/lib64/az/lib/python3.9/site-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(
File "/lib64/az/lib/python3.9/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib64/python3.9/ssl.py", line 501, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib64/python3.9/ssl.py", line 1041, in _create
self.do_handshake()
File "/usr/lib64/python3.9/ssl.py", line 1310, in do_handshake
self._sslobj.do_handshake()
urllib3.exceptions.ProtocolError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/lib64/az/lib/python3.9/site-packages/azure/cli/core/extension/operations.py", line 125, in _add_whl_ext
_whl_download_from_url(url_parse_result, ext_file)
File "/lib64/az/lib/python3.9/site-packages/azure/cli/core/extension/operations.py", line 69, in _whl_download_from_url
r = requests.get(url, stream=True, verify=(not should_disable_connection_verify()))
File "/lib64/az/lib/python3.9/site-packages/requests/api.py", line 73, in get
return request("get", url, params=params, **kwargs)
File "/lib64/az/lib/python3.9/site-packages/requests/api.py", line 59, in request
return session.request(method=method, url=url, **kwargs)
File "/lib64/az/lib/python3.9/site-packages/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
File "/lib64/az/lib/python3.9/site-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
File "/lib64/az/lib/python3.9/site-packages/requests/adapters.py", line 501, in send
raise ConnectionError(err, request=request)
requests.exceptions.ConnectionError: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/lib64/az/lib/python3.9/site-packages/knack/cli.py", line 233, in invoke
cmd_result = self.invocation.execute(args)
File "/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/__init__.py", line 663, in execute
raise ex
File "/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/__init__.py", line 697, in _run_job
result = cmd_copy(params)
File "/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/__init__.py", line 333, in __call__
return self.handler(*args, **kwargs)
File "/lib64/az/lib/python3.9/site-packages/azure/cli/core/commands/command_operation.py", line 121, in handler
return op(**command_args)
File "/lib64/az/lib/python3.9/site-packages/azure/cli/command_modules/extension/custom.py", line 16, in add_extension_cmd
return add_extension(cli_ctx=cmd.cli_ctx, source=source, extension_name=extension_name, index_url=index_url,
File "/lib64/az/lib/python3.9/site-packages/azure/cli/core/extension/operations.py", line 344, in add_extension
extension_name = _add_whl_ext(cli_ctx=cmd_cli_ctx, source=source, ext_sha256=ext_sha256,
File "/lib64/az/lib/python3.9/site-packages/azure/cli/core/extension/operations.py", line 127, in _add_whl_ext
raise CLIError('Please ensure you have network connection. Error detail: {}'.format(str(err)))
knack.util.CLIError: Please ensure you have network connection. Error detail: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
cli.azure.cli.core.azclierror: Please ensure you have network connection. Error detail: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
az_command_data_logger: Please ensure you have network connection. Error detail: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7f41d1c5ddc0>]
az_command_data_logger: exit code: 1
cli.__main__: Command ran in 1.790 seconds (init: 0.169, invoke: 1.621)
telemetry.main: Begin splitting cli events and extra events, total events: 1
telemetry.client: Accumulated 0 events. Flush the clients.
telemetry.main: Finish splitting cli events and extra events, cli events: 1
telemetry.save: Save telemetry record of length 3689 in cache
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/bin/python3.9 /usr/lib64/az/lib/python3.9/site-packages/azure/cli/telemetry/__init__.py /root/.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.
Expected behavior
I expect a way to be able to download the extensions even with tight enterprise security policies.
Describe the bug
We use linux servers on-premise and have mirrored the RPM repo so that we can install the az cli onto Rocky Linux servers. This works great. But we are having an issue with sometimes logging in and/or downloading extensions. Trying to add all the domains listed in the az cli endpoint list (https://learn.microsoft.com/en-us/cli/azure/azure-cli-endpoints?tabs=azure-cloud) to our firewall is not an easy process, nor is it guaranteed to work since we have some special filtering in the Palo Alto firewalls. Also, we normally do not allow servers to connect to the internet.
Is there a way to mirror the extensions locally like we do with the RPMs? Or is there a way to use a single domain for all az cli commands? Like a proxy on MS side.
Related command
az extension add --name azure-devops
Errors
Please ensure you have network connection. Error detail: ('Connection aborted.', ConnectionResetError(104, 'Connection reset by peer'))
Issue script & Debug output
Expected behavior
I expect a way to be able to download the extensions even with tight enterprise security policies.
Environment Summary
azure-cli 2.53.0 core 2.53.0 telemetry 1.1.0 Dependencies: msal 1.24.0b2 azure-mgmt-resource 23.1.0b2
Python location '/bin/python3.9' Extensions directory '/root/.azure/cliextensions'
Python (Linux) 3.9.16 (main, Jul 3 2023, 20:07:32) [GCC 8.5.0 20210514 (Red Hat 8.5.0-18)]
Additional context
No response