Cannot install behind firewall

[maarre]

Installation steps:

[root@yadt ~]# cd /usr/local/src/
[root@yadt src]# git clone https://github.com/ImmobilienScout24/yum-repo-server
[root@yadt src]# cd yum-repo-server
[root@yadt yum-repo-server]# yum install maven.noarch

I configured maven Proxy settings, java 1.8 and network name reslolution

[root@yadt yum-repo-server]# mvn package

Skipped lots of output

[INFO] --- maven-surefire-plugin:2.17:test (default-test) @ yum-repo-server ---
[INFO] Surefire report directory: /usr/local/src/yum-repo-server/target/surefire-reports
Running de.is24.infrastructure.gridfs.http.mongo.util.LocalMongoFactoryTest
2015-06-24 14:09:56,590 ERROR [host=] [user=] de.is24.infrastructure.gridfs.http.utils.retry.RetryUtils - Execution 3 of 3 failed. No retries left.
Tests run: 3, Failures: 0, Errors: 2, Skipped: 0, Time elapsed: 6.128 sec <<< FAILURE! - in de.is24.infrastructure.gridfs.http.mongo.util.LocalMongoFactoryTest
shouldStartAndStopMongoD(de.is24.infrastructure.gridfs.http.mongo.util.LocalMongoFactoryTest)  Time elapsed: 6.116 sec  <<< ERROR!
de.flapdoodle.embed.process.exceptions.DistributionException: java.io.IOException: Could not open inputStream for http://fastdl.mongodb.org/linux/mongodb-linux-x86_64-2.6.1.tgz

I cannot say I am happy with tests downloading code.

There is no generic way of passing Proxy settings to java.

[mriehl]

I'm very much +1 on the downloading code part (especially since it's a plain http channel...) but what's the alternative, installing mongo yourself? Putting the installed mongo in version control? Like hadoop and curl|sh based builds it seems driven by convenience which is not necessarily a bad thing.

I think the proxy system properties are pretty much standard in java? Will have a look at our build tomorrow and let you know.

[mriehl]

We have an exception for the download URL in our proxy config (the build machine does not have internet access), so looks like we are downloading the mongo artifact through it.

We are passing the proxy settings like so:

-Dhttp.proxyHost=PROXY_HOST
-Dhttp.proxyPort=PROXY_PORT

and it seems to work. I also just noticed the mongo download URL also works with HTTPS, will look into getting that replaced...

[maarre]

I have tried :

# export PROXY_HOST=proxy.xxx.se
# export PROXY_PORT=8080

Still no go

[mriehl]

Try passing the java system properties, it seems to work for us.

[mriehl]

This is what I mean:

mvn package -Dhttp.proxyHost=proxy.xxx.se -Dhttp.proxyPort=8080 -Dhttps.proxyHost=proxy.xxx.se -Dhttps.proxyPort=8080

[maarre]

Still no go.

There is a rpm distribution: http://docs.mongodb.org/manual/tutorial/install-mongodb-on-red-hat/

There is no hurry. I leave for 5 weeks of vacation tomorrow.

[schlomo]

IIRC the whole point of the embedded Mongo was to enable development on various platforms without depending on a local Mongo installation.

Are you working on a production installation or on a development setup? For me those are two different scenarios:

• The development scenario should be optimized for convenience
• The production installation should be optimized for reliability, trust and compliance

[mriehl]

@schlomo Agreed. Downloading stuff over plain HTTP and then executing it is not okay on any machine though.

[schlomo]

Securing the transport channel only makes it obvious that the main problem is the trust into the download source. Regardless of HTTP or HTTPS.

For development I think that this is not a big deal, for production I would always install all software from trusted sources.

[mriehl]

With #62 merged I can install through a local squid proxy with

mvn package -Dhttp.proxyHost=localhost -Dhttp.proxyPort=3128

[mriehl]

@schlomo with HTTP I have to trust the source, CA authorities and people on the same network to not MITM me. It's so easy to MITM a HTTP download it's not even funny. With HTTPS I just have to trust the source and CA authorities.