How to use proxy server with rpm-ostree

[rgruyters]

Host system details Centos Atomic Host as VM

Provide the output of rpm-ostree status.

State: idle
Deployments:
● centos-atomic-host:centos-atomic-host/7/x86_64/standard
       Version: 7.20170405 (2017-04-10 20:31:05)
        Commit: 91fe03fef75652f68a9974261b391faaeb5bd20f33abf09bb1d45511ba2df04e
        OSName: centos-atomic-host
  GPGSignature: 1 signature
                Signature made Mon 10 Apr 2017 11:19:14 PM CEST using RSA key ID F17E745691BA8335
                Good signature from "CentOS Atomic SIG <security@centos.org>"

Expected vs actual behavior

# rpm-ostree install oddjobd
Checking out tree 91fe03f... done
error: cannot update repo 'base': Cannot prepare internal mirrorlist: Curl error (7): Couldn't connect to server for http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=$infra [Failed to connect to 2607:f8f8:700:12::10: Network is unreachable]

Expected:

# rpm-ostree install oddjobd
...
Success!

Steps to reproduce it

Just run above command in a closed environment

Would you like to work on the issue?

Please let us know if you can work on it or the issue should be assigned to someone else.

[cgwalters]

rpm-ostree uses https://github.com/rpm-software-management/libdnf/ which handles proxy configuration via the same mechanisms as the original yum. Did you add a proxy= entry to the file in /etc/yum.repos.d?

Note that for the libostree side (base tree/image) updates, you'll need to edit a different file; see https://github.com/projectatomic/rpm-ostree/issues/208

[rgruyters]

@cgwalters I haven't yet tried it to edit yum. For the record I have Centos Atomic Host running. Don't know if that matters.

[rgruyters]

@cgwalters in https://github.com/projectatomic/rpm-ostree/issues/208#issuecomment-171737861 is a little bit explained about the problem, unfortunately it doesn't make it clear (for me) where and how?

[jberkus]

Reference: https://github.com/projectatomic/atomic-site/pull/428

[jlebon]

@rgruyters To clarify, for proxy settings affecting rpm-ostree install, edit /etc/yum.conf//etc/dnf/dnf.conf. It can also be set per-repo rather than globally (at least for DNF -- see http://dnf.readthedocs.io/en/latest/conf_ref.html#options-for-both-main-and-repo). (Edit: Actually the conf files are used by dnf and yum only and thus won't affect rpm-ostree. You'll have to edit the repo files themselves.)

For proxy settings affecting rpm-ostree upgrade/deploy/rebase, you can add the proxy= line to the remote config in e.g. /etc/ostree/remotes.d (see https://github.com/ostreedev/ostree/blob/a71d550/man/ostree.repo-config.xml#L143). You'll have to do systemctl reload rpm-ostreed afterwards (or just restart if you have an older version).

[rgruyters]

@jlebon thanks for clearing this. Although I have checked but I didn't found a /etc/yum.conf on my system. Again to clarify, I have CentOS Atomic Host installed.

[cgwalters]

Right, rpm-ostree uses libdnf which currently does not have a global configuration file, only per-repository.

[jlebon]

Oh right, sorry for the confusion there. I amended the comment for posterity.

[fbruetting]

Really guys? Do we now have to edit proxys everywhere…?!

I work in different environments and thus already have to replace my proxy file in /etc/profile.d/ and change Gnome Shell’s and Firefox’s proxy settings every time. Now I would have to do that additionally for dnf and ostree and possibly other system services…?! O_o

[matyat]

Found this snippet in #208:

$ mkdir -p /etc/systemd/system/rpm-ostreed.service.d
$ cat > /etc/systemd/system/rpm-ostreed.service.d/http-proxy.conf << EOF
[Service]
Environment="http_proxy=http://<my-proxy>"
EOF
$ systemctl daemon-reload
$ systemctl restart rpm-ostreed.service

This seems to work for rpm-ostree upgrade|install.

[loupianche]

rpm-ostree should read all_proxy, http_proxy and https_proxy variables like dnf and yum.

[lz006]

Found this snippet in #208:

$ mkdir -p /etc/systemd/system/rpm-ostreed.service.d
$ cat > /etc/systemd/system/rpm-ostreed.service.d/http-proxy.conf << EOF
[Service]
Environment="http_proxy=http://<my-proxy>"
EOF
$ systemctl daemon-reload
$ systemctl restart rpm-ostreed.service

This seems to work for rpm-ostree upgrade|install.

saved my live!

Unfortunately rpm-ostree on FCOS32 ignored all my attempts using env vars. So at least from that point it must somehow differ from dnf/yum as those take env vars into account...

[pmcnabb]

In case it helps anyone else, for the workaround I had to set https_proxy in addition to http_proxy.

[travier]

Found this snippet in #208:

$ mkdir -p /etc/systemd/system/rpm-ostreed.service.d
$ cat > /etc/systemd/system/rpm-ostreed.service.d/http-proxy.conf << EOF
[Service]
Environment="http_proxy=http://<my-proxy>"
EOF
$ systemctl daemon-reload
$ systemctl restart rpm-ostreed.service

This seems to work for rpm-ostree upgrade|install.

This worked for someone in https://discussion.fedoraproject.org/t/rpm-ostree-upgrade-and-proxy-server-timeout-was-reached/87051/10. Maybe we should document that as a workaround in the meantime?

[srd424]

Unfortunately https://github.com/ostreedev/ostree-rs-ext/issues/582 means this no longer works for OCI layers - perhaps it's time for dedicated proxy configuration in rpm-ostreed.conf and appropriate plumbing to pass the options down to wherever it's required?