search

rancher / os

Tiny Linux distro that runs the entire OS as Docker containers
https://rancher.com/docs/os/v1.x/en/
Apache License 2.0
6.45k stars 659 forks source link

Can't upgrade when using proxy #1914

Open rgruyters opened 7 years ago

rgruyters commented 7 years ago

RancherOS Version: (ros os version)

$ sudo ros -v
ros version v1.0.2

Where are you running RancherOS? (docker-machine, AWS, GCE, baremetal, etc.) VM

I have an issue when wanting to check if there is a newer version of the OS. Our systems are behind a proxy. I have configured the proxy settings under rancher.network (http_proxy, https_proxy and no_proxy) and works fine with Docker and system-docker, but not when I want to upgrade of listing the os with ros os.

> FATA[0015] Get https://releases.rancher.com/os/releases.yml?current=v1.0.2: dial tcp 104.24.17.51:443: i/o timeout
SvenDowideit commented 7 years ago

oh wow :(

I presume ros os upgrade -i rancher/os:v1.0.2 works, but things like ros os list and ros service list or ros engine list don't?

jbroq commented 7 years ago

Hi,

I have the same problem RancherOS Version: (ros os version)

sudo ros os version
v1.0.1

Where are you running RancherOS? (docker-machine, AWS, GCE, baremetal, etc.) VM

sudo ros os upgrade
> FATA[0015] Get https://releases.rancher.com/os/releases.yml?current=v1.0.1: dial tcp 104.24.17.51:443: i/o timeout

my proxy config is as followed:

sudo ros config export
EXTRA_CMDLINE: /init
hostname: <hostname>
rancher:
  docker:
    extra_args:
    - --bip=<my_gateway/netmask>
  environment:
    EXTRA_CMDLINE: /init
  network:
    dns:
      nameservers:
      - <DNS1_ipaddress>
      - <DNS2_ipaddress>
      search:
      - <mydomain>
    http_proxy: <http://myproxy.mydomain:port>
    https_proxy: <https://myproxy.mydomain:port>
    interfaces:
      eth0:
        address: <ipaddress/netmask>
        dhcp: false
        gateway: <ipadress>
        mtu: 1500
    no_proxy: localhost,127.0.0.1,<mydomain>

It seems like system-docker would need http_proxy parameters

ps -ef|grep system-docker
    1 root     system-docker daemon --pidfile /var/run/system-docker.pid --log-opt max-file=2 --log-opt max-size=25m --graph /var/lib/system-docker --restart=false --storage-driver overlay --group root --host unix:///var/run/system-docker.sock --userland-proxy=false --config-file /etc/docker/system-docker.json --exec-root /var/run/system-docker

from http://rancher.com/docs/os/networking/proxy-settings/, it should work.

Thanks for your help

k00p commented 7 years ago

Does anyone have a workaround for this? I'm seeing exactly the same behavior as described behind a corporate proxy.

rgruyters commented 7 years ago

@SvenDowideit yes. ros os upgrade -i rancher/os:v1.0.3 works.

rgruyters commented 7 years ago

@SvenDowideit although when rebooting, it wants to update running services like Open VM Tools and ZFS. (Service unreachable) It wants to download service images for v1.0.3 during boottime. Is there a way to bypass this?

rgruyters commented 7 years ago 
> ERRO[0030] Failed to load https://raw.githubusercontent.com/rancher/os-services/v1.0.3/index.yml: Get https://raw.githubusercontent.com/rancher/os-services/v1.0.3/index.yml: Service Unavailable
riktam commented 5 years ago

Is it possible to add some priority to fix this?

niusmallnan commented 5 years ago

@riktam What's your problem? Can you show me more details?

riktam commented 5 years ago 
ros os upgrade 
Upgrading to rancher/os:v1.5.1
Continue [y/N]: y
Pulling os-upgrade (rancher/os:v1.5.1)...
ERRO[0003] Failed to pull image rancher/os:v1.5.1: Error response from daemon: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority
FATA[0003] Error response from daemon: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority

Behind a https proxy both "ros os list" and "docker pull rancher/os:v1.5.1" work correctly but "ros os upgrade" does not.

Maybe the proxy variable is passed but the exiting certificate file is not being used. In my setup I append the proxy certificate to /etc/ssl/certs/ca-certificates.crt.

riktam commented 5 years ago

Also on the same environment as above "ros engine switch" does not work.:

ros engine switch docker-18.06.0-ce WARN[0000] The REGISTRY_DOMAIN variable is not set. Substituting a blank string. WARN[0011] The REGISTRY_DOMAIN variable is not set. Substituting a blank string. WARN[0011] The SUFFIX variable is not set. Substituting a blank string. INFO[0011] Project [os]: Starting project INFO[0011] [0/20] [docker]: Starting Pulling docker (/rancher/os-docker:18.06.0)... ERRO[0011] Failed Starting docker : Error parsing reference: "/rancher/os-docker:18.06.0" is not a valid repository/tag ERRO[0011] Failed to start: docker : Error parsing reference: "/rancher/os-docker:18.06.0" is not a valid repository/tag INFO[0011] Project [os]: Project started FATA[0011] Error parsing reference: "/rancher/os-docker:18.06.0" is not a valid repository/tag

niusmallnan commented 5 years ago

WARN[0000] The REGISTRY_DOMAIN variable is not set. Substituting a blank string. WARN[0011] The REGISTRY_DOMAIN variable is not set. Substituting a blank string.

@riktam Looks like you change the value if REGISTRY_DOMAIN, Its default value is docker.io.

riktam commented 5 years ago

@niusmallnan I have no idea where REGISTRY_DOMAIN is set or how to change it. How can i change it in the configuration?

niusmallnan commented 5 years ago

@riktam https://rancher.com/docs/os/v1.x/en/installation/configuration/images-prefix/

riktam commented 5 years ago

@niusmallnan I never changed anything related with REGISTRY_DOMAIN on my configuration files.