manage repo trough proxy

voxpupuli / puppet-icinga2

Puppet module to manage Icinga 2

https://forge.puppet.com/icinga/icinga2

Apache License 2.0

62 stars 93 forks source link

manage repo trough proxy #394

Closed elderorange closed 6 years ago

elderorange commented 6 years ago

I want to add icinga2 repo and getting the following message:

Error: /Stage[main]/Icinga2::Repo/File[/etc/pki/GPG-KEY-icinga]: Could not evaluate: Could not retrieve file metadata for http://packages.icinga.com/icinga.key: getaddrinfo: Name or service not known

So, it hangs in repo.pp at:

file { '/etc/pki/GPG-KEY-icinga':
          ensure => present,
          source => 'http://packages.icinga.com/icinga.key',
       }

How does puppet get the source? The better question is how can I setup the puppet client node to do this trough proxy with authentication?

Puppet modules: ├── common (v0.1.0) ├── icinga-icinga2 (v1.3.0) ├── puppet-zypprepo (v2.0.0) ├── puppetlabs-apt (v4.1.0) ├── puppetlabs-chocolatey (v2.0.2) ├── puppetlabs-concat (v2.2.1) ├── puppetlabs-ntp (v6.3.0) ├── puppetlabs-powershell (v2.1.0) ├── puppetlabs-registry (v1.1.4) └── puppetlabs-stdlib (v4.17.1)

puppet version: 4.10.8 OS: SLES 12.2

Best regards, Markus

dnsmichi commented 6 years ago

I'd suggest to manage the repo on your own (manage_repo => false) and handle http proxies and such over there.

elderorange commented 6 years ago

Okay, an exec getting the key by wget works for me. If I want to do it as written at the top, how is "source" getting the file? It uses wget also, or is it curl?

I am asking because it´s not so simple to define proxy settings and noproxy settings for different linux applications. A also tried zypprepo but this as proxy options only for yum repos

lbetz commented 6 years ago

You should configure your zypper to use a proxy before declaring the class icinga. If you'll do this by puppet you can use icinga with manage_repo => true.

elderorange commented 6 years ago

I made this already by setting up /etc/sysconfig/proxy with all necessary noproxy entries. I found out that entreing authentication for proxy creates a .curlrc in root home directory. I think puppet doesn´t load this file executing zypper. And without the credentials it´s not possible to cross our proxy.

lbetz commented 6 years ago

Sorry, my mistake. The fiel resource that handle the key isn't involved by zypper. But zypper has an property gpgkey to handle the key. So maybe we can replace the the file resource with this property.

As a workaround for your problem please use manage_repo => false and manage the zypper resource before the icinga2 class by your own. Let me now if you need additional help to implement it.

lbetz commented 6 years ago

related to #397

elderorange commented 6 years ago

I made it. Zypper take the credentials from /root/.curlrc not in every situation. I had to enter the credentials to HTTP_PROXY in /etc/sysconfig/proxy as well. HTTP_PROXY="http://user>:<password>@<proxy:"