Manage a proxied environment

This page shows how to configure proxy settings for MicroStack. This is required for an environment that has network egress traffic restrictions placed upon it. These restrictions are typically implemented via a corporate proxy server that is separate from the MicroStack deployment.

The proxy server itself must permit access to certain external (internet) resources in order for MicroStack to deploy (and operate) correctly. These resources are listed on the Proxy ACL access reference page.

Configure for the proxy at the OS level

The steps given in the following two sub-sections will allow a network host to “talk” to your local proxy server.

Provide the initial settings

Set proxy values in the /etc/environment file via well-known environment variables. Ensure to set the management CIDR and metallb/loadbalancer CIDR in the NO_PROXY variable.

Below are example commands for providing these initial proxy settings:

echo "HTTP_PROXY=http://squid.proxy:3128" | sudo tee -a /etc/environment
echo "HTTPS_PROXY=http://squid.proxy:3128" | sudo tee -a /etc/environment
echo "NO_PROXY=localhost,127.0.0.1,localhost,10.121.193.0/24,10.20.21.0/27" | sudo tee -a /etc/environment

Restart snapd

Restart snapd so that it becomes aware of the new settings in /etc/environment:

sudo snap restart snapd

This will allow snaps to be installed on the configured nodes.

Show proxy settings

Run the following command to view the proxy settings:

sunbeam proxy show

Here is sample output from the above command:

Update proxy settings

User can update the proxy settings at later point of time after bootstrap is completed.
To update the proxy settings, run the command

sunbeam proxy set --http-proxy <> --https-proxy <> --no-proxy <> 

Clear proxy settings

To clear the proxy settings, run the following command

sunbeam proxy clear

The above command will clear the proxy settings in /etc/environment and model-configs for sunbeam created models.

$ cat /etc/environment  | grep PROXY
HTTP_PROXY=http://prx.domain.local:3128
HTTPS_PROXY=http://prx.domain.local:3128
NO_PROXY=127.0.0.0/8,10.0.0.0/8,192.168.0.0/16,172.16.0.0/16,localhost,.domain.local

$ sudo snap restart snapd
error: snap "snapd" has no services

$ sunbeam proxy show
Usage: sunbeam [OPTIONS] COMMAND [ARGS]...
Try 'sunbeam -h' for help.

Error: No such command 'proxy'.

$ snap list
Name       Version        Rev    Tracking       Publisher   Notes
core20     20240227       2264   latest/stable  canonical✓  base
core22     20240408       1380   latest/stable  canonical✓  base
juju       3.2.4          25443  3.2/stable     canonical✓  -
lxd        5.0.3-d921d2e  28373  5.0/stable/…   canonical✓  -
openstack  2023.2         335    2023.2/stable  canonical✓  -
snapd      2.62           21465  latest/stable  canonical✓  snapd

What’s wrong ?
~$ sunbeam -v cluster bootstrap --role control --role compute --role storage

 Bootstrapping Juju onto machine ... [14:31:50] ERROR    Error bootstrapping Juju                                                                                                                                                                                     juju.py:296
                    Traceback (most recent call last):
                      File "/snap/openstack/335/lib/python3.10/site-packages/sunbeam/commands/juju.py", line 289, in run
                        process = subprocess.run(cmd, capture_output=True, text=True, check=True)
                      File "/usr/lib/python3.10/subprocess.py", line 526, in run
                        raise CalledProcessError(retcode, process.args,
                    subprocess.CalledProcessError: Command '['/snap/openstack/335/juju/bin/juju', 'bootstrap', 'sunbeam', 'sunbeam-controller']' returned non-zero exit status 1.
           WARNING  Creating Juju controller "sunbeam-controller" on sunbeam/default                                                                                                                                             juju.py:297
                    Looking for packaged Juju agent version 3.2.4 for amd64
                    WARNING Got error requesting "https://streams.canonical.com/juju/tools/streams/v1/index2.sjson": Get "https://streams.canonical.com/juju/tools/streams/v1/index2.sjson": dial tcp: lookup
                    streams.canonical.com on 127.0.0.53:53: read udp 127.0.0.1:60200->127.0.0.53:53: i/o timeout
                    WARNING Got error requesting "https://streams.canonical.com/juju/tools/streams/v1/index2.sjson": Get "https://streams.canonical.com/juju/tools/streams/v1/index2.sjson": dial tcp: lookup
                    streams.canonical.com on 127.0.0.53:53: server misbehaving
                    WARNING Got error requesting "https://streams.canonical.com/juju/tools/streams/v1/index2.sjson": Get "https://streams.canonical.com/juju/tools/streams/v1/index2.sjson": dial tcp: lookup
                    streams.canonical.com on 127.0.0.53:53: read udp 127.0.0.1:50459->127.0.0.53:53: i/o timeout
                    ERROR failed to bootstrap model: cannot read index data, attempt count exceeded: cannot access URL "https://streams.canonical.com/juju/tools/streams/v1/index2.sjson": Get
                    "https://streams.canonical.com/juju/tools/streams/v1/index2.sjson": dial tcp: lookup streams.canonical.com on 127.0.0.53:53: read udp 127.0.0.1:50459->127.0.0.53:53: i/o timeout

           DEBUG    Finished running step 'Bootstrap Juju'. Result: ResultType.FAILED                                                                                                                                          common.py:260
Error: Command '['/snap/openstack/335/juju/bin/juju', 'bootstrap', 'sunbeam', 'sunbeam-controller']' returned non-zero exit status 1.

Hi @m4t7e0 , proxy support is found in the 2023.2/edge channel of the openstack snap (as stated). You appear to have 2023.2/stable installed.