Page MenuHomePhabricator

Add system wide proxy setting
Closed, ResolvedPublicFEATURE REQUEST

Description

I just operate VyOS in a very restricted network (access to internet only possible via proxy) but I want to install updates using add system image URL thus it would be very nice if we have a CLI option to specify a proxy server used.

RFC API

set system proxy server <url>
set system proxy server port
set system proxy server user
set system proxy server pass

Also if there should be a management portal for VyOS the box can connect to it via HTTP API too

Details

Difficulty level
Normal (likely a few hours)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible

Event Timeline

c-po created this task.Thu, Oct 17, 2:23 PM
hagbard claimed this task.Thu, Oct 17, 3:10 PM
hagbard added a subscriber: hagbard.

I have that issue for a while here too and just helped myself locally. I'll can take care of that.

hagbard changed the task status from Open to In progress.Thu, Oct 17, 9:49 PM
hagbard triaged this task as Normal priority.
hagbard changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
hagbard added a comment.EditedThu, Oct 17, 10:01 PM

The removal makes a little headache. Setting it system wide is not an issue at all, writing and execute in profile.d. Removing it would require to logout and login again to re-read the bash.profile. I may have to rethink that. Also the image download is invoked via a perl script, so http_proxy will be lost anyway.

c-po added a comment.Fri, Oct 18, 5:11 AM

Why bot simply create /etc/wgetrc? Can curl read that file? If not, /etc/curlrc.

That would work but it's only for a single programm you define it. I think it could be enough for the beginning. I still have to check if curlrc is being read when invoked from the perl script, it usually should.

c-po added a comment.Fri, Oct 18, 4:15 PM

We only have curl and wget for outside communication so this should be fine, whereas curl is the preferred way - thus this is more then fine and can be altered if its really required. Keep it simple.

curl only accepts ~/.curlrc, so that can become a hassle with multiple home directories on a box.

hagbard added a comment.EditedFri, Oct 18, 5:12 PM

I have an idea, I can either write it to profile.d, that is exporting http_proxy, https_proxy and ftp_proxy into the shell env, and in the install-image script if the profile files exists, I load it which exposes these variables as well and curl is working with no issue. If removed, that file won't exists and curl works like it did before. If the proxy variables shouldn't be in the user environment, I can write it to a particular file only used by scripts which which would need that information.

Tested it already, add image would work via proxy with no issues.

hagbard changed the task status from In progress to Needs testing.EditedFri, Oct 18, 6:03 PM

https://github.com/vyos/vyos-1x/commit/df9544233fb661e830285c1a0d7755cff4b27408
https://github.com/vyos/vyatta-cfg-system/commit/3a99ea6e9b8ef9ef417d38d1d0bab8d2d2401aa8 (add system image)

Let's see how that goes, right now I export it via profile, if ppl don't like that (you won't change a proxy settings on a daily basis I guess), I can write it into a different file which can be use by an app in particular. Another thing might be authentication algorithms, curl is quite well equipped, but I would rather change that in the install-image script itself, since it's app specific.

c-po added a comment.EditedFri, Oct 18, 7:00 PM

good first implementation thx. can you please also update docs?

hagbard closed this task as Resolved.Mon, Oct 21, 4:16 PM
c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.Tue, Nov 12, 9:17 PM