Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Podman does not work behind a corporate proxy #3166

Closed
mkonzal opened this issue May 8, 2022 · 18 comments
Closed

[BUG] Podman does not work behind a corporate proxy #3166

mkonzal opened this issue May 8, 2022 · 18 comments
Labels
kind/bug Something isn't working status/need triage

Comments

@mkonzal
Copy link

mkonzal commented May 8, 2022

General information

  • OS: Windows
  • Hypervisor: Hyper-V
  • Did you run crc setup before starting it (Yes/No)? Yes
  • Running CRC on: Laptop

CRC version

CRC version: 2.2.2+be1af25f
OpenShift version: 4.10.9
Podman version: 3.4.4

CRC status

DEBU CRC version: 2.2.2+be1af25f
DEBU OpenShift version: 4.10.9
DEBU Podman version: 3.4.4
DEBU Running 'crc status'
DEBU Checking file: C:\Users\******\.crc\machines\crc\.crc-exist
DEBU Checking file: C:\Users\******\.crc\machines\crc\.crc-exist
DEBU Running 'Hyper-V\Get-VM crc | Select-Object -ExpandProperty State'
DEBU Running SSH command: df -B1 --output=size,used,target /sysroot | tail -1
DEBU Using ssh private keys: [C:\Users\******\.crc\machines\crc\id_ecdsa C:\Users\******\.crc\cache\crc_podman_hyperv_3.4.4_amd64\id_ecdsa_crc]
DEBU SSH command results: err: <nil>, output: 32737570816 1853587456 /sysroot
CRC VM:          Running
OpenShift:
Podman:          3.4.4
Disk Usage:      1.854GB of 32.74GB (Inside the CRC VM)
Cache Usage:     22.39GB
Cache Directory: C:\Users\******\.crc\cache

CRC config

- consent-telemetry                     : no
- http-proxy                            : http://host.location.emea.company.com:3128
- https-proxy                           : http://host.location.emea.company.com:3128
- memory                                : 4096
- no-proxy                              : .testing
- preset                                : podman
- pull-secret-file                      : C:\development\crc\pull-secret

Host Operating System

Host Name:                 HOST
OS Name:                   Microsoft Windows 10 Enterprise
OS Version:                10.0.19044 N/A Build 19044
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Member Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          COMPANY
Registered Organization:   COMPANY
Product ID:                00329-00000-00003-AA982
Original Install Date:     14.09.2021, 20:40:58
System Boot Time:          08.05.2022, 11:29:02
System Manufacturer:       LENOVO
System Model:              20N5S3NH0L
System Type:               x64-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: Intel64 Family 6 Model 142 Stepping 12 GenuineIntel ~1910 Mhz
BIOS Version:              LENOVO N2IET93W (1.71 ), 10.11.2020
Windows Directory:         C:\WINDOWS
System Directory:          C:\WINDOWS\system32
Boot Device:               \Device\HarddiskVolume2
System Locale:             en-us;English (United States)
Input Locale:              en-us;English (United States)
Time Zone:                 (UTC+01:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague
Total Physical Memory:     32 484 MB
Available Physical Memory: 21 062 MB
Virtual Memory: Max Size:  37 348 MB
Virtual Memory: Available: 25 067 MB
Virtual Memory: In Use:    12 281 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    emea.company.com
Logon Server:              \\LOGONSRV
Hotfix(s):                 12 Hotfix(s) Installed.
                           [01]: KB5012117
                           [02]: KB4562830
                           [03]: KB4570334
                           [04]: KB4577266
                           [05]: KB4598481
                           [06]: KB5003791
                           [07]: KB5012599
                           [08]: KB5006753
                           [09]: KB5007273
                           [10]: KB5011352
                           [11]: KB5011651
                           [12]: KB5005699
Network Card(s):           5 NIC(s) Installed.
                           [01]: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
                                 Connection Name: Ethernet 2
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: 10.142.56.34
                                 [02]: fe80::6921:59a0:4c6e:3a51
                                 [03]: fe80::205:9aff:fe3c:7a00
                           [02]: Intel(R) Wireless-AC 9560 160MHz
                                 Connection Name: Wi-Fi
                                 DHCP Enabled:    Yes
                                 DHCP Server:     192.168.1.1
                                 IP address(es)
                                 [01]: 192.168.1.102
                                 [02]: fe80::4e1d:96ff:fe7a:b17e
                           [03]: Intel(R) Ethernet Connection (6) I219-LM
                                 Connection Name: Ethernet
                                 Status:          Media disconnected
                           [04]: Bluetooth Device (Personal Area Network)
                                 Connection Name: Bluetooth Network Connection
                                 Status:          Media disconnected
                           [05]: Hyper-V Virtual Ethernet Adapter
                                 Connection Name: vEthernet (Default Switch)
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: 172.21.112.1
                                 [02]: fe80::215:5dff:fefc:41ba
Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed.

Steps to reproduce

  1. configure, setup, run and stop openshift
  2. crc config set preset podman
  3. crc delete
  4. crc setup
  5. crc run
  6. & crc podman-env | Invoke-Expression
  7. podman pull docker.io/library/httpd

Expected

pull will be successful like before in openshift

Actual

Trying to pull docker.io/library/httpd:latest...
Error: initializing source docker://httpd:latest: pinging container registry registry-1.docker.io: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io: no such host

When I disconnect from the coporate VPN and use direct connection to the internet the pull works also with current proxy settings.

Logs

INFO Using bundle path C:\Users\******\.crc\cache\crc_podman_hyperv_3.4.4_amd64.crcbundle
INFO Checking if current user is in Hyper-V Admins group
INFO Checking if CRC bundle is extracted in '$HOME/.crc'
INFO Checking if C:\Users\******\.crc\cache\crc_podman_hyperv_3.4.4_amd64.crcbundle exists
INFO Checking if daemon task is installed
INFO Installing the daemon task
INFO Checking if daemon task is running
INFO Running the daemon task
INFO Checking admin helper service is running
Your system is correctly setup for using CRC. Use 'crc start' to start the instance
PS C:\Users\******> crc start --log-level debug
DEBU CRC version: 2.2.2+be1af25f
DEBU OpenShift version: 4.10.9
DEBU Podman version: 3.4.4
DEBU Running 'crc start'
DEBU Total memory of system is 34061897728 bytes
DEBU No new version available. The latest version is 2.2.2
DEBU Checking file: C:\Users\******\.crc\machines\crc\.crc-exist
INFO Checking if running in a shell with administrator rights
DEBU Running '$currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent());$currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)'
INFO Checking Windows 10 release
DEBU Running '(Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name ReleaseId).ReleaseId'
INFO Checking Windows edition
DEBU Running '(Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").EditionID'
DEBU Running on Windows Enterprise edition
INFO Checking if Hyper-V is installed and operational
DEBU Running '@(Get-Wmiobject Win32_ComputerSystem).HypervisorPresent'
DEBU Running '@(Get-Service vmms).Status'
INFO Checking if crc-users group exists
DEBU Running 'Get-LocalGroup -Name crc-users'
INFO Checking if current user is in Hyper-V Admins group
DEBU Running '$sid = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-578")
        @([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole($sid)'
INFO Checking if Hyper-V service is enabled
DEBU Running '@(Get-Service vmms).Status'
INFO Checking if vsock is correctly configured
DEBU Running 'Get-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\GuestCommunicationServices\00000400-FACB-11E6-BD58-64006A7986D3"'
INFO Checking if daemon task is installed
DEBU Running 'Get-ScheduledTask -TaskName crcDaemon'
DEBU Running '(Get-ScheduledTask -TaskName "crcDaemon").Version'
INFO Checking if daemon task is running
INFO Checking admin helper service is running
DEBU Running '(Get-Service crcAdminHelper).Status'
DEBU Checking file: C:\Users\******\.crc\machines\crc\.crc-exist
DEBU Copying 'C:\Users\******\.crc\cache\crc_podman_hyperv_3.4.4_amd64\podman.exe' to 'C:\Users\******\.crc\bin\oc\podman.exe'
INFO Loading bundle: crc_podman_hyperv_3.4.4_amd64...
INFO Creating CRC VM for Podman 3.4.4...
DEBU Running pre-create checks...
DEBU Running '@(Get-Module -ListAvailable hyper-v).Name | Get-Unique'
DEBU Running '@([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(([System.Security.Principal.SecurityIdentifier]::new("S-1-5-32-578")))'
DEBU Creating machine...
DEBU Creating VM...
DEBU Running 'Hyper-V\New-VM crc -Path 'C:\Users\******\.crc\machines\crc' -MemoryStartupBytes 4096MB'
DEBU Running 'Hyper-V\Remove-VMNetworkAdapter -VMName crc'
DEBU Running 'Hyper-V\Set-VMMemory -VMName crc -DynamicMemoryEnabled $false'
DEBU Running 'Hyper-V\Set-VMProcessor crc -Count 2'
DEBU Running 'Hyper-V\Set-VM -VMName crc -AutomaticStartAction Nothing -AutomaticStopAction ShutDown -CheckpointType Disabled'
DEBU Running 'Hyper-V\Add-VMHardDiskDrive -VMName crc -Path 'C:\Users\******\.crc\machines\crc\crc.vhdx''
INFO Generating new SSH Key pair...
DEBU Created C:\Users\******\.crc\machines\crc\.crc-exist
DEBU Machine successfully created
DEBU Checking file: C:\Users\******\.crc\machines\crc\.crc-exist
DEBU Running 'Hyper-V\Get-VM crc | Select-Object -ExpandProperty State'
DEBU Copying 'C:\Users\******\.crc\cache\crc_podman_hyperv_3.4.4_amd64\podman.exe' to 'C:\Users\******\.crc\bin\oc\podman.exe'
DEBU Updating CRC VM configuration
DEBU Running 'Hyper-V\Start-VM crc'
DEBU Waiting for machine to be running, this may take a few minutes...
DEBU retry loop: attempt 0
DEBU Running 'Hyper-V\Get-VM crc | Select-Object -ExpandProperty State'
DEBU Machine is up and running!
DEBU Running 'Hyper-V\Get-VM crc | Select-Object -ExpandProperty State'
INFO CRC instance is running with IP 127.0.0.1
DEBU Waiting until ssh is available
DEBU retry loop: attempt 0
DEBU Running SSH command: exit 0
DEBU Using ssh private keys: [C:\Users\******\.crc\machines\crc\id_ecdsa C:\Users\******\.crc\cache\crc_podman_hyperv_3.4.4_amd64\id_ecdsa_crc]
DEBU SSH command results: err: ssh: handshake failed: read tcp 127.0.0.1:51914->127.0.0.1:2222: wsarecv: An existing connection was forcibly closed by the remote host., output:
DEBU error: Temporary error: ssh command error:
command : exit 0
err     : ssh: handshake failed: read tcp 127.0.0.1:51914->127.0.0.1:2222: wsarecv: An existing connection was forcibly closed by the remote host.
 - sleeping 1s
DEBU retry loop: attempt 1
DEBU Running SSH command: exit 0
DEBU Using ssh private keys: [C:\Users\******\.crc\machines\crc\id_ecdsa C:\Users\******\.crc\cache\crc_podman_hyperv_3.4.4_amd64\id_ecdsa_crc]
DEBU SSH command results: err: ssh: handshake failed: read tcp 127.0.0.1:51915->127.0.0.1:2222: wsarecv: An existing connection was forcibly closed by the remote host., output:
DEBU error: Temporary error: ssh command error:
command : exit 0
err     : ssh: handshake failed: read tcp 127.0.0.1:51915->127.0.0.1:2222: wsarecv: An existing connection was forcibly closed by the remote host.
 - sleeping 1s
DEBU retry loop: attempt 2
DEBU Running SSH command: exit 0
DEBU Using ssh private keys: [C:\Users\******\.crc\machines\crc\id_ecdsa C:\Users\******\.crc\cache\crc_podman_hyperv_3.4.4_amd64\id_ecdsa_crc]
DEBU SSH command results: err: <nil>, output:
INFO CRC VM is running
DEBU Running SSH command: cat /home/core/.ssh/authorized_keys
DEBU SSH command results: err: <nil>, output:
INFO Updating authorized keys...
DEBU Creating /home/core/.ssh/authorized_keys with permissions 0644 in the CRC VM
DEBU Running SSH command: <hidden>
DEBU SSH command succeeded
DEBU Running SSH command: realpath /dev/disk/by-label/root
DEBU SSH command results: err: <nil>, output: /dev/sda4
DEBU Using root access: Growing /dev/sda4 partition
DEBU Running SSH command: sudo /usr/bin/growpart /dev/sda 4
DEBU SSH command results: err: Process exited with status 1, output: NOCHANGE: partition 4 is size 63961055. it cannot be grown
DEBU No free space after /dev/sda4, nothing to do
DEBU Using root access: make root Podman socket accessible
DEBU Running SSH command: sudo chmod 777 /run/podman/ /run/podman/podman.sock
DEBU SSH command results: err: <nil>, output:
INFO Adding new bearer token for cockpit webconsole
DEBU Creating /home/core/cockpit-bearer-token with permissions 0600 in the CRC VM
DEBU Running SSH command: <hidden>
DEBU SSH command succeeded
DEBU Using root access: chown cockpit-bearer-token file to core
DEBU Running SSH command: sudo chown core:core /home/core/cockpit-bearer-token
DEBU SSH command results: err: <nil>, output:
DEBU Checking file: C:\Users\******\.crc\machines\crc\.crc-exist
DEBU Running 'C:\Users\******\.crc\bin\oc\podman.exe system connection add --identity C:\Users\******\.crc\machines\crc\id_ecdsa crc ssh://core@127.0.0.1:2222/run/user/1000/podman/podman.sock'
DEBU Running 'C:\Users\******\.crc\bin\oc\podman.exe system connection default crc'
DEBU Running 'C:\Users\******\.crc\bin\oc\podman.exe system connection add --identity C:\Users\******\.crc\machines\crc\id_ecdsa crc-root ssh://core@127.0.0.1:2222/run/podman/podman.sock'
podman runtime is now running.

Use the 'podman' command line interface:
  PS> & crc podman-env | Invoke-Expression
  PS> podman.exe COMMAND
@mkonzal mkonzal added kind/bug Something isn't working status/need triage labels May 8, 2022
@gbraad
Copy link
Contributor

gbraad commented May 9, 2022

@vrothberg
How is proxy use set up for podman?

@vrothberg
Copy link

@vrothberg How is proxy use set up for podman?

Via the HTTP{S}_PROXY environment variables.

@mkonzal
Copy link
Author

mkonzal commented May 9, 2022

In the host OS (Windows) are environement variables HTTP{S}_PROXY set.
The proxy is located on the same host.
The FQDN of the host is used within HTTP{S}_PROXY value (not localhost or 127.0.0.1).
With same settings in the crc config openshift works fine.
When directly connected to the internet it is working also when environment variables are set.

@vrothberg
Copy link

Did you set the variables before or after podman machine init?

@mkonzal
Copy link
Author

mkonzal commented May 9, 2022

The provided podman in the host OS doesn't know machine command.

The result of podman --help

Manage pods, containers and images

Usage:
  podman.exe [options] [command]

Available Commands:
  attach      Attach to a running container
  build       Build an image using instructions from Containerfiles
  commit      Create new image based on the changed container
  container   Manage containers
  cp          Copy files/folders between a container and the local filesystem
  create      Create but do not start a container
  diff        Display the changes to the object's file system
  events      Show podman events
  exec        Run a process in a running container
  export      Export container's filesystem contents as a tar archive
  generate    Generate structured data based on containers, pods or volumes
  healthcheck Manage health checks on containers
  help        Help about any command
  history     Show history of a specified image
  image       Manage images
  images      List images in local storage
  import      Import a tarball to create a filesystem image
  info        Display podman system information
  init        Initialize one or more containers
  inspect     Display the configuration of object denoted by ID
  kill        Kill one or more running containers with a specific signal
  load        Load image(s) from a tar archive
  login       Login to a container registry
  logout      Logout of a container registry
  logs        Fetch the logs of one or more containers
  manifest    Manipulate manifest lists and image indexes
  network     Manage networks
  pause       Pause all the processes in one or more containers
  play        Play containers, pods or volumes from a structured file
  pod         Manage pods
  port        List port mappings or a specific mapping for the container
  ps          List containers
  pull        Pull an image from a registry
  push        Push an image to a specified destination
  rename      Rename an existing container
  restart     Restart one or more containers
  rm          Remove one or more containers
  rmi         Removes one or more images from local storage
  run         Run a command in a new container
  save        Save image(s) to an archive
  search      Search registry for image
  secret      Manage secrets
  start       Start one or more containers
  stats       Display a live stream of container resource usage statistics
  stop        Stop one or more containers
  system      Manage podman
  tag         Add an additional name to a local image
  top         Display the running processes of a container
  unpause     Unpause the processes in one or more containers
  untag       Remove a name from a local image
  version     Display the Podman version information
  volume      Manage volumes
  wait        Block on one or more containers

Options:
  -c, --connection string         Connection to use for remote Podman service
      --help                      Help for podman
      --identity string           path to SSH identity file, (CONTAINER_SSHKEY) (default "C:\\Users\\kon2bj\\.crc\\machines\\crc\\id_ecdsa")
      --log-level string          Log messages above specified level (trace, debug, info, warn, warning, error, fatal, panic) (default "warn")
      --storage-opt stringArray   Used to pass an option to the storage driver
      --url string                URL to access Podman service (CONTAINER_HOST) (default "ssh://core@127.0.0.1:2222/run/user/1000/podman/podman.sock")
  -v, --version                   version for podman.exe

@vrothberg
Copy link

Would you open an issue against github.com/containers/podman and fill out the issue template? I will pull in the Windows folks if needed.

@gbraad
Copy link
Contributor

gbraad commented May 9, 2022

We do set these variables for our VM. We will also verify this on our end.

@gbraad
Copy link
Contributor

gbraad commented May 9, 2022

Can you log in to the VM and see if host.location.emea.company.com resolves properly?

@mkonzal
Copy link
Author

mkonzal commented May 9, 2022

Would you open an issue against github.com/containers/podman and fill out the issue template? I will pull in the Windows folks if needed.

An issue was created.

@mkonzal
Copy link
Author

mkonzal commented May 9, 2022

@gbraad
How to log in to podman server VM?

@gbraad
Copy link
Contributor

gbraad commented May 9, 2022

crc ssh

@mkonzal
Copy link
Author

mkonzal commented May 9, 2022

@gbraad
I got unknown command "ssh" for "crc".

@mkonzal
Copy link
Author

mkonzal commented May 9, 2022

When I connect using ssh -i ~/.crc/machines/crc/id_ecdsa -o StrictHostKeyChecking=no -p 2222 core@127.0.0.1 then the result of name resolution check in VM is believable.

host hostname.location.emea.company.com
hostname.location.emea.company.com has address 10.x.y.z
hostname.location.emea.company.com has address 172.28.96.1
hostname.location.emea.company.com has address 192.168.u.v

Where 10.x.y.z is my VPN ip, 192.168.u.v is my WLAN ip and 172.28.96.1 is Hyper-V virtual ethernet adapter ip.

The VM environment variables HTTP_PROXY, HTTPS_PROXY and NO_PROXY are not set.

@mkonzal
Copy link
Author

mkonzal commented May 9, 2022

When I try curl -v -x http://hostname.location.emea.company.com:3128 https://registry-1.docker.io/v2/ then it seams to work

*   Trying 10.142.48.45:3128...
* Connected to hostname.location.emea.company.com (10.142.48.45) port 3128 (#0)
* allocate connect buffer!
* Establish HTTP proxy tunnel to registry-1.docker.io:443
> CONNECT registry-1.docker.io:443 HTTP/1.1
> Host: registry-1.docker.io:443
> User-Agent: curl/7.79.1
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
< Connection: close
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=*.docker.com
*  start date: Nov 30 00:00:00 2021 GMT
*  expire date: Dec 29 23:59:59 2022 GMT
*  subjectAltName: host "registry-1.docker.io" matched cert's "*.docker.io"
*  issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
*  SSL certificate verify ok.
> GET /v2/ HTTP/1.1
> Host: registry-1.docker.io
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
< content-type: application/json
< docker-distribution-api-version: registry/2.0
< www-authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io"
< date: Mon, 09 May 2022 14:59:19 GMT
< content-length: 87
< strict-transport-security: max-age=31536000
<
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}
* Connection #0 to host hostname.location.emea.company.com left intact

@praveenkumar
Copy link
Member

Podman machine solve this using ignition config containers/podman#13209 but as part of CRC since we are using pre configured VM we need to honor proxy config option to the VM like we are doing for openshift. As of now we are just ignoring the proxy config for podman preset.

Meanwhile @mkonzal you can try containers/podman#11941 (comment) and let us know if that is working?

@mkonzal
Copy link
Author

mkonzal commented May 10, 2022

Just introducing /etc/systemd/system.conf.d/10-default-env.conf in the VM as a root with the content

[Manager]
DefaultEnvironment="HTTP_PROXY=http://hostname.location.emea.company.com:3128"
DefaultEnvironment="HTTPS_PROXY=http://hostname.location.emea.company.com:3128"
DefaultEnvironment="NO_PROXY=.<set-of-host-domain-exclusion(s)>,localhost,127.0.0.1,0.0.0.0,::1"

DefaultEnvironment="http_proxy=http://hostname.location.emea.company.com:3128"
DefaultEnvironment="https_proxy=http://hostname.location.emea.company.com:3128"
DefaultEnvironment="no_proxy=.<set-of-host-domain-exclusion(s)>,localhost,127.0.0.1,0.0.0.0,::1"

introducing /etc/profile.d/proxy.sh in the VM as a root with the content

PROXY_URL=http://hostname.location.emea.company.com:3128

export http_proxy="$PROXY_URL"
export https_proxy="$PROXY_URL"
export ftp_proxy="$PROXY_URL"
export no_proxy=".<set-of-host-domain-exclusion(s)>,localhost,127.0.0.1,0.0.0.0,::1"

export HTTP_PROXY="$PROXY_URL"
export HTTPS_PROXY="$PROXY_URL"
export FTP_PROXY="$PROXY_URL"
export NO_PROXY=".<set-of-host-domain-exclusion(s)>,localhost,127.0.0.1,0.0.0.0,::1"

and the restart of CRC (crc stop, crc start) on the host doesn't help (the environment variables are now set). I get the same result for podman pull docker.io/library/httpd on the host.

Trying to pull docker.io/library/httpd:latest...
Error: initializing source docker://httpd:latest: pinging container registry registry-1.docker.io: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io: no such host

I was not able to execute podman machine stop and podman machine start in the VM because the list of VMs is empty.

@cfergeau
Copy link
Contributor

Adding /etc/environment.d/proxy-env.conf with this content:

HTTP_PROXY=http://hostname.location.emea.company.com:3128
HTTPS_PROXY=http://hostname.location.emea.company.com:3128
NO_PROXY=.<set-of-host-domain-exclusion(s)>,localhost,127.0.0.1,0.0.0.0,::1

and running systemd --user daemon-reload in the VM should make podman able to use the proxy.

cfergeau added a commit to cfergeau/crc that referenced this issue May 11, 2022
At the moment, the proxy configuration done in crc is not used by
podman-remote. This happens because we don't propagate the needed
environment variable to the services podman uses in the VM.

This commit creates a /etc/environment.d/proxy-env.conf file which will
be used automatically by systemd when it spawns podman.service for
rootless use (ie through a systemd user instance)

This then adds a /etc/systemd/system/podman.service.d/proxy-env.conf
file to achieve the same for podman.service used as root (in the main
systemd instance).  This file re-uses the env vars defined in
/etc/environment.d/proxy-env.conf

This fixes crc-org#3166
@mkonzal
Copy link
Author

mkonzal commented May 11, 2022

Thanks for your fix and support.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Something isn't working status/need triage
Projects
None yet
Development

No branches or pull requests

5 participants