I’ve been playing around recently with VMware’s new Photon OS platform. Thanks to it’s incredibly small footprint and virtualization-specific tuning, it looks like an excellent building block for a custom appliance I’m hoping to build. To keep the appliance as small as possible, I used the minimal deployment and then planned to install packages as required.
After deploying the appliance, I hit a roadblock as the package management tool called tdnf couldn’t reach any of the repositories. This was expected as my home lab is isolated and I have to go through a squid proxy server to get to the outside world.
root@photon-machine [ ~ ]# tdnf repolist curl#7: Couldn't connect to server Error: Failed to synchronize cache for repo 'VMware Photon Linux 2.0(x86_64) Updates' from 'https://dl.bintray.com/vmware/photon_updates_2.0_x86_64' Disabling Repo: 'VMware Photon Linux 2.0(x86_64) Updates' curl#7: Couldn't connect to server Error: Failed to synchronize cache for repo 'VMware Photon Linux 2.0(x86_64)' from 'https://dl.bintray.com/vmware/photon_release_2.0_x86_64' Disabling Repo: 'VMware Photon Linux 2.0(x86_64)' curl#7: Couldn't connect to server Error: Failed to synchronize cache for repo 'VMware Photon Extras 2.0(x86_64)' from 'https://dl.bintray.com/vmware/photon_extras_2.0_x86_64' Disabling Repo: 'VMware Photon Extras 2.0(x86_64)'
When trying to build the package cache, you can see that the the synchronization fails to specific HTTPS locations over port 443.
After having a quick look through the Photon administration guide, I was surprised to see that there wasn’t anything regarding proxy configuration listed – at least not at the time of writing. Doing some digging online turned up several possibilities. There seems to be numerous places in which a proxy can be defined – including in the kubernetes configuration, or specifically for the tdnf package manager.
The simplest way to get your proxy configured for tdnf, as well as other tools like WGET and Curl is to define a system-wide proxy. You’ll find the relevant configuration in the /etc/sysconfig/proxy file:
root@photon-machine [ ~ ]# ls -lha /etc/sysconfig/ total 20K drwxr-xr-x 2 root root 4.0K Mar 5 17:01 . drwxr-xr-x 33 root root 4.0K Mar 5 17:36 .. -rw-r--r-- 1 root root 189 Oct 26 01:09 clock -rw-r--r-- 1 root root 272 Oct 26 01:09 console -rw-r--r-- 1 root root 770 Mar 5 18:35 proxy
There are at least three settings you’ll likely want to change in this file. You’ll need to set PROXY_ENABLED to “yes” and then define an HTTP and HTTPS proxy. Remember that tdnf’s default repositories use HTTPS, so you will need to define an HTTPS proxy for package installation.
Here is what my /etc/sysconfig/proxy file looks like after making the necessary changes:
# Enable a generation of the proxy settings to the profile. # This setting allows to turn the proxy on and off while # preserving the particular proxy setup. # PROXY_ENABLED="yes" # Some programs (e.g. wget) support proxies, if set in # the environment. # Example: HTTP_PROXY="http://proxy.provider.de:3128/" HTTP_PROXY="http://pfsense.lab.local:3128" # Example: HTTPS_PROXY="https://proxy.provider.de:3128/" HTTPS_PROXY="http://pfsense.lab.local:3128" # Example: FTP_PROXY="http://proxy.provider.de:3128/" FTP_PROXY="" # Example: GOPHER_PROXY="http://proxy.provider.de:3128/" GOPHER_PROXY="" # Example: SOCKS_PROXY="socks://proxy.example.com:8080" SOCKS_PROXY="" # Example: SOCKS5_SERVER="office-proxy.example.com:8881" SOCKS5_SERVER="" # Example: NO_PROXY="www.me.de, do.main, localhost" NO_PROXY="localhost, 127.0.0.1, lab.local"
Focusing only on the lines I changed:
PROXY_ENABLED="yes" HTTP_PROXY=http://pfsense.lab.local:3128 HTTPS_PROXY=http://pfsense.lab.local:3128 NO_PROXY="localhost, 127.0.0.1, lab.local"
Notice that for an HTTPS proxy I use http in the address and the same port number. I do not use https as the example in the file implies. With squid, everything funnels through port 3128, including both HTTP and HTTPS so the config is the same for both. This may vary depending on the type or proxy you use.
Also, it’s worth mentioning that you should add your internal domain suffix to the NO_PROXY entry. This ensures that traffic destined to internal addresses won’t get forwarded to the proxy. In my case, I added lab.local.
In my testing, doing a systemctl restart system-networkd as you normally would for IP address changes does not make the change take effect. I’m sure there is some way to refresh the configuration but I just did a quick reboot. After that, I was able to install packages using tdnf without issue.
root@photon-machine [ ~ ]# tdnf repolist repo id repo name status photon-updates VMware Photon Linux 2.0(x86_64) Updates enabled photon VMware Photon Linux 2.0(x86_64) enabled photon-extras VMware Photon Extras 2.0(x86_64) enabled root@photon-machine [ ~ ]# tdnf makecache Refreshing metadata for: 'VMware Photon Linux 2.0(x86_64) Updates' Refreshing metadata for: 'VMware Photon Linux 2.0(x86_64)' Refreshing metadata for: 'VMware Photon Extras 2.0(x86_64)' Metadata cache created. 106 100% root@photon-machine [ ~ ]# tdnf install iputils Installing: iputils x86_64 20151218-4.ph2 photon 262.51k 268810 Total installed size: 262.51k 268810 Is this ok [y/N]:y Downloading: iputils 129855 100% Testing transaction Running transaction Installing/Updating: iputils-20151218-4.ph2.x86_64 Complete!