How can I run apt commands executed by puppet through tsocks?

asked 2014-11-08 13:49:54 -0600

I'm living in Iran, and strangely, I can't access some subdomains of puppetlabs without a proxy (a linode belonging to a friend of mine living in the UK). These include 'apt', 'forge', and 'ask' for now.

I'm writing a manifest using the apt module to update the puppet version on a system. Everything works fine until it comes time to apt-get update (because the apt::source resource type updates the sources.list.d directory), and my system fails because it can't access apt.puppetlabs.com. So, I naturally thought of SSHing to a machine using autossh and then doing something like autossh -M 0 -NC -D 8888 user@host.com to open a tunneling, socks5 port and then telling apt to use that port for its http or https requests. However, I soon found out that apt doesn't support this, and I had to install tsocks. Now, when I run sudo tsocks apt-get update, all works fine. However, when I run . tsocks -on and then sudo apt-get update, the environment variable LD_PRELOAD isn't preserved because it begins with LD_*.

So, to wrap up the whole thing in a digestible package, here is the manifest.

class socksproxy {
    package { 'tsocks' :
        ensure => latest
    }

    package { 'autossh' :
        ensure => latest
    }

    file { '/etc/profile.d/socksproxy.sh' :
        ensure => 'file',
        source => 'puppet:///modules/socksproxy/socksproxy.sh'
    }

    file { '/etc/tsocks.conf' :
        ensure => 'file',
        source => 'puppet:///modules/socksproxy/tsocks.conf',
        mode => 0644
    }

    file { '/home/vagrant/.ssh/onj' :
        ensure => 'file',
        source => 'puppet:///modules/socksproxy/onj',
        mode => 600,
        owner => '1000'
    }
}

As you probably figured out, the first file is a bash script that will run at every login afaik (I'll paste the contents below). The second file is the settings for tsocks, which simply gives the host as 127.0.0.1 and the port as 8888. The third file is simply an ssh key to allow password-less logins.

Here is what the file copied to /etc/profile.d/socksproxy.sh contains:

autossh -M 0 -f -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -NC -D 8888 parham@3.onj.me -i ~/.ssh/onj

So, one solution that comes to mind is changing the command for updating (ie, the apt-get update command) to instead be sudo tsocks apt-get update. However, I'm not sure how to do this.

Any ideas?

edit retag flag offensive close merge delete