Proxy Configuration Question

asked 2016-03-17 15:33:14 -0500

DarylW gravatar image

We are in an environment where our puppet master is in the same VPC as the agents, and there is an external resource needed by our facter facts.

I have seen similar issues with the master being in the network, and the puppet forge being behind a proxy, which means that using the httpproxy parameter in the puppet.conf causes the master lookup to fail, but the puppet module install command to succeed in reaching the forge, due to a lack of a 'noproxy' or excludes option in the configuration

Has anyone else tackled this problem? I see two solutions

  1. Every factor fact sources it's own proxy information from somewhere.. In our case, we are in multiple environments with different proxy values, so hardcoding it into the fact is out of the question. We could manage a file based fact with the proxy information in it, and look that up in our other facts.

  2. We modify the puppet daemon's init script to source our proxy parameters (including our no_proxy value). This works, but there isn't a clean way to do this. Right now I am using a file line to add the sourcing near the head of the file. It would be nice if the init script sourced some external location for env vars, as I've seen done in other cases.

e.g /etc/init.d/rsyslog has a block like the following, which allows you to create a file named /etc/sysconfig/rsyslog with any appropriate environment setup.

# Source config
if [ -f /etc/sysconfig/$prog ] ; then
   . /etc/sysconfig/$prog

Does anyone have a cleaner way of solving this problem? The cleanest would be if puppet had a no_proxy or an excludes option in their puppet config.

edit retag flag offensive close merge delete