Fabric Maven Repo ignores proxy.nonProxyHosts setting for new artifacts deployed from Maven
Issue
Ok, I have figured out how to reproduce.
How to reproduce.
Two boxes will be required:
- Hosting apache forward proxy (in my example - fuse3)
- Hosting FUSE fabric (in my example fuse4)
The idea is that forward proxy is behind firewall, so the only connections permitted are those FROM fabric TO proxy. Proxy is not permitted to establish new connections back to the fabric node.
FUSE 3 - Apache Proxy
install httpd.
Create /etc/httpd/conf.d/proxy.conf:
Listen *:9001
LogLevel Info
<IfModule mod_proxy.c>
ProxyRequests On
ProxyVia On
AllowCONNECT 443
AllowCONNECT 80
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
</IfModule>
Execute:
setenforce 0
service iptables stop
service httpd restart
FUSE Fabric
Edit /etc/sysconfig/iptables
After these two lines:
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
~~
Add :
-A INPUT -s
-A INPUT -s
service iptables restart.
This prevents proxy from talking back to the fabric, while permitting fabric to establish connection through proxy.
Next - replace `system/io/fabric8/fabric-git/1.0.0.redhat-379/fabric-git-1.0.0.redhat-379.jar` in jboss-fuse-full-6.1.0.redhat-379.zip (distribution) with one attached to [ENTESB-1460](https://issues.jboss.org/browse/ENTESB-1460).
Otherwise the setup will not work at all.
Installation shell script:
killall java
cd /home/tcs
rm -rf jboss-fuse-6.1.0.redhat-379
rm -rf 6.1-1
unzip jboss-fuse-full-6.1.0.redhat-379.zip
ln -s jboss-fuse-6.1.0.redhat-379 ./6.1-1
sed -i 's/#admin=admin,admin/admin=admin,admin/' /home/tcs/6.1-1/etc/users.properties
sed -i 's/karaf.name=root/karaf.name=sdc-01/' /home/tcs/6.1-1/etc/system.properties
echo "export JAVA_MIN_MEM=768M" >> /home/tcs/6.1-1/bin/setenv
echo "export JAVA_MAX_MEM=768M" >> /home/tcs/6.1-1/bin/setenv
echo "export JAVA_MAX_PERM_MEM=256M" >> /home/tcs/6.1-1/bin/setenv
rm /home/tcs/6.1-1/bin/*.bat
rm /home/tcs/.ssh/known_hosts
cd /home/tcs/6.1-1/bin/
./start
> ssh -l admin -p 8101 localhost
fabric:create --zookeeper-password manag3r --wait-for-provisioning
wait-for-provisioning
fabric:container-remove-profile sdc-01 jboss-fuse-full
wait-for-provisioning
fabric:profile-edit --pid io.fabric8.maven/proxy.host=fuse3 fabric
fabric:profile-edit --pid io.fabric8.maven/proxy.port=9001 fabric
fabric:profile-edit --pid io.fabric8.maven/proxy.protocol=http fabric
fabric:profile-edit --pid io.fabric8.maven/proxy.nonProxyHosts=fuse4 fabric
wait-for-provisioning
fabric:profile-edit --features jasypt-encryption fabric
fabric:profile-edit --features fabric-zookeeper-commands fabric
wait-for-provisioning
fabric:profile-edit --features kar default
fabric:profile-edit --features spring default
fabric:profile-edit --features spring-dm default
wait-for-provisioning
Now upload the attached file (It is an empty JAR):
mvn deploy:deploy-file -DgroupId=com.example.fuse -DartifactId=wf-nop -Dversion=1.0.6 -Dpackaging=jar -Dfile=wf-nop-1.0.6.jar -Durl=http://admin:admin@fuse4:8181/maven/upload
Back to fabric console:
fabric:profile-delete --force fail-test-6
fabric:profile-create --version 1.0 fail-test-6
fabric:profile-edit --bundles mvn:com.example.fuse/wf-nop/1.0.6 fail-test-6 1.0
fabric:profile-edit -p fail.test/property1=value fail-test-6 1.0
fabric:profile-edit -p fail.test/property2=value2 fail-test-6 1.0
container-add-profile sdc-01 fail-test-6
container-list
As you can see container-list is stuck in "downloading" mode, even though the artifact is local to the node. It is stuck at downloading mode for some time, but then the fabric fails with the following exception:
io.fabric8.agent.utils.MultiException: Error while downloading artifacts
at io.fabric8.agent.utils.AgentUtils$ArtifactDownloader.await(AgentUtils.java:314)[60:io.fabric8.fabric-agent:1.0.0.redhat-379]
at io.fabric8.agent.DeploymentBuilder.download(DeploymentBuilder.java:160)[60:io.fabric8.fabric-agent:1.0.0.redhat-379]
at io.fabric8.agent.DeploymentAgent.doUpdate(DeploymentAgent.java:503)[60:io.fabric8.fabric-agent:1.0.0.redhat-379]
at io.fabric8.agent.DeploymentAgent$2.run(DeploymentAgent.java:252)[60:io.fabric8.fabric-agent:1.0.0.redhat-379]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)[:1.7.0_51]
at java.util.concurrent.FutureTask.run(FutureTask.java:262)[:1.7.0_51]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)[:1.7.0_51]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)[:1.7.0_51]
at java.lang.Thread.run(Thread.java:744)[:1.7.0_51]
Caused by: java.io.IOException: Error downloading mvn:com.example.fuse/wf-nop/1.0.9
at io.fabric8.agent.download.AbstractDownloadTask.initIOException(AbstractDownloadTask.java:108)[60:io.fabric8.fabric-agent:1.0.0.redhat-379]
at io.fabric8.agent.download.AbstractDownloadTask.run(AbstractDownloadTask.java:88)[60:io.fabric8.fabric-agent:1.0.0.redhat-379]
... 5 more
Caused by: java.io.IOException: URL [mvn:com.example.fuse/wf-nop/1.0.9] could not be resolved.
at io.fabric8.agent.download.MavenDownloadTask.download(MavenDownloadTask.java:123)[60:io.fabric8.fabric-agent:1.0.0.redhat-379]
at io.fabric8.agent.download.AbstractDownloadTask.run(AbstractDownloadTask.java:77)[60:io.fabric8.fabric-agent:1.0.0.redhat-379]
And I can see the _PROXY_ log entry:
192.168.243.14 - - [14/May/2014:00:46:15 +1000] "GET http://fuse4:8181/maven/download/com/westfield/au/fuse/wf-nop/1.0.9/wf-nop-1.0.9.jar HTTP/1.1" 503 396 "-" "Java/1.7.0_51"
Remember - the proxy can not talk back to the fabric.
And it should not - the config explicitly sets
fabric:profile-edit --pid io.fabric8.maven/proxy.nonProxyHosts=fuse4 fabric
~~~
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.