Proxy settings at/prior to cloud-init runtime

amazon-web-services proxy cloud-init amazon-linux

Instances launched into our VPC in EC2 require HTTP_PROXY and partners to be set to access anything located outside the VPC.

Now I've run into a problem (using data pipeline) where I have no control over the user data passed in for cloud-config. Given the proxies are not set, I can see wget hanging (trying to connect) during the cloud-init user scripts.

Having set environment variables in /etc/environment it seems this is not read at runlevel 3 (this uses a positively ancient Amazon Linux 2013.03, and ps axf suggests it's called from runlevel 3, but I have to admit I'm not familiar with the various init daemons and their interaction with cloud-init):

 1354 ?        S      0:00  \_ /bin/bash /etc/rc3.d/S99cloud-init-user-scripts start
 1355 ?        S      0:00      \_ /usr/bin/python2.6 /usr/bin/cloud-init-run-module once-per-instance user-scripts execute run-parts /var/lib/cloud/data/scripts
 1356 ?        S      0:00          \_ /bin/bash /usr/bin/run-parts /var/lib/cloud/data/scripts
 1360 ?        S      0:00              \_ /bin/bash /var/lib/cloud/data/scripts/part-000
 1362 ?        S      0:00                  \_ wget -O remote-runner-install -N http://datapipeline-ap-southeast-2.s3.amazonaws.com/ap-southeast-2/bootstrap-actions/latest/TaskRu...
                                                \
                                                 \ This works in a login shell as I've set 
                                                   the variables in /etc/environment

Setting these variables here does not seem to work:

  • /etc/environment
  • /etc/sysconfig/cloudinit

How can I set the proxy used during cloud-init runtime?


At the moment there's no good way to add a proxy to cloud init at run time. There's an open bug about it on launchpad/cloud-init.

There are work arounds mentioned in the comments, but they are all inherently application specific (for example for yum or apt), setting the proxy variables in their configs.


user-data example for cloud-init while creating ubuntu instance in openstack:

#cloud-config
write_files:
  - path: /etc/apt/apt.conf.d/00-proxy
    permissions: 0640
    owner: root
    content: |
      Acquire::http { Proxy "http://example.com:8080"; };
      Acquire::https { Proxy "http://example.com:8080"; };
      Acquire::http::Pipeline-Depth "23";
      Acquire::Languages "none";
   
package_upgrade: true

packages:
  - wget
  - sysstat
  - screen

Related

Upgrading Tomcat 7.0 - 8.5 or 9.0?
How do untar as the current user by default?
CryptographyDeprecationWarning: Python 3.5 support will be dropped in the next release of cryptography. Please upgrade your Python
Authenticate Samba against OpenLDAP
IIS 7.5 confused between Windows Authentication and Forms Authentication
Window Server Domain DNS
DNSSEC - DNS/domain providers that enable DANE DNS records [closed]
Docker: Running a Linux distribution different from the one in the host
Roundcube restricts attachment below declared limit
How many charts are needed to cover a 2-torus?
What does $dx$ mean in differential form?
Writing a GCD of two numbers as a linear combination