Given a MAAS installation which needs a proxy to reach the Internet, and a LAN accessible Vault installation, MAAS will erroneously try to reach the Vault server via the proxy.
This can be seen in the system-tests, with the addition of a logger.exception()
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/maasserver/vault.py", line 37, in wrapper
return func(*args, **kwargs)
File "/usr/lib/python3/dist-packages/maasserver/vault.py", line 92, in get
self._ensure_auth()
File "/usr/lib/python3/dist-packages/maasserver/vault.py", line 129, in _ensure_auth
self._client.auth.approle.login(
File "/usr/lib/python3/dist-packages/hvac/api/auth_methods/approle.py", line 494, in login
return self._adapter.login(
File "/usr/lib/python3/dist-packages/hvac/adapters.py", line 197, in login
response = self.post(url, **kwargs)
File "/usr/lib/python3/dist-packages/hvac/adapters.py", line 126, in post
return self.request("post", url, **kwargs)
File "/usr/lib/python3/dist-packages/hvac/adapters.py", line 364, in request
response = super(JSONAdapter, self).request(*args, **kwargs)
File "/usr/lib/python3/dist-packages/hvac/adapters.py", line 313, in request
response = self.session.request(
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 510, in send
raise ProxyError(e, request=request)
requests.exceptions.ProxyError: HTTPSConnectionPool(host='maas-system-maas', port=8200): Max retries exceeded with url: /v1/auth/approle/login (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel co
nnection failed: 403 Forbidden')))
The first fix was not sufficient, which isn't that surprising - the code for pulling in images is setting global environment variables that affect the whole process :/
Revised attempt (and still not a complete fix, but it's better) is in https:/