Announcing Snap Store Proxy Beta

We are proud to announce the availability in beta of the Snap Enterprise Proxy.

The Snap Enterprise Proxy provides an on-premise edge proxy to the Snap Store for your devices. Devices are registered with the proxy, and all communication with the Store will flow through the proxy.

Features included in the beta:

  • provides a means to access the Snap Store for devices with restricted network access;
  • allows control of snap updates on attached devices;
  • caches snap downloads;
  • provides a management interface via CLI and RESTful API.

Enterprise deployments requiring use of the proxy should contact us.

How to get it?

In the time-honoured spirit of dog-fooding we have developed the Snap Enterprise Proxy as a strictly confined snap. Run sudo snap install snapstore --beta and follow the documentation for configuring the proxy and connecting devices.

Why do I want it?

  • You have restricted network access, i.e. your devices canā€™t directly reach the Snap Store (api.snapcraft.io:443)
  • You want to control which revisions roll out to your fleet of devices

Feedback

Bugs should be filed in Launchpad. Please include the version of the Snap Enterprise Proxy, as well as the version of snapd on both the proxy and any devices affected.

12 Likes

This is great, thank you for sharing and thank you for the fantastic documentation.

I have a question and a little bit of feedback after reading the docs.

Q: is it sensible to run the proxy on my developer laptop? With my snapd developer hat on I will download and re-download core as a part of tests 100s of times a week. I can save some of my mobile data this way so I was very interested in setting this up.

Feedback: the documentation, specifically here, shows how to configure the snap proxy itself. I was surprised it doesnā€™t use the configure hook and the snap set snapstore some.thing=value syntax. Is this deliberate or just an omission?

2 Likes

Iā€™m guessing that this is proprietary software, then. I didnā€™t see any evidence of this on LP or GitHubā€¦

2 Likes

Yes, very much so. I run it in an LXD on my desktop and use it for my host, and other LXDs.

Keep your eyes peeled, weā€™re working on a blog post to show how you can use cloud-init and a LXD profile to automatically configure your LXDs.

It does use the configure hook, but due to reasons outlined in Should snapctl set in apps trigger the configure hook? and a desire for a clean, consistent CLI we wrap the configure hook in our own code.

You are correct, the Snap Enterprise Proxy is proprietary.

2 Likes

Extracted from another thread, to avoid derailing the conversationā€¦

@ads20000 Is there a particular aspect of setting up the proxy that you find difficult?

Note itā€™s not solely aimed at enterprise users, but it is a commercial product that weā€™re offering, alongside other commercial products from Canonical (i.e. Landscape)

Itā€™s mostly that it seems quite involved for a desktop user to set up (not saying that snappy wants to do this but itā€™s rather involved compared to a toggle in Software & Updates on Ubuntu, for example, though perhaps I should file a bug to suggest that if this does work after considering the below).

You were suggesting that this solves the automatic refresh situation that some users consider an issue with snapd but as a desktop user I canā€™t actually satisfy the prerequisites, I donā€™t have a server, a domain name for the server, or ā€˜A PostgreSQL instance, and credentials for a user with CREATEROLE privileges, and either CREATEDB or a pre-created database with CREATE privileges on it for that userā€™. Is this possible to use just by installing on the desktop for the purpose of disabling automatic refresh? Those prerequisites donā€™t seem to cover that use-case, maybe they need tweaking? :slight_smile:

I donā€™t know the answer since I havenā€™t looked into the implementation of the proxy, but I can say from principle that the point of the proxy is not to disable refreshes, but to offer further control on it at a large scale.

Similarly, snapd itself, with no external software, offers fine tuned control over refreshes, and more and more features are coming since we got started on this.

We want to discourage disabling of refreshes, with or without proxies, because this is an obvious dead end long term.

Actually given @sparkiegeekā€™s posts earlier maybe it is possible on one computer via LXD but thereā€™s no docs on how to do so and do so in few steps so itā€™s not desktop-user-friendly and I suppose itā€™s not supposed to be as you say.

But thereā€™s no GUI in Ubuntu (or any other GNU/Linux OS, as far as Iā€™m aware) for the refresh timer feature, for example, though I have filed a bug for it.

Iā€™m glad that thereā€™s still more features coming! :blush:

2 Likes

Thanks for the bug report. Yeah, the GUI for managing snapd itself definitely needs love. The main GUI that we develop for Ubuntu packaging is Gnome Software itself, but it lacks configuration control for snapd proper right now.

Is it possible to install the snap enterprise proxy (actually called the snap-store-proxy) without a proper domain name? I know the prereqs say it is needed, but since I donā€™t have one, I am hoping there is a way so that I can try it out.

Maybe port forwarding on my NAT would work? So configuring snap proxy like so: proxy.db.connection=ā€œpostgresql://user:password@NAT_IP_ADDRESS:FORWARDED_PORT/dbā€?

The domain name only needs to be something that the devices attached to the proxy can resolve. An internal domain name is fine.

3 Likes

Itā€™s my understanding that an IP address is also valid as well. Correct?

Yes, thatā€™s correct. It needs to be something that the devices can reach.

1 Like

Would it be possible to get an armhf build of this snap? Iā€™d love to try running this on my raspberry pi. It looks like itā€™s mostly python so MAYBE itā€™d be easy to build for multiple architectures?

@bloodearnest might be able to weigh in if we have tried an armhf build or not?