mirror of
https://github.com/openshift/installer.git
synced 2026-02-05 15:47:14 +01:00
Add proxy configuration to bootstrap node
Modification of `bootstrapTemplateData` struct to include proxy requirements. Modification of `getTemplateData` and `addStorageFiles` to support proxy Modification of proxy manifests Added: - /etc/profile.d/proxy.sh.template - /etc/systemd/system.conf.d/10-default-env.conf.template
This commit is contained in:
Joseph Callen
11
data/data/bootstrap/files/etc/profile.d/proxy.sh.template
Normal file
11
data/data/bootstrap/files/etc/profile.d/proxy.sh.template
Normal file
@@ -0,0 +1,11 @@
|
||||
{{if .Proxy -}}
|
||||
{{if .Proxy.HTTPProxy -}}
|
||||
export HTTP_PROXY="{{.Proxy.HTTPProxy}}"
|
||||
{{end -}}
|
||||
{{if .Proxy.HTTPSProxy -}}
|
||||
export HTTPS_PROXY="{{.Proxy.HTTPSProxy}}"
|
||||
{{end -}}
|
||||
{{if .Proxy.NoProxy -}}
|
||||
export NO_PROXY="{{.Proxy.NoProxy}}"
|
||||
{{end -}}
|
||||
{{end -}}
|
||||
@@ -0,0 +1,12 @@
|
||||
{{if .Proxy -}}
|
||||
[Manager]
|
||||
{{if .Proxy.HTTPProxy -}}
|
||||
DefaultEnvironment=HTTP_PROXY="{{.Proxy.HTTPProxy}}"
|
||||
{{end -}}
|
||||
{{if .Proxy.HTTPSProxy -}}
|
||||
DefaultEnvironment=HTTPS_PROXY="{{.Proxy.HTTPSProxy}}"
|
||||
{{end -}}
|
||||
{{if .Proxy.NoProxy -}}
|
||||
DefaultEnvironment=NO_PROXY="{{.Proxy.NoProxy}}"
|
||||
{{end -}}
|
||||
{{end -}}
|
||||
51
docs/dev/proxy.md
Normal file
51
docs/dev/proxy.md
Normal file
@@ -0,0 +1,51 @@
|
||||
### Proxy Testing
|
||||
|
||||
This will create an extremely basic configuration of squid to support
|
||||
the testing of authenticated proxy with `openshift-install`.
|
||||
|
||||
NOTE: Make sure TCP/3128 is open
|
||||
|
||||
|
||||
- Create directories and configuration files
|
||||
```
|
||||
mkdir -p /srv/squid/{etc,cache}
|
||||
htpasswd -c /srv/squid/etc/passwords <username>
|
||||
|
||||
cat << EOF > /srv/squid/etc/squid.conf
|
||||
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwords
|
||||
auth_param basic realm proxy
|
||||
acl authenticated proxy_auth REQUIRED
|
||||
http_access allow authenticated
|
||||
http_port 3128
|
||||
cache_dir ufs /var/spool/squid 100 16 256
|
||||
coredump_dir /var/spool/squid
|
||||
EOF
|
||||
|
||||
chcon -Rt svirt_sandbox_file_t /srv/squid/
|
||||
```
|
||||
|
||||
- Start container
|
||||
```
|
||||
URL=docker.io/datadog/squid:latest
|
||||
SQUID_CACHE_PATH=/srv/squid/cache
|
||||
SQUID_ETC_PATH=/srv/squid/etc
|
||||
|
||||
podman pull ${URL}
|
||||
podman rm -f squid
|
||||
|
||||
podman run --name squid -d -p 3128:3128 \
|
||||
--volume ${SQUID_CACHE_PATH}:/var/spool/squid:Z \
|
||||
--volume ${SQUID_ETC_PATH}:/etc/squid:Z \
|
||||
${URL}
|
||||
```
|
||||
|
||||
- install-config.yaml snipit
|
||||
|
||||
```yaml
|
||||
---
|
||||
apiVersion: v1
|
||||
baseDomain: devcluster.openshift.com
|
||||
proxy:
|
||||
httpsProxy: "http://username:password@proxy:port"
|
||||
httpProxy: "http://username:password@proxy:port"
|
||||
```
|
||||
@@ -14,6 +14,7 @@ import (
|
||||
|
||||
"github.com/coreos/ignition/config/util"
|
||||
igntypes "github.com/coreos/ignition/config/v2_2/types"
|
||||
configv1 "github.com/openshift/api/config/v1"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/sirupsen/logrus"
|
||||
|
||||
@@ -40,6 +41,7 @@ type bootstrapTemplateData struct {
|
||||
EtcdCluster string
|
||||
PullSecret string
|
||||
ReleaseImage string
|
||||
Proxy *configv1.ProxyStatus
|
||||
}
|
||||
|
||||
// Bootstrap is an asset that generates the ignition config for bootstrap nodes.
|
||||
@@ -60,6 +62,7 @@ func (a *Bootstrap) Dependencies() []asset.Asset {
|
||||
&machines.Worker{},
|
||||
&manifests.Manifests{},
|
||||
&manifests.Openshift{},
|
||||
&manifests.Proxy{},
|
||||
&tls.AdminKubeConfigCABundle{},
|
||||
&tls.AggregatorCA{},
|
||||
&tls.AggregatorCABundle{},
|
||||
@@ -106,9 +109,11 @@ func (a *Bootstrap) Dependencies() []asset.Asset {
|
||||
// Generate generates the ignition config for the Bootstrap asset.
|
||||
func (a *Bootstrap) Generate(dependencies asset.Parents) error {
|
||||
installConfig := &installconfig.InstallConfig{}
|
||||
dependencies.Get(installConfig)
|
||||
proxy := &manifests.Proxy{}
|
||||
dependencies.Get(installConfig, proxy)
|
||||
|
||||
templateData, err := a.getTemplateData(installConfig.Config, proxy.Config)
|
||||
|
||||
templateData, err := a.getTemplateData(installConfig.Config)
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "failed to get bootstrap templates")
|
||||
}
|
||||
@@ -160,8 +165,9 @@ func (a *Bootstrap) Files() []*asset.File {
|
||||
}
|
||||
|
||||
// getTemplateData returns the data to use to execute bootstrap templates.
|
||||
func (a *Bootstrap) getTemplateData(installConfig *types.InstallConfig) (*bootstrapTemplateData, error) {
|
||||
func (a *Bootstrap) getTemplateData(installConfig *types.InstallConfig, proxy *configv1.Proxy) (*bootstrapTemplateData, error) {
|
||||
etcdEndpoints := make([]string, *installConfig.ControlPlane.Replicas)
|
||||
|
||||
for i := range etcdEndpoints {
|
||||
etcdEndpoints[i] = fmt.Sprintf("https://etcd-%d.%s:2379", i, installConfig.ClusterDomain())
|
||||
}
|
||||
@@ -183,6 +189,7 @@ func (a *Bootstrap) getTemplateData(installConfig *types.InstallConfig) (*bootst
|
||||
PullSecret: installConfig.PullSecret,
|
||||
ReleaseImage: releaseImage,
|
||||
EtcdCluster: strings.Join(etcdEndpoints, ","),
|
||||
Proxy: &proxy.Status,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
||||
@@ -21,6 +21,7 @@ var proxyCfgFilename = filepath.Join(manifestDir, "cluster-proxy-01-config.yaml"
|
||||
// Proxy generates the cluster-proxy-*.yml files.
|
||||
type Proxy struct {
|
||||
FileList []*asset.File
|
||||
Config *configv1.Proxy
|
||||
}
|
||||
|
||||
var _ asset.WritableAsset = (*Proxy)(nil)
|
||||
@@ -45,7 +46,7 @@ func (p *Proxy) Generate(dependencies asset.Parents) error {
|
||||
network := &Networking{}
|
||||
dependencies.Get(installConfig, network)
|
||||
|
||||
config := &configv1.Proxy{
|
||||
p.Config = &configv1.Proxy{
|
||||
TypeMeta: metav1.TypeMeta{
|
||||
APIVersion: configv1.SchemeGroupVersion.String(),
|
||||
Kind: "Proxy",
|
||||
@@ -57,26 +58,26 @@ func (p *Proxy) Generate(dependencies asset.Parents) error {
|
||||
}
|
||||
|
||||
if installConfig.Config.Proxy != nil {
|
||||
config.Spec = configv1.ProxySpec{
|
||||
p.Config.Spec = configv1.ProxySpec{
|
||||
HTTPProxy: installConfig.Config.Proxy.HTTPProxy,
|
||||
HTTPSProxy: installConfig.Config.Proxy.HTTPSProxy,
|
||||
NoProxy: installConfig.Config.Proxy.NoProxy,
|
||||
}
|
||||
}
|
||||
|
||||
if config.Spec.HTTPProxy != "" || config.Spec.HTTPSProxy != "" {
|
||||
if p.Config.Spec.HTTPProxy != "" || p.Config.Spec.HTTPSProxy != "" {
|
||||
noProxy, err := createNoProxy(installConfig, network)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
config.Status = configv1.ProxyStatus{
|
||||
p.Config.Status = configv1.ProxyStatus{
|
||||
HTTPProxy: installConfig.Config.Proxy.HTTPProxy,
|
||||
HTTPSProxy: installConfig.Config.Proxy.HTTPSProxy,
|
||||
NoProxy: noProxy,
|
||||
}
|
||||
}
|
||||
|
||||
configData, err := yaml.Marshal(config)
|
||||
configData, err := yaml.Marshal(p.Config)
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "failed to create %s manifests from InstallConfig", p.Name())
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user