diff --git a/data/data/bootstrap/files/etc/profile.d/proxy.sh.template b/data/data/bootstrap/files/etc/profile.d/proxy.sh.template new file mode 100644 index 0000000000..21c5982ade --- /dev/null +++ b/data/data/bootstrap/files/etc/profile.d/proxy.sh.template @@ -0,0 +1,11 @@ +{{if .Proxy -}} +{{if .Proxy.HTTPProxy -}} +export HTTP_PROXY="{{.Proxy.HTTPProxy}}" +{{end -}} +{{if .Proxy.HTTPSProxy -}} +export HTTPS_PROXY="{{.Proxy.HTTPSProxy}}" +{{end -}} +{{if .Proxy.NoProxy -}} +export NO_PROXY="{{.Proxy.NoProxy}}" +{{end -}} +{{end -}} \ No newline at end of file diff --git a/data/data/bootstrap/files/etc/systemd/system.conf.d/10-default-env.conf.template b/data/data/bootstrap/files/etc/systemd/system.conf.d/10-default-env.conf.template new file mode 100644 index 0000000000..ca543da071 --- /dev/null +++ b/data/data/bootstrap/files/etc/systemd/system.conf.d/10-default-env.conf.template @@ -0,0 +1,12 @@ +{{if .Proxy -}} +[Manager] +{{if .Proxy.HTTPProxy -}} +DefaultEnvironment=HTTP_PROXY="{{.Proxy.HTTPProxy}}" +{{end -}} +{{if .Proxy.HTTPSProxy -}} +DefaultEnvironment=HTTPS_PROXY="{{.Proxy.HTTPSProxy}}" +{{end -}} +{{if .Proxy.NoProxy -}} +DefaultEnvironment=NO_PROXY="{{.Proxy.NoProxy}}" +{{end -}} +{{end -}} \ No newline at end of file diff --git a/docs/dev/proxy.md b/docs/dev/proxy.md new file mode 100644 index 0000000000..1ffee9d935 --- /dev/null +++ b/docs/dev/proxy.md @@ -0,0 +1,51 @@ +### Proxy Testing + +This will create an extremely basic configuration of squid to support +the testing of authenticated proxy with `openshift-install`. + +NOTE: Make sure TCP/3128 is open + + +- Create directories and configuration files +``` +mkdir -p /srv/squid/{etc,cache} +htpasswd -c /srv/squid/etc/passwords + +cat << EOF > /srv/squid/etc/squid.conf +auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwords +auth_param basic realm proxy +acl authenticated proxy_auth REQUIRED +http_access allow authenticated +http_port 3128 +cache_dir ufs /var/spool/squid 100 16 256 +coredump_dir /var/spool/squid +EOF + +chcon -Rt svirt_sandbox_file_t /srv/squid/ +``` + +- Start container +``` +URL=docker.io/datadog/squid:latest +SQUID_CACHE_PATH=/srv/squid/cache +SQUID_ETC_PATH=/srv/squid/etc + +podman pull ${URL} +podman rm -f squid + +podman run --name squid -d -p 3128:3128 \ + --volume ${SQUID_CACHE_PATH}:/var/spool/squid:Z \ + --volume ${SQUID_ETC_PATH}:/etc/squid:Z \ + ${URL} +``` + +- install-config.yaml snipit + +```yaml +--- +apiVersion: v1 +baseDomain: devcluster.openshift.com +proxy: + httpsProxy: "http://username:password@proxy:port" + httpProxy: "http://username:password@proxy:port" +``` diff --git a/pkg/asset/ignition/bootstrap/bootstrap.go b/pkg/asset/ignition/bootstrap/bootstrap.go index 2ecc6465f7..c6f5a0d795 100644 --- a/pkg/asset/ignition/bootstrap/bootstrap.go +++ b/pkg/asset/ignition/bootstrap/bootstrap.go @@ -14,6 +14,7 @@ import ( "github.com/coreos/ignition/config/util" igntypes "github.com/coreos/ignition/config/v2_2/types" + configv1 "github.com/openshift/api/config/v1" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -40,6 +41,7 @@ type bootstrapTemplateData struct { EtcdCluster string PullSecret string ReleaseImage string + Proxy *configv1.ProxyStatus } // Bootstrap is an asset that generates the ignition config for bootstrap nodes. @@ -60,6 +62,7 @@ func (a *Bootstrap) Dependencies() []asset.Asset { &machines.Worker{}, &manifests.Manifests{}, &manifests.Openshift{}, + &manifests.Proxy{}, &tls.AdminKubeConfigCABundle{}, &tls.AggregatorCA{}, &tls.AggregatorCABundle{}, @@ -106,9 +109,11 @@ func (a *Bootstrap) Dependencies() []asset.Asset { // Generate generates the ignition config for the Bootstrap asset. func (a *Bootstrap) Generate(dependencies asset.Parents) error { installConfig := &installconfig.InstallConfig{} - dependencies.Get(installConfig) + proxy := &manifests.Proxy{} + dependencies.Get(installConfig, proxy) + + templateData, err := a.getTemplateData(installConfig.Config, proxy.Config) - templateData, err := a.getTemplateData(installConfig.Config) if err != nil { return errors.Wrap(err, "failed to get bootstrap templates") } @@ -160,8 +165,9 @@ func (a *Bootstrap) Files() []*asset.File { } // getTemplateData returns the data to use to execute bootstrap templates. -func (a *Bootstrap) getTemplateData(installConfig *types.InstallConfig) (*bootstrapTemplateData, error) { +func (a *Bootstrap) getTemplateData(installConfig *types.InstallConfig, proxy *configv1.Proxy) (*bootstrapTemplateData, error) { etcdEndpoints := make([]string, *installConfig.ControlPlane.Replicas) + for i := range etcdEndpoints { etcdEndpoints[i] = fmt.Sprintf("https://etcd-%d.%s:2379", i, installConfig.ClusterDomain()) } @@ -183,6 +189,7 @@ func (a *Bootstrap) getTemplateData(installConfig *types.InstallConfig) (*bootst PullSecret: installConfig.PullSecret, ReleaseImage: releaseImage, EtcdCluster: strings.Join(etcdEndpoints, ","), + Proxy: &proxy.Status, }, nil } diff --git a/pkg/asset/manifests/proxy.go b/pkg/asset/manifests/proxy.go index cf9a051a82..2f9af83836 100644 --- a/pkg/asset/manifests/proxy.go +++ b/pkg/asset/manifests/proxy.go @@ -21,6 +21,7 @@ var proxyCfgFilename = filepath.Join(manifestDir, "cluster-proxy-01-config.yaml" // Proxy generates the cluster-proxy-*.yml files. type Proxy struct { FileList []*asset.File + Config *configv1.Proxy } var _ asset.WritableAsset = (*Proxy)(nil) @@ -45,7 +46,7 @@ func (p *Proxy) Generate(dependencies asset.Parents) error { network := &Networking{} dependencies.Get(installConfig, network) - config := &configv1.Proxy{ + p.Config = &configv1.Proxy{ TypeMeta: metav1.TypeMeta{ APIVersion: configv1.SchemeGroupVersion.String(), Kind: "Proxy", @@ -57,26 +58,26 @@ func (p *Proxy) Generate(dependencies asset.Parents) error { } if installConfig.Config.Proxy != nil { - config.Spec = configv1.ProxySpec{ + p.Config.Spec = configv1.ProxySpec{ HTTPProxy: installConfig.Config.Proxy.HTTPProxy, HTTPSProxy: installConfig.Config.Proxy.HTTPSProxy, NoProxy: installConfig.Config.Proxy.NoProxy, } } - if config.Spec.HTTPProxy != "" || config.Spec.HTTPSProxy != "" { + if p.Config.Spec.HTTPProxy != "" || p.Config.Spec.HTTPSProxy != "" { noProxy, err := createNoProxy(installConfig, network) if err != nil { return err } - config.Status = configv1.ProxyStatus{ + p.Config.Status = configv1.ProxyStatus{ HTTPProxy: installConfig.Config.Proxy.HTTPProxy, HTTPSProxy: installConfig.Config.Proxy.HTTPSProxy, NoProxy: noProxy, } } - configData, err := yaml.Marshal(config) + configData, err := yaml.Marshal(p.Config) if err != nil { return errors.Wrapf(err, "failed to create %s manifests from InstallConfig", p.Name()) }