containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12748 from flouthoc/ign_add_proxy_vars 

ignition: set `HTTP` proxy variable and `SSL_CERT_FILE` from `host` -> `machine`.
This commit is contained in:
OpenShift Merge Robot 2022-01-11 16:30:10 +01:00 committed by GitHub
parent 76212917c4 a95c01e0e4
commit 4db1affda6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 104 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
pkg/machine/ignition.go
View File

@ -10,6 +10,7 @@ import (
"os" "os"
"path/filepath" "path/filepath"
"github.com/containers/common/pkg/config"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
) )
@ -340,6 +341,24 @@ machine_enabled=true
}, },
}) })
setProxyOpts := getProxyVariables()
if setProxyOpts != "" {
files = append(files, File{
Node: Node{
Group: getNodeGrp("root"),
Path: "/etc/profile.d/proxy-opts.sh",
User: getNodeUsr("root"),
},
FileEmbedded1: FileEmbedded1{
Append: nil,
Contents: Resource{
Source: encodeDataURLPtr(setProxyOpts),
},
Mode: intToPtr(0644),
},
})
}
setDockerHost := `export DOCKER_HOST="unix://$(podman info -f "{{.Host.RemoteSocket.Path}}")" setDockerHost := `export DOCKER_HOST="unix://$(podman info -f "{{.Host.RemoteSocket.Path}}")"
` `
@ -365,21 +384,47 @@ machine_enabled=true
return files return files
} }
certFiles := getCerts(filepath.Join(userHome, ".config/containers/certs.d")) certFiles := getCerts(filepath.Join(userHome, ".config/containers/certs.d"), true)
files = append(files, certFiles...) files = append(files, certFiles...)
certFiles = getCerts(filepath.Join(userHome, ".config/docker/certs.d")) certFiles = getCerts(filepath.Join(userHome, ".config/docker/certs.d"), true)
files = append(files, certFiles...) files = append(files, certFiles...)
if sslCertFile, ok := os.LookupEnv("SSL_CERT_FILE"); ok {
if _, err := os.Stat(sslCertFile); err == nil {
certFiles = getCerts(sslCertFile, false)
files = append(files, certFiles...)
if len(certFiles) > 0 {
setSSLCertFile := fmt.Sprintf("export %s=%s", "SSL_CERT_FILE", filepath.Join("/etc/containers/certs.d", filepath.Base(sslCertFile)))
files = append(files, File{
Node: Node{
Group: getNodeGrp("root"),
Path: "/etc/profile.d/ssl_cert_file.sh",
User: getNodeUsr("root"),
},
FileEmbedded1: FileEmbedded1{
Append: nil,
Contents: Resource{
Source: encodeDataURLPtr(setSSLCertFile),
},
Mode: intToPtr(0644),
},
})
}
}
}
return files return files
} }
func getCerts(certsDir string) []File { func getCerts(certsDir string, isDir bool) []File {
var ( var (
files []File files []File
) )
certs, err := ioutil.ReadDir(certsDir) certs, err := ioutil.ReadDir(certsDir)
if isDir {
if err == nil { if err == nil {
for _, cert := range certs { for _, cert := range certs {
b, err := ioutil.ReadFile(filepath.Join(certsDir, cert.Name())) b, err := ioutil.ReadFile(filepath.Join(certsDir, cert.Name()))
@ -407,10 +452,42 @@ func getCerts(certsDir string) []File {
logrus.Warnf("Unable to copy certs via ignition, error while reading certs from %s: %s", certsDir, err.Error()) logrus.Warnf("Unable to copy certs via ignition, error while reading certs from %s: %s", certsDir, err.Error())
} }
} }
} else {
fileName := filepath.Base(certsDir)
b, err := ioutil.ReadFile(certsDir)
if err != nil {
logrus.Warnf("Unable to read cert file %s", err.Error())
return files
}
files = append(files, File{
Node: Node{
Group: getNodeGrp("root"),
Path: filepath.Join("/etc/containers/certs.d/", fileName),
User: getNodeUsr("root"),
},
FileEmbedded1: FileEmbedded1{
Append: nil,
Contents: Resource{
Source: encodeDataURLPtr(string(b)),
},
Mode: intToPtr(0644),
},
})
}
return files return files
} }
func getProxyVariables() string {
proxyOpts := ""
for _, variable := range config.ProxyEnv {
if value, ok := os.LookupEnv(variable); ok {
proxyOpts += fmt.Sprintf("\n export %s=%s", variable, value)
}
}
return proxyOpts
}
func getLinks(usrName string) []Link { func getLinks(usrName string) []Link {
return []Link{{ return []Link{{
Node: Node{ Node: Node{

12
pkg/specgen/generate/container.go
View File

@ -7,6 +7,7 @@ import (
"time" "time"
"github.com/containers/common/libimage" "github.com/containers/common/libimage"
"github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/libpod"
"github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/libpod/define"
ann "github.com/containers/podman/v3/pkg/annotations" ann "github.com/containers/podman/v3/pkg/annotations"
@ -126,16 +127,7 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
if s.EnvHost { if s.EnvHost {
defaultEnvs = envLib.Join(defaultEnvs, osEnv) defaultEnvs = envLib.Join(defaultEnvs, osEnv)
} else if s.HTTPProxy { } else if s.HTTPProxy {
for _, envSpec := range []string{ for _, envSpec := range config.ProxyEnv {
"http_proxy",
"HTTP_PROXY",
"https_proxy",
"HTTPS_PROXY",
"ftp_proxy",
"FTP_PROXY",
"no_proxy",
"NO_PROXY",
} {
if v, ok := osEnv[envSpec]; ok { if v, ok := osEnv[envSpec]; ok {
defaultEnvs[envSpec] = v defaultEnvs[envSpec] = v
} }