Skip to content

Add support for configuring proxy settings #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jul 7, 2022
Merged

Add support for configuring proxy settings #18

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bc66f63
Add support for configuring proxy settings
priteau Oct 19, 2021
29b1611
proxy: add ansible issue 8743 workaround
markgoddard Apr 11, 2022
829f87b
Fix no_proxy configuration
priteau Apr 19, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions ansible/group_vars/all/kolla
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -675,3 +675,18 @@ kolla_internal_tls_cert:
# in admin-openrc.sh file when TLS is enabled, instead of Kolla-Ansible's
# default.
kolla_internal_fqdn_cacert:

###############################################################################
# Proxy configuration

# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
# Kolla. Default value is "{{ http_proxy }}".
kolla_http_proxy: "{{ http_proxy }}"

# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
# Kolla. Default value is "{{ https_proxy }}".
kolla_https_proxy: "{{ https_proxy }}"

# List of domains, hostnames, IP addresses and networks for which no proxy is
# used. Default value is "{{ no_proxy }}".
kolla_no_proxy: "{{ no_proxy }}"
21 changes: 21 additions & 0 deletions ansible/group_vars/all/proxy
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
###############################################################################
# Configuration of HTTP(S) proxies.

# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port). By
# default no proxy is used.
http_proxy: ""

# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port). By
# default no proxy is used.
https_proxy: ""

# List of domains, hostnames, IP addresses and networks for which no proxy is
# used. Defaults to ["127.0.0.1", "localhost", "{{ ('http://' ~
# docker_registry) | urlsplit('hostname') }}"] if docker_registry is set, or
# ["127.0.0.1", "localhost"] otherwise. This is configured only if either
# http_proxy or https_proxy is set.
no_proxy:
- "127.0.0.1"
- "localhost"
- "{{ ('http://' ~ docker_registry) | urlsplit('hostname') if docker_registry else '' }}"
41 changes: 41 additions & 0 deletions ansible/proxy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
- name: Configure HTTP(S) proxy settings
hosts: seed-hypervisor:seed:overcloud:infra-vms
vars:
ansible_python_interpreter: /usr/bin/python3
tags:
- proxy
tasks:
- name: Add HTTP proxy configuration to /etc/environment
lineinfile:
path: "/etc/environment"
create: yes
mode: 0644
state: present
regexp: "^http_proxy=.*"
line: "http_proxy={{ http_proxy }}"
become: True
when: http_proxy | length > 0

- name: Add HTTPS proxy configuration to /etc/environment
lineinfile:
path: "/etc/environment"
create: yes
mode: 0644
state: present
regexp: "^https_proxy=.*"
line: "https_proxy={{ https_proxy }}"
become: True
when: https_proxy | length > 0

- name: Add no_proxy configuration to /etc/environment
lineinfile:
path: "/etc/environment"
create: yes
mode: 0644
state: present
regexp: "^no_proxy=.*"
line: "no_proxy={{ no_proxy | select | join(',') }}"
become: True
when:
- no_proxy | length > 0
- http_proxy | length > 0 or https_proxy | length > 0
14 changes: 13 additions & 1 deletion ansible/roles/kolla-ansible/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,6 @@ kolla_external_vip_address:
# kolla_external_vip_address.
kolla_external_fqdn:


####################
# Networking options
####################
Expand Down Expand Up @@ -312,3 +311,16 @@ docker_daemon_mtu: 1500

# Enable live-restore on docker daemon
docker_daemon_live_restore: false

###############################################################################
# Proxy configuration

# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port).
kolla_http_proxy:

# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port).
kolla_https_proxy:

# List of domains, hostnames, IP addresses and networks for which no proxy is
# used.
kolla_no_proxy:
21 changes: 21 additions & 0 deletions ansible/roles/kolla-ansible/templates/kolla/globals.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,17 @@ kolla_external_vip_address: "{{ kolla_external_vip_address }}"
kolla_external_fqdn: "{{ kolla_external_fqdn }}"
{% endif %}

# Proxy settings for containers such as magnum that need Internet access
{% if kolla_http_proxy is not none and kolla_http_proxy | length > 0 %}
container_http_proxy: "{{ kolla_http_proxy }}"
{% endif %}
{% if kolla_https_proxy is not none and kolla_https_proxy | length > 0 %}
container_https_proxy: "{{ kolla_https_proxy }}"
{% endif %}
{% if kolla_no_proxy is not none and kolla_no_proxy | length > 0 %}
container_no_proxy: "{{ kolla_no_proxy | select | join(',') }}"
{% endif %}

################
# Docker options
################
Expand All @@ -66,6 +77,16 @@ docker_registry_username: "{{ kolla_docker_registry_username }}"
docker_storage_driver: "{{ docker_storage_driver }}"
docker_custom_config: {{ kolla_docker_custom_config | to_nice_json | indent(2) }}

{% if kolla_http_proxy is not none and kolla_http_proxy | length > 0 %}
docker_http_proxy: "{{ kolla_http_proxy }}"
{% endif %}
{% if kolla_https_proxy is not none and kolla_https_proxy | length > 0 %}
docker_https_proxy: "{{ kolla_https_proxy }}"
{% endif %}
{% if kolla_no_proxy is not none and kolla_no_proxy | length > 0 %}
docker_no_proxy: "{{ kolla_no_proxy | select | join(',') }}"
{% endif %}

#docker_configure_for_zun: "no"

###################
Expand Down
15 changes: 15 additions & 0 deletions etc/kayobe/kolla.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,21 @@
# default.
#kolla_internal_fqdn_cacert:

###############################################################################
# Proxy configuration

# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
# Kolla. Default value is "{{ http_proxy }}".
#kolla_http_proxy:

# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
# Kolla. Default value is "{{ https_proxy }}".
#kolla_https_proxy:

# List of domains, hostnames, IP addresses and networks for which no proxy is
# used. Default value is "{{ no_proxy }}".
#kolla_no_proxy:

###############################################################################
# Dummy variable to allow Ansible to accept this file.
workaround_ansible_issue_8743: yes
22 changes: 22 additions & 0 deletions etc/kayobe/proxy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
###############################################################################
# Configuration of HTTP(S) proxies.

# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port). By
# default no proxy is used.
#http_proxy:

# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port). By
# default no proxy is used.
#https_proxy:

# List of domains, hostnames, IP addresses and networks for which no proxy is
# used. Defaults to ["127.0.0.1", "localhost", "{{ ('http://' ~
# docker_registry) | urlsplit('hostname') }}"] if docker_registry is set, or
# ["127.0.0.1", "localhost"] otherwise. This is configured only if either
# http_proxy or https_proxy is set.
#no_proxy:

###############################################################################
# Dummy variable to allow Ansible to accept this file.
workaround_ansible_issue_8743: yes
12 changes: 8 additions & 4 deletions kayobe/cli/commands.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -409,6 +409,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
* Allocate IP addresses for all configured networks.
* Add the host to SSH known hosts.
* Configure a user account for use by kayobe for SSH access.
* Configure proxy settings.
* Configure package repos.
* Configure a PyPI mirror.
* Optionally, create a virtualenv for remote target hosts.
Expand Down Expand Up @@ -441,7 +442,7 @@ def take_action(self, parsed_args):
limit="seed-hypervisor")

playbooks = _build_playbook_list(
"ssh-known-host", "kayobe-ansible-user",
"ssh-known-host", "kayobe-ansible-user", "proxy",
"apt", "dnf", "pip", "kayobe-target-venv")
if parsed_args.wipe_disks:
playbooks += _build_playbook_list("wipe-disks")
Expand Down Expand Up @@ -557,6 +558,7 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
* Allocate IP addresses for all configured networks.
* Add the host to SSH known hosts.
* Configure a user account for use by kayobe for SSH access.
* Configure proxy settings.
* Configure package repos.
* Configure a PyPI mirror.
* Optionally, create a virtualenv for remote target hosts.
Expand Down Expand Up @@ -596,7 +598,7 @@ def take_action(self, parsed_args):

# Run kayobe playbooks.
playbooks = _build_playbook_list(
"ssh-known-host", "kayobe-ansible-user",
"ssh-known-host", "kayobe-ansible-user", "proxy",
"apt", "dnf", "pip", "kayobe-target-venv")
if parsed_args.wipe_disks:
playbooks += _build_playbook_list("wipe-disks")
Expand Down Expand Up @@ -867,6 +869,7 @@ class InfraVMHostConfigure(KayobeAnsibleMixin, VaultMixin,
* Allocate IP addresses for all configured networks.
* Add the host to SSH known hosts.
* Configure a user account for use by kayobe for SSH access.
* Configure proxy settings.
* Configure package repos.
* Configure a PyPI mirror.
* Optionally, create a virtualenv for remote target hosts.
Expand Down Expand Up @@ -901,7 +904,7 @@ def take_action(self, parsed_args):

# Kayobe playbooks.
playbooks = _build_playbook_list(
"ssh-known-host", "kayobe-ansible-user",
"ssh-known-host", "kayobe-ansible-user", "proxy",
"dnf", "pip", "kayobe-target-venv")
if parsed_args.wipe_disks:
playbooks += _build_playbook_list("wipe-disks")
Expand Down Expand Up @@ -1115,6 +1118,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
* Allocate IP addresses for all configured networks.
* Add the host to SSH known hosts.
* Configure a user account for use by kayobe for SSH access.
* Configure proxy settings.
* Configure package repos.
* Configure a PyPI mirror.
* Optionally, create a virtualenv for remote target hosts.
Expand Down Expand Up @@ -1153,7 +1157,7 @@ def take_action(self, parsed_args):

# Kayobe playbooks.
playbooks = _build_playbook_list(
"ssh-known-host", "kayobe-ansible-user",
"ssh-known-host", "kayobe-ansible-user", "proxy",
"apt", "dnf", "pip", "kayobe-target-venv")
if parsed_args.wipe_disks:
playbooks += _build_playbook_list("wipe-disks")
Expand Down
4 changes: 4 additions & 0 deletions kayobe/tests/unit/cli/test_commands.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -319,6 +319,7 @@ def test_seed_hypervisor_host_configure(self, mock_run):
utils.get_data_files_path("ansible", "ssh-known-host.yml"),
utils.get_data_files_path(
"ansible", "kayobe-ansible-user.yml"),
utils.get_data_files_path("ansible", "proxy.yml"),
utils.get_data_files_path("ansible", "apt.yml"),
utils.get_data_files_path("ansible", "dnf.yml"),
utils.get_data_files_path("ansible", "pip.yml"),
Expand Down Expand Up @@ -491,6 +492,7 @@ def test_seed_host_configure(self, mock_kolla_run, mock_run):
utils.get_data_files_path("ansible", "ssh-known-host.yml"),
utils.get_data_files_path(
"ansible", "kayobe-ansible-user.yml"),
utils.get_data_files_path("ansible", "proxy.yml"),
utils.get_data_files_path("ansible", "apt.yml"),
utils.get_data_files_path("ansible", "dnf.yml"),
utils.get_data_files_path("ansible", "pip.yml"),
Expand Down Expand Up @@ -982,6 +984,7 @@ def test_infra_vm_host_configure(self, mock_run):
utils.get_data_files_path("ansible", "ssh-known-host.yml"),
utils.get_data_files_path(
"ansible", "kayobe-ansible-user.yml"),
utils.get_data_files_path("ansible", "proxy.yml"),
utils.get_data_files_path("ansible", "dnf.yml"),
utils.get_data_files_path("ansible", "pip.yml"),
utils.get_data_files_path(
Expand Down Expand Up @@ -1259,6 +1262,7 @@ def test_overcloud_host_configure(self, mock_kolla_run, mock_run):
utils.get_data_files_path("ansible", "ssh-known-host.yml"),
utils.get_data_files_path(
"ansible", "kayobe-ansible-user.yml"),
utils.get_data_files_path("ansible", "proxy.yml"),
utils.get_data_files_path("ansible", "apt.yml"),
utils.get_data_files_path("ansible", "dnf.yml"),
utils.get_data_files_path("ansible", "pip.yml"),
Expand Down
8 changes: 8 additions & 0 deletions releasenotes/notes/proxy-settings-32911948a517b35b.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
features:
- |
Adds support for configuring HTTP(S) proxy settings using the
``http_proxy``, ``https_proxy`` and ``no_proxy`` variables in
``proxy.yml``. These variables are passed down to Kolla Ansible which uses
them to configure Docker, allowing container image pull operations and
container networking to use HTTP(S) proxies.