Add support for configuring proxy settings
Change-Id: Ic5130a7512d4a26354bd292b0ab51ab4a9279f0a
This commit is contained in:
parent
96a9d861cf
commit
e48960ecf2
@ -642,3 +642,18 @@ kolla_internal_tls_cert:
|
||||
# in admin-openrc.sh file when TLS is enabled, instead of Kolla-Ansible's
|
||||
# default.
|
||||
kolla_internal_fqdn_cacert:
|
||||
|
||||
###############################################################################
|
||||
# Proxy configuration
|
||||
|
||||
# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
|
||||
# Kolla. Default value is "{{ http_proxy }}".
|
||||
kolla_http_proxy: "{{ http_proxy }}"
|
||||
|
||||
# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
|
||||
# Kolla. Default value is "{{ https_proxy }}".
|
||||
kolla_https_proxy: "{{ https_proxy }}"
|
||||
|
||||
# List of domains, hostnames, IP addresses and networks for which no proxy is
|
||||
# used. Default value is "{{ no_proxy }}".
|
||||
kolla_no_proxy: "{{ no_proxy }}"
|
||||
|
19
ansible/group_vars/all/proxy
Normal file
19
ansible/group_vars/all/proxy
Normal file
@ -0,0 +1,19 @@
|
||||
---
|
||||
###############################################################################
|
||||
# Configuration of HTTP(S) proxies.
|
||||
|
||||
# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port). By
|
||||
# default no proxy is used.
|
||||
http_proxy: ""
|
||||
|
||||
# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port). By
|
||||
# default no proxy is used.
|
||||
https_proxy: ""
|
||||
|
||||
# List of domains, hostnames, IP addresses and networks for which no proxy is
|
||||
# used. Defaults to ["127.0.0.1", "localhost", "{{ docker_registry }}"]. This
|
||||
# is configured only if either http_proxy or https_proxy is set.
|
||||
no_proxy:
|
||||
- "127.0.0.1"
|
||||
- "localhost"
|
||||
- "{{ docker_registry }}"
|
41
ansible/proxy.yml
Normal file
41
ansible/proxy.yml
Normal file
@ -0,0 +1,41 @@
|
||||
- name: Configure HTTP(S) proxy settings
|
||||
hosts: seed-hypervisor:seed:overcloud
|
||||
vars:
|
||||
ansible_python_interpreter: /usr/bin/python3
|
||||
tags:
|
||||
- proxy
|
||||
tasks:
|
||||
- name: Add HTTP proxy configuration to /etc/environment
|
||||
lineinfile:
|
||||
path: "/etc/environment"
|
||||
create: yes
|
||||
mode: 0644
|
||||
state: present
|
||||
regexp: "^http_proxy=.*"
|
||||
line: "http_proxy={{ http_proxy }}"
|
||||
become: True
|
||||
when: http_proxy is defined and http_proxy | length > 0
|
||||
|
||||
- name: Add HTTPS proxy configuration to /etc/environment
|
||||
lineinfile:
|
||||
path: "/etc/environment"
|
||||
create: yes
|
||||
mode: 0644
|
||||
state: present
|
||||
regexp: "^https_proxy=.*"
|
||||
line: "https_proxy={{ https_proxy }}"
|
||||
become: True
|
||||
when: https_proxy is defined and https_proxy | length > 0
|
||||
|
||||
- name: Add no_proxy configuration to /etc/environment
|
||||
lineinfile:
|
||||
path: "/etc/environment"
|
||||
create: yes
|
||||
mode: 0644
|
||||
state: present
|
||||
regexp: "^no_proxy=.*"
|
||||
line: "no_proxy={{ no_proxy | select | join(',') }}"
|
||||
become: True
|
||||
when:
|
||||
- no_proxy | length > 0
|
||||
- http_proxy is defined and http_proxy | length > 0 or https_proxy is defined and https_proxy | length > 0
|
@ -132,7 +132,6 @@ kolla_external_vip_address:
|
||||
# kolla_external_vip_address.
|
||||
kolla_external_fqdn:
|
||||
|
||||
|
||||
####################
|
||||
# Networking options
|
||||
####################
|
||||
@ -298,3 +297,16 @@ docker_daemon_mtu: 1500
|
||||
|
||||
# Enable live-restore on docker daemon
|
||||
docker_daemon_live_restore: false
|
||||
|
||||
###############################################################################
|
||||
# Proxy configuration
|
||||
|
||||
# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port).
|
||||
kolla_http_proxy:
|
||||
|
||||
# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port).
|
||||
kolla_https_proxy:
|
||||
|
||||
# List of domains, hostnames, IP addresses and networks for which no proxy is
|
||||
# used.
|
||||
kolla_no_proxy:
|
||||
|
@ -50,6 +50,17 @@ kolla_external_vip_address: "{{ kolla_external_vip_address }}"
|
||||
kolla_external_fqdn: "{{ kolla_external_fqdn }}"
|
||||
{% endif %}
|
||||
|
||||
# Proxy settings for containers such as magnum that need Internet access
|
||||
{% if kolla_http_proxy is not none and kolla_http_proxy | length > 0 %}
|
||||
container_http_proxy: "{{ kolla_http_proxy }}"
|
||||
{% endif %}
|
||||
{% if kolla_https_proxy is not none and kolla_https_proxy | length > 0 %}
|
||||
container_https_proxy: "{{ kolla_https_proxy }}"
|
||||
{% endif %}
|
||||
{% if kolla_no_proxy is not none and kolla_no_proxy | length > 0 %}
|
||||
container_no_proxy: "{{ kolla_no_proxy | select | join(',') }}"
|
||||
{% endif %}
|
||||
|
||||
################
|
||||
# Docker options
|
||||
################
|
||||
@ -66,6 +77,16 @@ docker_registry_username: "{{ kolla_docker_registry_username }}"
|
||||
docker_storage_driver: "{{ docker_storage_driver }}"
|
||||
docker_custom_config: {{ kolla_docker_custom_config | to_nice_json | indent(2) }}
|
||||
|
||||
{% if kolla_http_proxy is not none and kolla_http_proxy | length > 0 %}
|
||||
docker_http_proxy: "{{ kolla_http_proxy }}"
|
||||
{% endif %}
|
||||
{% if kolla_https_proxy is not none and kolla_https_proxy | length > 0 %}
|
||||
docker_https_proxy: "{{ kolla_https_proxy }}"
|
||||
{% endif %}
|
||||
{% if kolla_no_proxy is not none and kolla_no_proxy | length > 0 %}
|
||||
docker_no_proxy: "{{ kolla_no_proxy | select | join(',') }}"
|
||||
{% endif %}
|
||||
|
||||
#docker_configure_for_zun: "no"
|
||||
|
||||
###################
|
||||
|
@ -474,6 +474,21 @@
|
||||
# default.
|
||||
#kolla_internal_fqdn_cacert:
|
||||
|
||||
###############################################################################
|
||||
# Proxy configuration
|
||||
|
||||
# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
|
||||
# Kolla. Default value is "{{ http_proxy }}".
|
||||
#kolla_http_proxy:
|
||||
|
||||
# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
|
||||
# Kolla. Default value is "{{ https_proxy }}".
|
||||
#kolla_https_proxy:
|
||||
|
||||
# List of domains, hostnames, IP addresses and networks for which no proxy is
|
||||
# used. Default value is "{{ no_proxy }}".
|
||||
#kolla_no_proxy:
|
||||
|
||||
###############################################################################
|
||||
# Dummy variable to allow Ansible to accept this file.
|
||||
workaround_ansible_issue_8743: yes
|
||||
|
16
etc/kayobe/proxy.yml
Normal file
16
etc/kayobe/proxy.yml
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
###############################################################################
|
||||
# Configuration of HTTP(S) proxies.
|
||||
|
||||
# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port). By
|
||||
# default no proxy is used.
|
||||
#http_proxy:
|
||||
|
||||
# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port). By
|
||||
# default no proxy is used.
|
||||
#https_proxy:
|
||||
|
||||
# List of domains, hostnames, IP addresses and networks for which no proxy is
|
||||
# used. Defaults to ["127.0.0.1", "localhost", "{{ docker_registry }}"]. This
|
||||
# is configured only if either http_proxy or https_proxy is set.
|
||||
#no_proxy:
|
@ -409,6 +409,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
|
||||
* Allocate IP addresses for all configured networks.
|
||||
* Add the host to SSH known hosts.
|
||||
* Configure a user account for use by kayobe for SSH access.
|
||||
* Configure proxy settings.
|
||||
* Configure package repos.
|
||||
* Configure a PyPI mirror.
|
||||
* Optionally, create a virtualenv for remote target hosts.
|
||||
@ -452,7 +453,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
|
||||
limit="seed-hypervisor")
|
||||
|
||||
playbooks = _build_playbook_list(
|
||||
"ssh-known-host", "kayobe-ansible-user",
|
||||
"ssh-known-host", "kayobe-ansible-user", "proxy",
|
||||
"apt", "dnf", "pip", "kayobe-target-venv")
|
||||
if parsed_args.wipe_disks:
|
||||
playbooks += _build_playbook_list("wipe-disks")
|
||||
@ -568,6 +569,7 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
|
||||
* Allocate IP addresses for all configured networks.
|
||||
* Add the host to SSH known hosts.
|
||||
* Configure a user account for use by kayobe for SSH access.
|
||||
* Configure proxy settings.
|
||||
* Configure package repos.
|
||||
* Configure a PyPI mirror.
|
||||
* Optionally, create a virtualenv for remote target hosts.
|
||||
@ -608,7 +610,7 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
|
||||
|
||||
# Run kayobe playbooks.
|
||||
playbooks = _build_playbook_list(
|
||||
"ssh-known-host", "kayobe-ansible-user",
|
||||
"ssh-known-host", "kayobe-ansible-user", "proxy",
|
||||
"apt", "dnf", "pip", "kayobe-target-venv")
|
||||
if parsed_args.wipe_disks:
|
||||
playbooks += _build_playbook_list("wipe-disks")
|
||||
@ -879,6 +881,7 @@ class InfraVMHostConfigure(KayobeAnsibleMixin, VaultMixin,
|
||||
* Allocate IP addresses for all configured networks.
|
||||
* Add the host to SSH known hosts.
|
||||
* Configure a user account for use by kayobe for SSH access.
|
||||
* Configure proxy settings.
|
||||
* Configure package repos.
|
||||
* Configure a PyPI mirror.
|
||||
* Optionally, create a virtualenv for remote target hosts.
|
||||
@ -914,7 +917,7 @@ class InfraVMHostConfigure(KayobeAnsibleMixin, VaultMixin,
|
||||
|
||||
# Kayobe playbooks.
|
||||
playbooks = _build_playbook_list(
|
||||
"ssh-known-host", "kayobe-ansible-user",
|
||||
"ssh-known-host", "kayobe-ansible-user", "proxy",
|
||||
"apt", "dnf", "pip", "kayobe-target-venv")
|
||||
if parsed_args.wipe_disks:
|
||||
playbooks += _build_playbook_list("wipe-disks")
|
||||
@ -1128,6 +1131,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
|
||||
* Allocate IP addresses for all configured networks.
|
||||
* Add the host to SSH known hosts.
|
||||
* Configure a user account for use by kayobe for SSH access.
|
||||
* Configure proxy settings.
|
||||
* Configure package repos.
|
||||
* Configure a PyPI mirror.
|
||||
* Optionally, create a virtualenv for remote target hosts.
|
||||
@ -1166,7 +1170,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
|
||||
|
||||
# Kayobe playbooks.
|
||||
playbooks = _build_playbook_list(
|
||||
"ssh-known-host", "kayobe-ansible-user",
|
||||
"ssh-known-host", "kayobe-ansible-user", "proxy",
|
||||
"apt", "dnf", "pip", "kayobe-target-venv")
|
||||
if parsed_args.wipe_disks:
|
||||
playbooks += _build_playbook_list("wipe-disks")
|
||||
|
@ -328,6 +328,7 @@ class TestCase(unittest.TestCase):
|
||||
utils.get_data_files_path("ansible", "ssh-known-host.yml"),
|
||||
utils.get_data_files_path(
|
||||
"ansible", "kayobe-ansible-user.yml"),
|
||||
utils.get_data_files_path("ansible", "proxy.yml"),
|
||||
utils.get_data_files_path("ansible", "apt.yml"),
|
||||
utils.get_data_files_path("ansible", "dnf.yml"),
|
||||
utils.get_data_files_path("ansible", "pip.yml"),
|
||||
@ -501,6 +502,7 @@ class TestCase(unittest.TestCase):
|
||||
utils.get_data_files_path("ansible", "ssh-known-host.yml"),
|
||||
utils.get_data_files_path(
|
||||
"ansible", "kayobe-ansible-user.yml"),
|
||||
utils.get_data_files_path("ansible", "proxy.yml"),
|
||||
utils.get_data_files_path("ansible", "apt.yml"),
|
||||
utils.get_data_files_path("ansible", "dnf.yml"),
|
||||
utils.get_data_files_path("ansible", "pip.yml"),
|
||||
@ -993,6 +995,7 @@ class TestCase(unittest.TestCase):
|
||||
utils.get_data_files_path("ansible", "ssh-known-host.yml"),
|
||||
utils.get_data_files_path(
|
||||
"ansible", "kayobe-ansible-user.yml"),
|
||||
utils.get_data_files_path("ansible", "proxy.yml"),
|
||||
utils.get_data_files_path("ansible", "apt.yml"),
|
||||
utils.get_data_files_path("ansible", "dnf.yml"),
|
||||
utils.get_data_files_path("ansible", "pip.yml"),
|
||||
@ -1272,6 +1275,7 @@ class TestCase(unittest.TestCase):
|
||||
utils.get_data_files_path("ansible", "ssh-known-host.yml"),
|
||||
utils.get_data_files_path(
|
||||
"ansible", "kayobe-ansible-user.yml"),
|
||||
utils.get_data_files_path("ansible", "proxy.yml"),
|
||||
utils.get_data_files_path("ansible", "apt.yml"),
|
||||
utils.get_data_files_path("ansible", "dnf.yml"),
|
||||
utils.get_data_files_path("ansible", "pip.yml"),
|
||||
|
8
releasenotes/notes/proxy-settings-32911948a517b35b.yaml
Normal file
8
releasenotes/notes/proxy-settings-32911948a517b35b.yaml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Adds support for configuring HTTP(S) proxy settings using the
|
||||
``http_proxy``, ``https_proxy`` and ``no_proxy`` variables in
|
||||
``proxy.yml``. These variables are passed down to Kolla Ansible which uses
|
||||
them to configure Docker, allowing container image pull operations and
|
||||
container networking to use HTTP(S) proxies.
|
Loading…
Reference in New Issue
Block a user