Add support for configuring proxy settings

Change-Id: Ic5130a7512d4a26354bd292b0ab51ab4a9279f0a
2021-10-19 10:58:19 +02:00 · 2021-10-19 10:58:19 +02:00 · e48960ecf2
commit e48960ecf2
parent 96a9d861cf
10 changed files with 160 additions and 5 deletions
--- a/ansible/group_vars/all/kolla
+++ b/ansible/group_vars/all/kolla
@ -642,3 +642,18 @@ kolla_internal_tls_cert:
 # in admin-openrc.sh file when TLS is enabled, instead of Kolla-Ansible's
 # default.
 kolla_internal_fqdn_cacert:
 ###############################################################################
 # Proxy configuration
 # HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
 # Kolla. Default value is "{{ http_proxy }}".
 kolla_http_proxy: "{{ http_proxy }}"
 # HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
 # Kolla. Default value is "{{ https_proxy }}".
 kolla_https_proxy: "{{ https_proxy }}"
 # List of domains, hostnames, IP addresses and networks for which no proxy is
 # used. Default value is "{{ no_proxy }}".
 kolla_no_proxy: "{{ no_proxy }}"
--- a/ansible/group_vars/all/proxy
+++ b/ansible/group_vars/all/proxy
@ -0,0 +1,19 @@
 ---
 ###############################################################################
 # Configuration of HTTP(S) proxies.
 # HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port). By
 # default no proxy is used.
 http_proxy: ""
 # HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port). By
 # default no proxy is used.
 https_proxy: ""
 # List of domains, hostnames, IP addresses and networks for which no proxy is
 # used. Defaults to ["127.0.0.1", "localhost", "{{ docker_registry }}"]. This
 # is configured only if either http_proxy or https_proxy is set.
 no_proxy:
  - "127.0.0.1"
  - "localhost"
  - "{{ docker_registry }}"
--- a/ansible/proxy.yml
+++ b/ansible/proxy.yml
@ -0,0 +1,41 @@
 - name: Configure HTTP(S) proxy settings
  hosts: seed-hypervisor:seed:overcloud
  vars:
    ansible_python_interpreter: /usr/bin/python3
  tags:
    - proxy
  tasks:
    - name: Add HTTP proxy configuration to /etc/environment
      lineinfile:
        path: "/etc/environment"
        create: yes
        mode: 0644
        state: present
        regexp: "^http_proxy=.*"
        line: "http_proxy={{ http_proxy }}"
      become: True
      when: http_proxy is defined and http_proxy | length > 0
    - name: Add HTTPS proxy configuration to /etc/environment
      lineinfile:
        path: "/etc/environment"
        create: yes
        mode: 0644
        state: present
        regexp: "^https_proxy=.*"
        line: "https_proxy={{ https_proxy }}"
      become: True
      when: https_proxy is defined and https_proxy | length > 0
    - name: Add no_proxy configuration to /etc/environment
      lineinfile:
        path: "/etc/environment"
        create: yes
        mode: 0644
        state: present
        regexp: "^no_proxy=.*"
        line: "no_proxy={{ no_proxy | select | join(',') }}"
      become: True
      when:
        - no_proxy | length > 0
        - http_proxy is defined and http_proxy | length > 0 or https_proxy is defined and https_proxy | length > 0
--- a/ansible/roles/kolla-ansible/defaults/main.yml
+++ b/ansible/roles/kolla-ansible/defaults/main.yml
@ -132,7 +132,6 @@ kolla_external_vip_address:
 # kolla_external_vip_address.
 kolla_external_fqdn:
 ####################
 # Networking options
 ####################
@ -298,3 +297,16 @@ docker_daemon_mtu: 1500
 # Enable live-restore on docker daemon
 docker_daemon_live_restore: false
 ###############################################################################
 # Proxy configuration
 # HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port).
 kolla_http_proxy:
 # HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port).
 kolla_https_proxy:
 # List of domains, hostnames, IP addresses and networks for which no proxy is
 # used.
 kolla_no_proxy:
--- a/ansible/roles/kolla-ansible/templates/kolla/globals.yml
+++ b/ansible/roles/kolla-ansible/templates/kolla/globals.yml
@ -50,6 +50,17 @@ kolla_external_vip_address: "{{ kolla_external_vip_address }}"
 kolla_external_fqdn: "{{ kolla_external_fqdn }}"
 {% endif %}
 # Proxy settings for containers such as magnum that need Internet access
 {% if kolla_http_proxy is not none and kolla_http_proxy | length > 0 %}
 container_http_proxy: "{{ kolla_http_proxy }}"
 {% endif %}
 {% if kolla_https_proxy is not none and kolla_https_proxy | length > 0 %}
 container_https_proxy: "{{ kolla_https_proxy }}"
 {% endif %}
 {% if kolla_no_proxy is not none and kolla_no_proxy | length > 0 %}
 container_no_proxy: "{{ kolla_no_proxy | select | join(',') }}"
 {% endif %}
 ################
 # Docker options
 ################
@ -66,6 +77,16 @@ docker_registry_username: "{{ kolla_docker_registry_username }}"
 docker_storage_driver: "{{ docker_storage_driver }}"
 docker_custom_config: {{ kolla_docker_custom_config | to_nice_json | indent(2) }}
 {% if kolla_http_proxy is not none and kolla_http_proxy | length > 0 %}
 docker_http_proxy: "{{ kolla_http_proxy }}"
 {% endif %}
 {% if kolla_https_proxy is not none and kolla_https_proxy | length > 0 %}
 docker_https_proxy: "{{ kolla_https_proxy }}"
 {% endif %}
 {% if kolla_no_proxy is not none and kolla_no_proxy | length > 0 %}
 docker_no_proxy: "{{ kolla_no_proxy | select | join(',') }}"
 {% endif %}
 #docker_configure_for_zun: "no"
 ###################
--- a/etc/kayobe/kolla.yml
+++ b/etc/kayobe/kolla.yml
@ -474,6 +474,21 @@
 # default.
 #kolla_internal_fqdn_cacert:
 ###############################################################################
 # Proxy configuration
 # HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
 # Kolla. Default value is "{{ http_proxy }}".
 #kolla_http_proxy:
 # HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
 # Kolla. Default value is "{{ https_proxy }}".
 #kolla_https_proxy:
 # List of domains, hostnames, IP addresses and networks for which no proxy is
 # used. Default value is "{{ no_proxy }}".
 #kolla_no_proxy:
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes
--- a/etc/kayobe/proxy.yml
+++ b/etc/kayobe/proxy.yml
@ -0,0 +1,16 @@
 ---
 ###############################################################################
 # Configuration of HTTP(S) proxies.
 # HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port). By
 # default no proxy is used.
 #http_proxy:
 # HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port). By
 # default no proxy is used.
 #https_proxy:
 # List of domains, hostnames, IP addresses and networks for which no proxy is
 # used. Defaults to ["127.0.0.1", "localhost", "{{ docker_registry }}"]. This
 # is configured only if either http_proxy or https_proxy is set.
 #no_proxy:
--- a/kayobe/cli/commands.py
+++ b/kayobe/cli/commands.py
@ -409,6 +409,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
    * Allocate IP addresses for all configured networks.
    * Add the host to SSH known hosts.
    * Configure a user account for use by kayobe for SSH access.
    * Configure proxy settings.
    * Configure package repos.
    * Configure a PyPI mirror.
    * Optionally, create a virtualenv for remote target hosts.
@ -452,7 +453,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
                                  limit="seed-hypervisor")
        playbooks = _build_playbook_list(
-            "ssh-known-host", "kayobe-ansible-user",
+            "ssh-known-host", "kayobe-ansible-user", "proxy",
            "apt", "dnf", "pip", "kayobe-target-venv")
        if parsed_args.wipe_disks:
            playbooks += _build_playbook_list("wipe-disks")
@ -568,6 +569,7 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
    * Allocate IP addresses for all configured networks.
    * Add the host to SSH known hosts.
    * Configure a user account for use by kayobe for SSH access.
    * Configure proxy settings.
    * Configure package repos.
    * Configure a PyPI mirror.
    * Optionally, create a virtualenv for remote target hosts.
@ -608,7 +610,7 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
        # Run kayobe playbooks.
        playbooks = _build_playbook_list(
-            "ssh-known-host", "kayobe-ansible-user",
+            "ssh-known-host", "kayobe-ansible-user", "proxy",
            "apt", "dnf", "pip", "kayobe-target-venv")
        if parsed_args.wipe_disks:
            playbooks += _build_playbook_list("wipe-disks")
@ -879,6 +881,7 @@ class InfraVMHostConfigure(KayobeAnsibleMixin, VaultMixin,
    * Allocate IP addresses for all configured networks.
    * Add the host to SSH known hosts.
    * Configure a user account for use by kayobe for SSH access.
    * Configure proxy settings.
    * Configure package repos.
    * Configure a PyPI mirror.
    * Optionally, create a virtualenv for remote target hosts.
@ -914,7 +917,7 @@ class InfraVMHostConfigure(KayobeAnsibleMixin, VaultMixin,
        # Kayobe playbooks.
        playbooks = _build_playbook_list(
-            "ssh-known-host", "kayobe-ansible-user",
+            "ssh-known-host", "kayobe-ansible-user", "proxy",
            "apt", "dnf", "pip", "kayobe-target-venv")
        if parsed_args.wipe_disks:
            playbooks += _build_playbook_list("wipe-disks")
@ -1128,6 +1131,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
    * Allocate IP addresses for all configured networks.
    * Add the host to SSH known hosts.
    * Configure a user account for use by kayobe for SSH access.
    * Configure proxy settings.
    * Configure package repos.
    * Configure a PyPI mirror.
    * Optionally, create a virtualenv for remote target hosts.
@ -1166,7 +1170,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
        # Kayobe playbooks.
        playbooks = _build_playbook_list(
-            "ssh-known-host", "kayobe-ansible-user",
+            "ssh-known-host", "kayobe-ansible-user", "proxy",
            "apt", "dnf", "pip", "kayobe-target-venv")
        if parsed_args.wipe_disks:
            playbooks += _build_playbook_list("wipe-disks")
--- a/kayobe/tests/unit/cli/test_commands.py
+++ b/kayobe/tests/unit/cli/test_commands.py
@ -328,6 +328,7 @@ class TestCase(unittest.TestCase):
                    utils.get_data_files_path("ansible", "ssh-known-host.yml"),
                    utils.get_data_files_path(
                        "ansible", "kayobe-ansible-user.yml"),
                    utils.get_data_files_path("ansible", "proxy.yml"),
                    utils.get_data_files_path("ansible", "apt.yml"),
                    utils.get_data_files_path("ansible", "dnf.yml"),
                    utils.get_data_files_path("ansible", "pip.yml"),
@ -501,6 +502,7 @@ class TestCase(unittest.TestCase):
                    utils.get_data_files_path("ansible", "ssh-known-host.yml"),
                    utils.get_data_files_path(
                        "ansible", "kayobe-ansible-user.yml"),
                    utils.get_data_files_path("ansible", "proxy.yml"),
                    utils.get_data_files_path("ansible", "apt.yml"),
                    utils.get_data_files_path("ansible", "dnf.yml"),
                    utils.get_data_files_path("ansible", "pip.yml"),
@ -993,6 +995,7 @@ class TestCase(unittest.TestCase):
                    utils.get_data_files_path("ansible", "ssh-known-host.yml"),
                    utils.get_data_files_path(
                        "ansible", "kayobe-ansible-user.yml"),
                    utils.get_data_files_path("ansible", "proxy.yml"),
                    utils.get_data_files_path("ansible", "apt.yml"),
                    utils.get_data_files_path("ansible", "dnf.yml"),
                    utils.get_data_files_path("ansible", "pip.yml"),
@ -1272,6 +1275,7 @@ class TestCase(unittest.TestCase):
                    utils.get_data_files_path("ansible", "ssh-known-host.yml"),
                    utils.get_data_files_path(
                        "ansible", "kayobe-ansible-user.yml"),
                    utils.get_data_files_path("ansible", "proxy.yml"),
                    utils.get_data_files_path("ansible", "apt.yml"),
                    utils.get_data_files_path("ansible", "dnf.yml"),
                    utils.get_data_files_path("ansible", "pip.yml"),
--- a/releasenotes/notes/proxy-settings-32911948a517b35b.yaml
+++ b/releasenotes/notes/proxy-settings-32911948a517b35b.yaml
@ -0,0 +1,8 @@
 ---
 features:
  - |
    Adds support for configuring HTTP(S) proxy settings using the
    ``http_proxy``, ``https_proxy`` and ``no_proxy`` variables in
    ``proxy.yml``. These variables are passed down to Kolla Ansible which uses
    them to configure Docker, allowing container image pull operations and
    container networking to use HTTP(S) proxies.