openstack/kayobe
Code Issues Proposed changes

Merge "Add support for configuring proxy settings"

Browse Source
This commit is contained in:
Zuul 2022-01-04 17:22:48 +00:00 committed by Gerrit Code Review
commit 4028a56fac
10 changed files with 160 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ansible/group_vars/all/kolla
View File

@ -650,3 +650,18 @@ kolla_internal_tls_cert:
# in admin-openrc.sh file when TLS is enabled, instead of Kolla-Ansible's
# default.
kolla_internal_fqdn_cacert:
###############################################################################
# Proxy configuration
# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
# Kolla. Default value is "{{ http_proxy }}".
kolla_http_proxy: "{{ http_proxy }}"
# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
# Kolla. Default value is "{{ https_proxy }}".
kolla_https_proxy: "{{ https_proxy }}"
# List of domains, hostnames, IP addresses and networks for which no proxy is
# used. Default value is "{{ no_proxy }}".
kolla_no_proxy: "{{ no_proxy }}"

19
ansible/group_vars/all/proxy Normal file
View File

@ -0,0 +1,19 @@
---
###############################################################################
# Configuration of HTTP(S) proxies.
# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port). By
# default no proxy is used.
http_proxy: ""
# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port). By
# default no proxy is used.
https_proxy: ""
# List of domains, hostnames, IP addresses and networks for which no proxy is
# used. Defaults to ["127.0.0.1", "localhost", "{{ docker_registry }}"]. This
# is configured only if either http_proxy or https_proxy is set.
no_proxy:
- "127.0.0.1"
- "localhost"
- "{{ docker_registry }}"

41
ansible/proxy.yml Normal file
View File

@ -0,0 +1,41 @@
- name: Configure HTTP(S) proxy settings
hosts: seed-hypervisor:seed:overcloud
vars:
ansible_python_interpreter: /usr/bin/python3
tags:
- proxy
tasks:
- name: Add HTTP proxy configuration to /etc/environment
lineinfile:
path: "/etc/environment"
create: yes
mode: 0644
state: present
regexp: "^http_proxy=.*"
line: "http_proxy={{ http_proxy }}"
become: True
when: http_proxy is defined and http_proxy | length > 0
- name: Add HTTPS proxy configuration to /etc/environment
lineinfile:
path: "/etc/environment"
create: yes
mode: 0644
state: present
regexp: "^https_proxy=.*"
line: "https_proxy={{ https_proxy }}"
become: True
when: https_proxy is defined and https_proxy | length > 0
- name: Add no_proxy configuration to /etc/environment
lineinfile:
path: "/etc/environment"
create: yes
mode: 0644
state: present
regexp: "^no_proxy=.*"
line: "no_proxy={{ no_proxy | select | join(',') }}"
become: True
when:
- no_proxy | length > 0
- http_proxy is defined and http_proxy | length > 0 or https_proxy is defined and https_proxy | length > 0

14
ansible/roles/kolla-ansible/defaults/main.yml
View File

@ -137,7 +137,6 @@ kolla_external_vip_address:
# kolla_external_vip_address.
kolla_external_fqdn:
####################
# Networking options
####################
@ -306,3 +305,16 @@ docker_daemon_mtu: 1500
# Enable live-restore on docker daemon
docker_daemon_live_restore: false
###############################################################################
# Proxy configuration
# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port).
kolla_http_proxy:
# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port).
kolla_https_proxy:
# List of domains, hostnames, IP addresses and networks for which no proxy is
# used.
kolla_no_proxy:

21
ansible/roles/kolla-ansible/templates/kolla/globals.yml
View File

@ -50,6 +50,17 @@ kolla_external_vip_address: "{{ kolla_external_vip_address }}"
kolla_external_fqdn: "{{ kolla_external_fqdn }}"
{% endif %}
# Proxy settings for containers such as magnum that need Internet access
{% if kolla_http_proxy is not none and kolla_http_proxy | length > 0 %}
container_http_proxy: "{{ kolla_http_proxy }}"
{% endif %}
{% if kolla_https_proxy is not none and kolla_https_proxy | length > 0 %}
container_https_proxy: "{{ kolla_https_proxy }}"
{% endif %}
{% if kolla_no_proxy is not none and kolla_no_proxy | length > 0 %}
container_no_proxy: "{{ kolla_no_proxy | select | join(',') }}"
{% endif %}
################
# Docker options
################
@ -69,6 +80,16 @@ docker_custom_config: {{ kolla_docker_custom_config | to_nice_json | indent(2) }
docker_registry_insecure: "yes"
{% endif %}
{% if kolla_http_proxy is not none and kolla_http_proxy | length > 0 %}
docker_http_proxy: "{{ kolla_http_proxy }}"
{% endif %}
{% if kolla_https_proxy is not none and kolla_https_proxy | length > 0 %}
docker_https_proxy: "{{ kolla_https_proxy }}"
{% endif %}
{% if kolla_no_proxy is not none and kolla_no_proxy | length > 0 %}
docker_no_proxy: "{{ kolla_no_proxy | select | join(',') }}"
{% endif %}
#docker_configure_for_zun: "no"
###################

15
etc/kayobe/kolla.yml
View File

@ -479,6 +479,21 @@
# default.
#kolla_internal_fqdn_cacert:
###############################################################################
# Proxy configuration
# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
# Kolla. Default value is "{{ http_proxy }}".
#kolla_http_proxy:
# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port) used by
# Kolla. Default value is "{{ https_proxy }}".
#kolla_https_proxy:
# List of domains, hostnames, IP addresses and networks for which no proxy is
# used. Default value is "{{ no_proxy }}".
#kolla_no_proxy:
###############################################################################
# Dummy variable to allow Ansible to accept this file.
workaround_ansible_issue_8743: yes

16
etc/kayobe/proxy.yml Normal file
View File

@ -0,0 +1,16 @@
---
###############################################################################
# Configuration of HTTP(S) proxies.
# HTTP proxy URL (format: http(s)://[user:password@]proxy_name:port). By
# default no proxy is used.
#http_proxy:
# HTTPS proxy URL (format: http(s)://[user:password@]proxy_name:port). By
# default no proxy is used.
#https_proxy:
# List of domains, hostnames, IP addresses and networks for which no proxy is
# used. Defaults to ["127.0.0.1", "localhost", "{{ docker_registry }}"]. This
# is configured only if either http_proxy or https_proxy is set.
#no_proxy:

12
kayobe/cli/commands.py
View File

@ -409,6 +409,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
* Allocate IP addresses for all configured networks.
* Add the host to SSH known hosts.
* Configure a user account for use by kayobe for SSH access.
* Configure proxy settings.
* Configure package repos.
* Configure a PyPI mirror.
* Optionally, create a virtualenv for remote target hosts.
@ -442,7 +443,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
limit="seed-hypervisor")
playbooks = _build_playbook_list(
"ssh-known-host", "kayobe-ansible-user",
"ssh-known-host", "kayobe-ansible-user", "proxy",
"apt", "dnf", "pip", "kayobe-target-venv")
if parsed_args.wipe_disks:
playbooks += _build_playbook_list("wipe-disks")
@ -558,6 +559,7 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
* Allocate IP addresses for all configured networks.
* Add the host to SSH known hosts.
* Configure a user account for use by kayobe for SSH access.
* Configure proxy settings.
* Configure package repos.
* Configure a PyPI mirror.
* Optionally, create a virtualenv for remote target hosts.
@ -598,7 +600,7 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
# Run kayobe playbooks.
playbooks = _build_playbook_list(
"ssh-known-host", "kayobe-ansible-user",
"ssh-known-host", "kayobe-ansible-user", "proxy",
"apt", "dnf", "pip", "kayobe-target-venv")
if parsed_args.wipe_disks:
playbooks += _build_playbook_list("wipe-disks")
@ -869,6 +871,7 @@ class InfraVMHostConfigure(KayobeAnsibleMixin, VaultMixin,
* Allocate IP addresses for all configured networks.
* Add the host to SSH known hosts.
* Configure a user account for use by kayobe for SSH access.
* Configure proxy settings.
* Configure package repos.
* Configure a PyPI mirror.
* Optionally, create a virtualenv for remote target hosts.
@ -904,7 +907,7 @@ class InfraVMHostConfigure(KayobeAnsibleMixin, VaultMixin,
# Kayobe playbooks.
playbooks = _build_playbook_list(
"ssh-known-host", "kayobe-ansible-user",
"ssh-known-host", "kayobe-ansible-user", "proxy",
"apt", "dnf", "pip", "kayobe-target-venv")
if parsed_args.wipe_disks:
playbooks += _build_playbook_list("wipe-disks")
@ -1118,6 +1121,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
* Allocate IP addresses for all configured networks.
* Add the host to SSH known hosts.
* Configure a user account for use by kayobe for SSH access.
* Configure proxy settings.
* Configure package repos.
* Configure a PyPI mirror.
* Optionally, create a virtualenv for remote target hosts.
@ -1156,7 +1160,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
# Kayobe playbooks.
playbooks = _build_playbook_list(
"ssh-known-host", "kayobe-ansible-user",
"ssh-known-host", "kayobe-ansible-user", "proxy",
"apt", "dnf", "pip", "kayobe-target-venv")
if parsed_args.wipe_disks:
playbooks += _build_playbook_list("wipe-disks")

4
kayobe/tests/unit/cli/test_commands.py
View File

@ -319,6 +319,7 @@ class TestCase(unittest.TestCase):
utils.get_data_files_path("ansible", "ssh-known-host.yml"),
utils.get_data_files_path(
"ansible", "kayobe-ansible-user.yml"),
utils.get_data_files_path("ansible", "proxy.yml"),
utils.get_data_files_path("ansible", "apt.yml"),
utils.get_data_files_path("ansible", "dnf.yml"),
utils.get_data_files_path("ansible", "pip.yml"),
@ -492,6 +493,7 @@ class TestCase(unittest.TestCase):
utils.get_data_files_path("ansible", "ssh-known-host.yml"),
utils.get_data_files_path(
"ansible", "kayobe-ansible-user.yml"),
utils.get_data_files_path("ansible", "proxy.yml"),
utils.get_data_files_path("ansible", "apt.yml"),
utils.get_data_files_path("ansible", "dnf.yml"),
utils.get_data_files_path("ansible", "pip.yml"),
@ -984,6 +986,7 @@ class TestCase(unittest.TestCase):
utils.get_data_files_path("ansible", "ssh-known-host.yml"),
utils.get_data_files_path(
"ansible", "kayobe-ansible-user.yml"),
utils.get_data_files_path("ansible", "proxy.yml"),
utils.get_data_files_path("ansible", "apt.yml"),
utils.get_data_files_path("ansible", "dnf.yml"),
utils.get_data_files_path("ansible", "pip.yml"),
@ -1263,6 +1266,7 @@ class TestCase(unittest.TestCase):
utils.get_data_files_path("ansible", "ssh-known-host.yml"),
utils.get_data_files_path(
"ansible", "kayobe-ansible-user.yml"),
utils.get_data_files_path("ansible", "proxy.yml"),
utils.get_data_files_path("ansible", "apt.yml"),
utils.get_data_files_path("ansible", "dnf.yml"),
utils.get_data_files_path("ansible", "pip.yml"),

8
releasenotes/notes/proxy-settings-32911948a517b35b.yaml Normal file
View File

@ -0,0 +1,8 @@
---
features:
- |
Adds support for configuring HTTP(S) proxy settings using the
``http_proxy``, ``https_proxy`` and ``no_proxy`` variables in
``proxy.yml``. These variables are passed down to Kolla Ansible which uses
them to configure Docker, allowing container image pull operations and
container networking to use HTTP(S) proxies.