aboutsummaryrefslogtreecommitdiff
path: root/pkg/machine/ignition.go
diff options
context:
space:
mode:
authorAditya Rajan <arajan@redhat.com>2022-01-05 17:40:45 +0530
committerAditya Rajan <arajan@redhat.com>2022-01-11 00:45:54 +0530
commit5c363ff276b7f97cff5ce946e313d98ae9bb2f60 (patch)
tree9febb0b04926b03a4f89647ae96d6c9520c81945 /pkg/machine/ignition.go
parent87cd4b698cea28ef99b3b3326309b068b9aa7f04 (diff)
downloadpodman-5c363ff276b7f97cff5ce946e313d98ae9bb2f60.tar.gz
podman-5c363ff276b7f97cff5ce946e313d98ae9bb2f60.tar.bz2
podman-5c363ff276b7f97cff5ce946e313d98ae9bb2f60.zip
ignition: propogate HTTP proxy variables from host to remote
Podman often has to run behind an http/https proxy, often in corporate environments. This proxy may or may not include SSL inspection capabilities, requiring a trusted SSL CA certificate to be added to a system's trust store. Solve this by reading standard proxy variables (HTTP_PROXY HTTPS_PROXY NO_PROXY http_proxy https_proxy no_proxy) and injecting them into the machine at init. [NO NEW TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@redhat.com>
Diffstat (limited to 'pkg/machine/ignition.go')
-rw-r--r--pkg/machine/ignition.go29
1 files changed, 29 insertions, 0 deletions
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
index 84d3be296..7293bc236 100644
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@@ -340,6 +340,24 @@ machine_enabled=true
},
})
+ setProxyOpts := getProxyVariables()
+ if setProxyOpts != "" {
+ files = append(files, File{
+ Node: Node{
+ Group: getNodeGrp("root"),
+ Path: "/etc/profile.d/proxy-opts.sh",
+ User: getNodeUsr("root"),
+ },
+ FileEmbedded1: FileEmbedded1{
+ Append: nil,
+ Contents: Resource{
+ Source: encodeDataURLPtr(setProxyOpts),
+ },
+ Mode: intToPtr(0644),
+ },
+ })
+ }
+
setDockerHost := `export DOCKER_HOST="unix://$(podman info -f "{{.Host.RemoteSocket.Path}}")"
`
@@ -411,6 +429,17 @@ func getCerts(certsDir string) []File {
return files
}
+func getProxyVariables() string {
+ proxyOpts := ""
+ proxyVariables := []string{"HTTP_PROXY", "HTTPS_PROXY", "NO_PROXY", "http_proxy", "https_proxy", "no_proxy"}
+ for _, variable := range proxyVariables {
+ if value, ok := os.LookupEnv(variable); ok {
+ proxyOpts += fmt.Sprintf("\n export %s=%s", variable, value)
+ }
+ }
+ return proxyOpts
+}
+
func getLinks(usrName string) []Link {
return []Link{{
Node: Node{