diff options
| author | esendjer <esendjer@gmail.com> | 2022-02-11 02:58:53 +0500 |
|---|---|---|
| committer | Matthew Heon <matthew.heon@pm.me> | 2022-02-16 14:02:42 -0500 |
| commit | 2128236da5f61f705c69b62fcac3eb7315e00a01 (patch) | |
| tree | 33a4e7fd076b149d9e7787034149eb1a7eb205a7 /pkg/machine/qemu/machine.go | |
| parent | 809da6b0ba8619bd8565a87388cf2cafad33cf99 (diff) | |
| download | podman-2128236da5f61f705c69b62fcac3eb7315e00a01.tar.gz podman-2128236da5f61f705c69b62fcac3eb7315e00a01.tar.bz2 podman-2128236da5f61f705c69b62fcac3eb7315e00a01.zip | |
ignition: propagate proxy settings from a host into a vm
Set proxy settings (such as `HTTP_PROXY`, and others)
for the whole guest OS with setting up `DefaultEnvironment`
with a `systemd` configuration file `default-env.conf`,
a `profile.d` scenario file - `default-env.sh` and
a `environment.d` configuration file `default-env.conf`
The **actual** environment variables are read by podman
at a start, then they are encrypted with base64 into
a single string and after are provided into a VM through
QEMU Firmware Configuration (fw_cfg) Device
Inside a VM a systemd service `envset-fwcfg.service`
reads the providead encrypted string from fw_cfg, decrypts
and then adds to the files
- `/etc/systemd/system.conf.d/default-env.conf`
- `/etc/profile.d/default-env.sh`
- `/etc/environment.d/default-env.conf`
At the end this service execute `systemctl daemon-reload`
to propagate new variables for systemd manager
[NO NEW TESTS NEEDED]
Closes #13168
Signed-off-by: esendjer <esendjer@gmail.com>
Diffstat (limited to 'pkg/machine/qemu/machine.go')
| -rw-r--r-- | pkg/machine/qemu/machine.go | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go index eb7b35ece..240442e49 100644 --- a/pkg/machine/qemu/machine.go +++ b/pkg/machine/qemu/machine.go @@ -1,9 +1,11 @@ +//go:build (amd64 && !windows) || (arm64 && !windows) // +build amd64,!windows arm64,!windows package qemu import ( "bufio" + "encoding/base64" "encoding/json" "fmt" "io/ioutil" @@ -123,6 +125,20 @@ func (p *Provider) LoadVMByName(name string) (machine.VM, error) { return nil, err } err = json.Unmarshal(b, vm) + + // It is here for providing the ability to propagate + // proxy settings (e.g. HTTP_PROXY and others) on a start + // and avoid a need of re-creating/re-initiating a VM + if proxyOpts := machine.GetProxyVariables(); len(proxyOpts) > 0 { + proxyStr := "name=opt/com.coreos/environment,string=" + var proxies string + for k, v := range proxyOpts { + proxies = fmt.Sprintf("%s%s=\"%s\"|", proxies, k, v) + } + proxyStr = fmt.Sprintf("%s%s", proxyStr, base64.StdEncoding.EncodeToString([]byte(proxies))) + vm.CmdLine = append(vm.CmdLine, "-fw_cfg", proxyStr) + } + logrus.Debug(vm.CmdLine) return vm, err } |