diff options
author | Aditya Rajan <arajan@redhat.com> | 2022-01-05 17:40:45 +0530 |
---|---|---|
committer | Aditya Rajan <arajan@redhat.com> | 2022-01-11 00:45:54 +0530 |
commit | 5c363ff276b7f97cff5ce946e313d98ae9bb2f60 (patch) | |
tree | 9febb0b04926b03a4f89647ae96d6c9520c81945 /pkg/machine | |
parent | 87cd4b698cea28ef99b3b3326309b068b9aa7f04 (diff) | |
download | podman-5c363ff276b7f97cff5ce946e313d98ae9bb2f60.tar.gz podman-5c363ff276b7f97cff5ce946e313d98ae9bb2f60.tar.bz2 podman-5c363ff276b7f97cff5ce946e313d98ae9bb2f60.zip |
ignition: propogate HTTP proxy variables from host to remote
Podman often has to run behind an http/https proxy, often in corporate environments.
This proxy may or may not include SSL inspection capabilities, requiring a trusted SSL CA certificate to be added to a system's trust store.
Solve this by reading standard proxy variables (HTTP_PROXY HTTPS_PROXY NO_PROXY http_proxy https_proxy no_proxy) and injecting them into the machine at init.
[NO NEW TESTS NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
Diffstat (limited to 'pkg/machine')
-rw-r--r-- | pkg/machine/ignition.go | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go index 84d3be296..7293bc236 100644 --- a/pkg/machine/ignition.go +++ b/pkg/machine/ignition.go @@ -340,6 +340,24 @@ machine_enabled=true }, }) + setProxyOpts := getProxyVariables() + if setProxyOpts != "" { + files = append(files, File{ + Node: Node{ + Group: getNodeGrp("root"), + Path: "/etc/profile.d/proxy-opts.sh", + User: getNodeUsr("root"), + }, + FileEmbedded1: FileEmbedded1{ + Append: nil, + Contents: Resource{ + Source: encodeDataURLPtr(setProxyOpts), + }, + Mode: intToPtr(0644), + }, + }) + } + setDockerHost := `export DOCKER_HOST="unix://$(podman info -f "{{.Host.RemoteSocket.Path}}")" ` @@ -411,6 +429,17 @@ func getCerts(certsDir string) []File { return files } +func getProxyVariables() string { + proxyOpts := "" + proxyVariables := []string{"HTTP_PROXY", "HTTPS_PROXY", "NO_PROXY", "http_proxy", "https_proxy", "no_proxy"} + for _, variable := range proxyVariables { + if value, ok := os.LookupEnv(variable); ok { + proxyOpts += fmt.Sprintf("\n export %s=%s", variable, value) + } + } + return proxyOpts +} + func getLinks(usrName string) []Link { return []Link{{ Node: Node{ |