aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authoresendjer <esendjer@gmail.com>2022-02-11 02:58:53 +0500
committeresendjer <esendjer@gmail.com>2022-02-12 21:24:15 +0500
commita8928a3caa432c9523070f790eb15b733ab44753 (patch)
tree53f1eba5226d2aa9b0455201ad99b799fb7f7bd3 /pkg
parent12836a5610ea6d4f6844d4fbdc222b439ccbc746 (diff)
downloadpodman-a8928a3caa432c9523070f790eb15b733ab44753.tar.gz
podman-a8928a3caa432c9523070f790eb15b733ab44753.tar.bz2
podman-a8928a3caa432c9523070f790eb15b733ab44753.zip
ignition: propagate proxy settings from a host into a vm
Set proxy settings (such as `HTTP_PROXY`, and others) for the whole guest OS with setting up `DefaultEnvironment` with a `systemd` configuration file `default-env.conf`, a `profile.d` scenario file - `default-env.sh` and a `environment.d` configuration file `default-env.conf` The **actual** environment variables are read by podman at a start, then they are encrypted with base64 into a single string and after are provided into a VM through QEMU Firmware Configuration (fw_cfg) Device Inside a VM a systemd service `envset-fwcfg.service` reads the providead encrypted string from fw_cfg, decrypts and then adds to the files - `/etc/systemd/system.conf.d/default-env.conf` - `/etc/profile.d/default-env.sh` - `/etc/environment.d/default-env.conf` At the end this service execute `systemctl daemon-reload` to propagate new variables for systemd manager [NO NEW TESTS NEEDED] Closes #13168 Signed-off-by: esendjer <esendjer@gmail.com>
Diffstat (limited to 'pkg')
-rw-r--r--pkg/machine/ignition.go85
-rw-r--r--pkg/machine/qemu/machine.go16
2 files changed, 79 insertions, 22 deletions
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
index 206c9144f..47b1836f0 100644
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@@ -145,7 +145,42 @@ ExecStartPost=/bin/touch /var/lib/%N.stamp
[Install]
WantedBy=default.target
- `
+`
+ // This service gets environment variables that are provided
+ // through qemu fw_cfg and then sets them into systemd/system.conf.d,
+ // profile.d and environment.d files
+ //
+ // Currently, it is used for propagating
+ // proxy settings e.g. HTTP_PROXY and others, on a start avoiding
+ // a need of re-creating/re-initiating a VM
+ envset := `[Unit]
+Description=Environment setter from QEMU FW_CFG
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+Environment=FWCFGRAW=/sys/firmware/qemu_fw_cfg/by_name/opt/com.coreos/environment/raw
+Environment=SYSTEMD_CONF=/etc/systemd/system.conf.d/default-env.conf
+Environment=ENVD_CONF=/etc/environment.d/default-env.conf
+Environment=PROFILE_CONF=/etc/profile.d/default-env.sh
+ExecStart=/usr/bin/bash -c '/usr/bin/test -f ${FWCFGRAW} &&\
+ echo "[Manager]\n#Got from QEMU FW_CFG\nDefaultEnvironment=$(/usr/bin/base64 -d ${FWCFGRAW} | sed -e "s+|+ +g")\n" > ${SYSTEMD_CONF} ||\
+ echo "[Manager]\n#Got nothing from QEMU FW_CFG\n#DefaultEnvironment=\n" > ${SYSTEMD_CONF}'
+ExecStart=/usr/bin/bash -c '/usr/bin/test -f ${FWCFGRAW} && (\
+ echo "#Got from QEMU FW_CFG"> ${ENVD_CONF};\
+ IFS="|";\
+ for iprxy in $(/usr/bin/base64 -d ${FWCFGRAW}); do\
+ echo "$iprxy" >> ${ENVD_CONF}; done ) || \
+ echo "#Got nothing from QEMU FW_CFG"> ${ENVD_CONF}'
+ExecStart=/usr/bin/bash -c '/usr/bin/test -f ${FWCFGRAW} && (\
+ echo "#Got from QEMU FW_CFG"> ${PROFILE_CONF};\
+ IFS="|";\
+ for iprxy in $(/usr/bin/base64 -d ${FWCFGRAW}); do\
+ echo "export $iprxy" >> ${PROFILE_CONF}; done ) || \
+ echo "#Got nothing from QEMU FW_CFG"> ${PROFILE_CONF}'
+ExecStartPost=/usr/bin/systemctl daemon-reload
+[Install]
+WantedBy=sysinit.target
+`
_ = ready
ignSystemd := Systemd{
Units: []Unit{
@@ -173,6 +208,11 @@ WantedBy=default.target
Name: "remove-moby.service",
Contents: &deMoby,
},
+ {
+ Enabled: boolToPtr(true),
+ Name: "envset-fwcfg.service",
+ Contents: &envset,
+ },
}}
ignConfig := Config{
Ignition: ignVersion,
@@ -226,6 +266,25 @@ func getDirs(usrName string) []Directory {
DirectoryEmbedded1: DirectoryEmbedded1{Mode: intToPtr(0755)},
})
+ // The directory is used by envset-fwcfg.service
+ // for propagating environment variables that got
+ // from a host
+ dirs = append(dirs, Directory{
+ Node: Node{
+ Group: getNodeGrp("root"),
+ Path: "/etc/systemd/system.conf.d",
+ User: getNodeUsr("root"),
+ },
+ DirectoryEmbedded1: DirectoryEmbedded1{Mode: intToPtr(0755)},
+ }, Directory{
+ Node: Node{
+ Group: getNodeGrp("root"),
+ Path: "/etc/environment.d",
+ User: getNodeUsr("root"),
+ },
+ DirectoryEmbedded1: DirectoryEmbedded1{Mode: intToPtr(0755)},
+ })
+
return dirs
}
@@ -363,24 +422,6 @@ Delegate=memory pids cpu io
},
})
- setProxyOpts := getProxyVariables()
- if setProxyOpts != "" {
- files = append(files, File{
- Node: Node{
- Group: getNodeGrp("root"),
- Path: "/etc/profile.d/proxy-opts.sh",
- User: getNodeUsr("root"),
- },
- FileEmbedded1: FileEmbedded1{
- Append: nil,
- Contents: Resource{
- Source: encodeDataURLPtr(setProxyOpts),
- },
- Mode: intToPtr(0644),
- },
- })
- }
-
setDockerHost := `export DOCKER_HOST="unix://$(podman info -f "{{.Host.RemoteSocket.Path}}")"
`
@@ -506,11 +547,11 @@ func prepareCertFile(path string, name string) (File, error) {
return file, nil
}
-func getProxyVariables() string {
- proxyOpts := ""
+func GetProxyVariables() map[string]string {
+ proxyOpts := make(map[string]string)
for _, variable := range config.ProxyEnv {
if value, ok := os.LookupEnv(variable); ok {
- proxyOpts += fmt.Sprintf("\n export %s=%s", variable, value)
+ proxyOpts[variable] = value
}
}
return proxyOpts
diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go
index eb7b35ece..240442e49 100644
--- a/pkg/machine/qemu/machine.go
+++ b/pkg/machine/qemu/machine.go
@@ -1,9 +1,11 @@
+//go:build (amd64 && !windows) || (arm64 && !windows)
// +build amd64,!windows arm64,!windows
package qemu
import (
"bufio"
+ "encoding/base64"
"encoding/json"
"fmt"
"io/ioutil"
@@ -123,6 +125,20 @@ func (p *Provider) LoadVMByName(name string) (machine.VM, error) {
return nil, err
}
err = json.Unmarshal(b, vm)
+
+ // It is here for providing the ability to propagate
+ // proxy settings (e.g. HTTP_PROXY and others) on a start
+ // and avoid a need of re-creating/re-initiating a VM
+ if proxyOpts := machine.GetProxyVariables(); len(proxyOpts) > 0 {
+ proxyStr := "name=opt/com.coreos/environment,string="
+ var proxies string
+ for k, v := range proxyOpts {
+ proxies = fmt.Sprintf("%s%s=\"%s\"|", proxies, k, v)
+ }
+ proxyStr = fmt.Sprintf("%s%s", proxyStr, base64.StdEncoding.EncodeToString([]byte(proxies)))
+ vm.CmdLine = append(vm.CmdLine, "-fw_cfg", proxyStr)
+ }
+
logrus.Debug(vm.CmdLine)
return vm, err
}