summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--pkg/machine/ignition.go127
-rw-r--r--pkg/specgen/generate/container.go12
2 files changed, 104 insertions, 35 deletions
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
index 84d3be296..ac2cf71cf 100644
--- a/pkg/machine/ignition.go
+++ b/pkg/machine/ignition.go
@@ -10,6 +10,7 @@ import (
"os"
"path/filepath"
+ "github.com/containers/common/pkg/config"
"github.com/sirupsen/logrus"
)
@@ -340,6 +341,24 @@ machine_enabled=true
},
})
+ setProxyOpts := getProxyVariables()
+ if setProxyOpts != "" {
+ files = append(files, File{
+ Node: Node{
+ Group: getNodeGrp("root"),
+ Path: "/etc/profile.d/proxy-opts.sh",
+ User: getNodeUsr("root"),
+ },
+ FileEmbedded1: FileEmbedded1{
+ Append: nil,
+ Contents: Resource{
+ Source: encodeDataURLPtr(setProxyOpts),
+ },
+ Mode: intToPtr(0644),
+ },
+ })
+ }
+
setDockerHost := `export DOCKER_HOST="unix://$(podman info -f "{{.Host.RemoteSocket.Path}}")"
`
@@ -365,52 +384,110 @@ machine_enabled=true
return files
}
- certFiles := getCerts(filepath.Join(userHome, ".config/containers/certs.d"))
+ certFiles := getCerts(filepath.Join(userHome, ".config/containers/certs.d"), true)
files = append(files, certFiles...)
- certFiles = getCerts(filepath.Join(userHome, ".config/docker/certs.d"))
+ certFiles = getCerts(filepath.Join(userHome, ".config/docker/certs.d"), true)
files = append(files, certFiles...)
+ if sslCertFile, ok := os.LookupEnv("SSL_CERT_FILE"); ok {
+ if _, err := os.Stat(sslCertFile); err == nil {
+ certFiles = getCerts(sslCertFile, false)
+ files = append(files, certFiles...)
+
+ if len(certFiles) > 0 {
+ setSSLCertFile := fmt.Sprintf("export %s=%s", "SSL_CERT_FILE", filepath.Join("/etc/containers/certs.d", filepath.Base(sslCertFile)))
+ files = append(files, File{
+ Node: Node{
+ Group: getNodeGrp("root"),
+ Path: "/etc/profile.d/ssl_cert_file.sh",
+ User: getNodeUsr("root"),
+ },
+ FileEmbedded1: FileEmbedded1{
+ Append: nil,
+ Contents: Resource{
+ Source: encodeDataURLPtr(setSSLCertFile),
+ },
+ Mode: intToPtr(0644),
+ },
+ })
+ }
+ }
+ }
+
return files
}
-func getCerts(certsDir string) []File {
+func getCerts(certsDir string, isDir bool) []File {
var (
files []File
)
certs, err := ioutil.ReadDir(certsDir)
- if err == nil {
- for _, cert := range certs {
- b, err := ioutil.ReadFile(filepath.Join(certsDir, cert.Name()))
- if err != nil {
- logrus.Warnf("Unable to read cert file %s", err.Error())
- continue
- }
- files = append(files, File{
- Node: Node{
- Group: getNodeGrp("root"),
- Path: filepath.Join("/etc/containers/certs.d/", cert.Name()),
- User: getNodeUsr("root"),
- },
- FileEmbedded1: FileEmbedded1{
- Append: nil,
- Contents: Resource{
- Source: encodeDataURLPtr(string(b)),
+ if isDir {
+ if err == nil {
+ for _, cert := range certs {
+ b, err := ioutil.ReadFile(filepath.Join(certsDir, cert.Name()))
+ if err != nil {
+ logrus.Warnf("Unable to read cert file %s", err.Error())
+ continue
+ }
+ files = append(files, File{
+ Node: Node{
+ Group: getNodeGrp("root"),
+ Path: filepath.Join("/etc/containers/certs.d/", cert.Name()),
+ User: getNodeUsr("root"),
},
- Mode: intToPtr(0644),
- },
- })
+ FileEmbedded1: FileEmbedded1{
+ Append: nil,
+ Contents: Resource{
+ Source: encodeDataURLPtr(string(b)),
+ },
+ Mode: intToPtr(0644),
+ },
+ })
+ }
+ } else {
+ if !os.IsNotExist(err) {
+ logrus.Warnf("Unable to copy certs via ignition, error while reading certs from %s: %s", certsDir, err.Error())
+ }
}
} else {
- if !os.IsNotExist(err) {
- logrus.Warnf("Unable to copy certs via ignition, error while reading certs from %s: %s", certsDir, err.Error())
+ fileName := filepath.Base(certsDir)
+ b, err := ioutil.ReadFile(certsDir)
+ if err != nil {
+ logrus.Warnf("Unable to read cert file %s", err.Error())
+ return files
}
+ files = append(files, File{
+ Node: Node{
+ Group: getNodeGrp("root"),
+ Path: filepath.Join("/etc/containers/certs.d/", fileName),
+ User: getNodeUsr("root"),
+ },
+ FileEmbedded1: FileEmbedded1{
+ Append: nil,
+ Contents: Resource{
+ Source: encodeDataURLPtr(string(b)),
+ },
+ Mode: intToPtr(0644),
+ },
+ })
}
return files
}
+func getProxyVariables() string {
+ proxyOpts := ""
+ for _, variable := range config.ProxyEnv {
+ if value, ok := os.LookupEnv(variable); ok {
+ proxyOpts += fmt.Sprintf("\n export %s=%s", variable, value)
+ }
+ }
+ return proxyOpts
+}
+
func getLinks(usrName string) []Link {
return []Link{{
Node: Node{
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 5ec7c7b03..2c7b3c091 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -7,6 +7,7 @@ import (
"time"
"github.com/containers/common/libimage"
+ "github.com/containers/common/pkg/config"
"github.com/containers/podman/v3/libpod"
"github.com/containers/podman/v3/libpod/define"
ann "github.com/containers/podman/v3/pkg/annotations"
@@ -126,16 +127,7 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
if s.EnvHost {
defaultEnvs = envLib.Join(defaultEnvs, osEnv)
} else if s.HTTPProxy {
- for _, envSpec := range []string{
- "http_proxy",
- "HTTP_PROXY",
- "https_proxy",
- "HTTPS_PROXY",
- "ftp_proxy",
- "FTP_PROXY",
- "no_proxy",
- "NO_PROXY",
- } {
+ for _, envSpec := range config.ProxyEnv {
if v, ok := osEnv[envSpec]; ok {
defaultEnvs[envSpec] = v
}