diff options
-rw-r--r-- | pkg/machine/ignition.go | 127 | ||||
-rw-r--r-- | pkg/specgen/generate/container.go | 12 |
2 files changed, 104 insertions, 35 deletions
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go index 84d3be296..ac2cf71cf 100644 --- a/pkg/machine/ignition.go +++ b/pkg/machine/ignition.go @@ -10,6 +10,7 @@ import ( "os" "path/filepath" + "github.com/containers/common/pkg/config" "github.com/sirupsen/logrus" ) @@ -340,6 +341,24 @@ machine_enabled=true }, }) + setProxyOpts := getProxyVariables() + if setProxyOpts != "" { + files = append(files, File{ + Node: Node{ + Group: getNodeGrp("root"), + Path: "/etc/profile.d/proxy-opts.sh", + User: getNodeUsr("root"), + }, + FileEmbedded1: FileEmbedded1{ + Append: nil, + Contents: Resource{ + Source: encodeDataURLPtr(setProxyOpts), + }, + Mode: intToPtr(0644), + }, + }) + } + setDockerHost := `export DOCKER_HOST="unix://$(podman info -f "{{.Host.RemoteSocket.Path}}")" ` @@ -365,52 +384,110 @@ machine_enabled=true return files } - certFiles := getCerts(filepath.Join(userHome, ".config/containers/certs.d")) + certFiles := getCerts(filepath.Join(userHome, ".config/containers/certs.d"), true) files = append(files, certFiles...) - certFiles = getCerts(filepath.Join(userHome, ".config/docker/certs.d")) + certFiles = getCerts(filepath.Join(userHome, ".config/docker/certs.d"), true) files = append(files, certFiles...) + if sslCertFile, ok := os.LookupEnv("SSL_CERT_FILE"); ok { + if _, err := os.Stat(sslCertFile); err == nil { + certFiles = getCerts(sslCertFile, false) + files = append(files, certFiles...) + + if len(certFiles) > 0 { + setSSLCertFile := fmt.Sprintf("export %s=%s", "SSL_CERT_FILE", filepath.Join("/etc/containers/certs.d", filepath.Base(sslCertFile))) + files = append(files, File{ + Node: Node{ + Group: getNodeGrp("root"), + Path: "/etc/profile.d/ssl_cert_file.sh", + User: getNodeUsr("root"), + }, + FileEmbedded1: FileEmbedded1{ + Append: nil, + Contents: Resource{ + Source: encodeDataURLPtr(setSSLCertFile), + }, + Mode: intToPtr(0644), + }, + }) + } + } + } + return files } -func getCerts(certsDir string) []File { +func getCerts(certsDir string, isDir bool) []File { var ( files []File ) certs, err := ioutil.ReadDir(certsDir) - if err == nil { - for _, cert := range certs { - b, err := ioutil.ReadFile(filepath.Join(certsDir, cert.Name())) - if err != nil { - logrus.Warnf("Unable to read cert file %s", err.Error()) - continue - } - files = append(files, File{ - Node: Node{ - Group: getNodeGrp("root"), - Path: filepath.Join("/etc/containers/certs.d/", cert.Name()), - User: getNodeUsr("root"), - }, - FileEmbedded1: FileEmbedded1{ - Append: nil, - Contents: Resource{ - Source: encodeDataURLPtr(string(b)), + if isDir { + if err == nil { + for _, cert := range certs { + b, err := ioutil.ReadFile(filepath.Join(certsDir, cert.Name())) + if err != nil { + logrus.Warnf("Unable to read cert file %s", err.Error()) + continue + } + files = append(files, File{ + Node: Node{ + Group: getNodeGrp("root"), + Path: filepath.Join("/etc/containers/certs.d/", cert.Name()), + User: getNodeUsr("root"), }, - Mode: intToPtr(0644), - }, - }) + FileEmbedded1: FileEmbedded1{ + Append: nil, + Contents: Resource{ + Source: encodeDataURLPtr(string(b)), + }, + Mode: intToPtr(0644), + }, + }) + } + } else { + if !os.IsNotExist(err) { + logrus.Warnf("Unable to copy certs via ignition, error while reading certs from %s: %s", certsDir, err.Error()) + } } } else { - if !os.IsNotExist(err) { - logrus.Warnf("Unable to copy certs via ignition, error while reading certs from %s: %s", certsDir, err.Error()) + fileName := filepath.Base(certsDir) + b, err := ioutil.ReadFile(certsDir) + if err != nil { + logrus.Warnf("Unable to read cert file %s", err.Error()) + return files } + files = append(files, File{ + Node: Node{ + Group: getNodeGrp("root"), + Path: filepath.Join("/etc/containers/certs.d/", fileName), + User: getNodeUsr("root"), + }, + FileEmbedded1: FileEmbedded1{ + Append: nil, + Contents: Resource{ + Source: encodeDataURLPtr(string(b)), + }, + Mode: intToPtr(0644), + }, + }) } return files } +func getProxyVariables() string { + proxyOpts := "" + for _, variable := range config.ProxyEnv { + if value, ok := os.LookupEnv(variable); ok { + proxyOpts += fmt.Sprintf("\n export %s=%s", variable, value) + } + } + return proxyOpts +} + func getLinks(usrName string) []Link { return []Link{{ Node: Node{ diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index 5ec7c7b03..2c7b3c091 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -7,6 +7,7 @@ import ( "time" "github.com/containers/common/libimage" + "github.com/containers/common/pkg/config" "github.com/containers/podman/v3/libpod" "github.com/containers/podman/v3/libpod/define" ann "github.com/containers/podman/v3/pkg/annotations" @@ -126,16 +127,7 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat if s.EnvHost { defaultEnvs = envLib.Join(defaultEnvs, osEnv) } else if s.HTTPProxy { - for _, envSpec := range []string{ - "http_proxy", - "HTTP_PROXY", - "https_proxy", - "HTTPS_PROXY", - "ftp_proxy", - "FTP_PROXY", - "no_proxy", - "NO_PROXY", - } { + for _, envSpec := range config.ProxyEnv { if v, ok := osEnv[envSpec]; ok { defaultEnvs[envSpec] = v } |