Added system IPs to services "NO_PROXY" list
When configuring the Docker proxy (see feature doc at https://docs.starlingx.io/configuration/docker_proxy_config.html), the system IPs should be added automatically to the "NO_PROXY" environment variable of services "docker" and "containerd". This configuration was lost long time ago during a code cleanup (review https://review.opendev.org/c/starlingx/config/+/703516 , file controllerconfig/controllerconfig/controllerconfig/configassistant.py , line 2286). This commit implements again the addition of system IPs to "NO_PROXY" list. Test Plan: PASS: Successfully deploy an IPv4 AIO-SX and an IPv6 AIO-DX with no bootstrap overrides. PASS: In the deployed IPv4 AIO-SX with no bootstrap overrides, apply the configuration below and verify that the pod "ceph-pools-audit" (executed every 5 minutes) continues working correctly: source /etc/platform/openrc system service-parameter-add docker proxy https_proxy=http://1.2.3.4:3128 system service-parameter-add docker proxy http_proxy=http://1.2.3.4:3128 system service-parameter-add docker proxy no_proxy="5.6.7.8" system service-parameter-apply docker PASS: Repeat the test above in the IPv6 AIO-DX with no bootstrap overrides. PASS: Successfully deploy an IPv4 AIO-SX and an IPv6 AIO-DX with Docker proxy bootstrap overrides. Verify that the environment variables for "docker" and "containerd" services (at /etc/systemd/system/docker.service.d/http-proxy.conf and /etc/systemd/system/containerd.service.d/http-proxy.conf) are correct. Verify that the pod "ceph-pools-audit" (executed every 5 minutes) continues working correctly. Partial-Bug: 2062079 Depends-On: https://review.opendev.org/c/starlingx/config/+/916019 Change-Id: I7691fab7c4e2ba813bac1bf71c0ed7d4c4432380 Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
This commit is contained in:
parent
65ca94a953
commit
937132aafb
|
@ -18,12 +18,11 @@ class platform::containerd::proxyconfig{
|
|||
# inherit the proxy setting from docker
|
||||
$http_proxy = $::platform::docker::params::http_proxy
|
||||
$https_proxy = $::platform::docker::params::https_proxy
|
||||
if $::platform::docker::params::no_proxy {
|
||||
# Containerd doesn't work with the NO_PROXY environment
|
||||
# variable if it has IPv6 addresses with square brackets,
|
||||
# remove the square brackets
|
||||
$no_proxy = regsubst($::platform::docker::params::no_proxy, '\\[|\\]', '', 'G')
|
||||
}
|
||||
|
||||
# Containerd doesn't work with the NO_PROXY environment
|
||||
# variable if it has IPv6 addresses with square brackets,
|
||||
# remove the square brackets
|
||||
$no_proxy = regsubst($::platform::docker::params::no_proxy_complete_list, '\\[|\\]', '', 'G')
|
||||
|
||||
if $http_proxy or $https_proxy {
|
||||
file { '/etc/systemd/system/containerd.service.d':
|
||||
|
@ -45,6 +44,15 @@ class platform::containerd::proxyconfig{
|
|||
logoutput => true,
|
||||
refreshonly => true,
|
||||
} ~> Service['containerd']
|
||||
} else {
|
||||
file { '/etc/systemd/system/containerd.service.d/http-proxy.conf':
|
||||
ensure => absent,
|
||||
}
|
||||
~> exec { 'perform systemctl daemon reload for containerd proxy':
|
||||
command => 'systemctl daemon-reload',
|
||||
logoutput => true,
|
||||
refreshonly => true,
|
||||
} ~> Service['containerd']
|
||||
}
|
||||
|
||||
service { 'containerd':
|
||||
|
|
|
@ -24,19 +24,67 @@ class platform::docker::params (
|
|||
$ghcr_registry_secure = true,
|
||||
$registryk8s_registry_secure = true,
|
||||
$icr_registry_secure = true,
|
||||
) { }
|
||||
) {
|
||||
|
||||
include ::platform::network::oam::params
|
||||
include ::platform::network::mgmt::params
|
||||
include ::platform::network::cluster_host::params
|
||||
include ::platform::kubernetes::params
|
||||
|
||||
if $::platform::network::mgmt::params::subnet_version == $::platform::params::ipv6 {
|
||||
$localhost_address = '::1'
|
||||
} else {
|
||||
$localhost_address = '127.0.0.1'
|
||||
}
|
||||
|
||||
if $::platform::params::system_mode == 'simplex' {
|
||||
$no_proxy_unfiltered_list = @("EOL"/L)
|
||||
localhost,${localhost_address},registry.local,\
|
||||
${platform::network::oam::params::gateway_address},\
|
||||
${platform::network::oam::params::controller_address},\
|
||||
${platform::network::oam::params::controller0_address},\
|
||||
${platform::network::mgmt::params::gateway_address},\
|
||||
${platform::network::mgmt::params::controller_address},\
|
||||
${platform::network::mgmt::params::controller0_address},\
|
||||
${platform::network::cluster_host::params::gateway_address},\
|
||||
${platform::network::cluster_host::params::controller_address},\
|
||||
${platform::network::cluster_host::params::controller0_address},\
|
||||
${platform::kubernetes::params::apiserver_cluster_ip},\
|
||||
${platform::kubernetes::params::dns_service_ip},\
|
||||
cluster.local,${no_proxy}
|
||||
| -EOL
|
||||
} else {
|
||||
$no_proxy_unfiltered_list = @("EOL"/L)
|
||||
localhost,${localhost_address},registry.local,\
|
||||
${platform::network::oam::params::gateway_address},\
|
||||
${platform::network::oam::params::controller_address},\
|
||||
${platform::network::oam::params::controller0_address},\
|
||||
${platform::network::oam::params::controller1_address},\
|
||||
${platform::network::mgmt::params::gateway_address},\
|
||||
${platform::network::mgmt::params::controller_address},\
|
||||
${platform::network::mgmt::params::controller0_address},\
|
||||
${platform::network::mgmt::params::controller1_address},\
|
||||
${platform::network::cluster_host::params::gateway_address},\
|
||||
${platform::network::cluster_host::params::controller_address},\
|
||||
${platform::network::cluster_host::params::controller0_address},\
|
||||
${platform::network::cluster_host::params::controller1_address},\
|
||||
${platform::kubernetes::params::apiserver_cluster_ip},\
|
||||
${platform::kubernetes::params::dns_service_ip},\
|
||||
cluster.local,${no_proxy}
|
||||
| -EOL
|
||||
}
|
||||
|
||||
# Remove duplicates.
|
||||
$no_proxy_complete_list = split($no_proxy_unfiltered_list, ',').unique.join(',')
|
||||
}
|
||||
|
||||
class platform::docker::proxyconfig
|
||||
inherits ::platform::docker::params {
|
||||
include ::platform::docker::install
|
||||
|
||||
if $::osfamily == 'Debian' {
|
||||
if $::platform::docker::params::no_proxy {
|
||||
# Docker on Debian doesn't work with the NO_PROXY environment variable if it
|
||||
# has IPv6 addresses with square brackets, thus remove the square brackets
|
||||
$no_proxy = regsubst($::platform::docker::params::no_proxy, '\\[|\\]', '', 'G')
|
||||
}
|
||||
}
|
||||
# Docker on Debian doesn't work with the NO_PROXY environment variable if it
|
||||
# has IPv6 addresses with square brackets, thus remove the square brackets
|
||||
$no_proxy = regsubst($::platform::docker::params::no_proxy_complete_list, '\\[|\\]', '', 'G')
|
||||
|
||||
if $http_proxy or $https_proxy {
|
||||
file { '/etc/systemd/system/docker.service.d':
|
||||
|
@ -57,6 +105,15 @@ class platform::docker::proxyconfig
|
|||
logoutput => true,
|
||||
refreshonly => true,
|
||||
} ~> Service['docker']
|
||||
} else {
|
||||
file { '/etc/systemd/system/docker.service.d/http-proxy.conf':
|
||||
ensure => absent,
|
||||
}
|
||||
~> exec { 'perform systemctl daemon reload for docker proxy':
|
||||
command => 'systemctl daemon-reload',
|
||||
logoutput => true,
|
||||
refreshonly => true,
|
||||
} ~> Service['docker']
|
||||
}
|
||||
|
||||
service { 'docker':
|
||||
|
|
|
@ -8,6 +8,7 @@ class platform::kubernetes::params (
|
|||
$kubelet_version = undef,
|
||||
$node_ip = undef,
|
||||
$service_domain = undef,
|
||||
$apiserver_cluster_ip = undef,
|
||||
$dns_service_ip = undef,
|
||||
$host_labels = [],
|
||||
$k8s_cpuset = undef,
|
||||
|
|
Loading…
Reference in New Issue