Skip to content

Commit

Permalink
machine: Setup proxy for podman.service
Browse files Browse the repository at this point in the history
At the moment, the proxy configuration done in crc is not used by
podman-remote. This happens because we don't propagate the needed
environment variable to the services podman uses in the VM.

This commit creates a /etc/environment.d/proxy-env.conf file which will
be used automatically by systemd when it spawns podman.service for
rootless use (ie through a systemd user instance)

This then adds a /etc/systemd/system/podman.service.d/proxy-env.conf
file to achieve the same for podman.service used as root (in the main
systemd instance).  This file re-uses the env vars defined in
/etc/environment.d/proxy-env.conf

This fixes #3166
  • Loading branch information
cfergeau authored and praveenkumar committed May 17, 2022
1 parent ab054b2 commit a706553
Showing 1 changed file with 60 additions and 4 deletions.
64 changes: 60 additions & 4 deletions pkg/crc/machine/start.go
Original file line number Diff line number Diff line change
Expand Up @@ -320,10 +320,18 @@ func (client *client) Start(ctx context.Context, startConfig types.StartConfig)
return nil, errors.Wrap(err, "Failed to change permissions to root podman socket")
}

proxyConfig, err := getProxyConfig(vm.bundle)
if err != nil {
return nil, errors.Wrap(err, "Error getting proxy configuration")
}

if !vm.bundle.IsOpenShift() {
// **************************
// END OF PODMAN START CODE
// **************************
if err := configurePodmanProxy(ctx, sshRunner, proxyConfig); err != nil {
return nil, errors.Wrap(err, "Failed to configure proxy for podman")
}
if err := dns.AddPodmanHosts(instanceIP); err != nil {
return nil, errors.Wrap(err, "Failed to add podman host dns entry")
}
Expand All @@ -345,10 +353,6 @@ func (client *client) Start(ctx context.Context, startConfig types.StartConfig)
}, nil
}

proxyConfig, err := getProxyConfig(vm.bundle)
if err != nil {
return nil, errors.Wrap(err, "Error getting proxy configuration")
}
proxyConfig.ApplyToEnvironment()
proxyConfig.AddNoProxy(instanceIP)

Expand Down Expand Up @@ -642,6 +646,58 @@ func copyKubeconfigFileWithUpdatedUserClientCertAndKey(selfSignedCAKey *rsa.Priv
return updateClientCrtAndKeyToKubeconfig(clientKey, clientCert, srcKubeConfigPath, dstKubeConfigPath)
}

func configurePodmanProxy(ctx context.Context, sshRunner *crcssh.Runner, proxy *network.ProxyConfig) (err error) {
if !proxy.IsEnabled() {
return nil
}

_, _, err = sshRunner.RunPrivileged("creating /etc/environment.d/", "mkdir -p /etc/environment.d/")
if err != nil {
return err
}

proxyEnv := strings.Builder{}
if proxy.HTTPProxy != "" {
proxyEnv.WriteString(fmt.Sprintf("http_proxy=%s\n", proxy.HTTPProxy))
proxyEnv.WriteString(fmt.Sprintf("HTTP_PROXY=%s\n", proxy.HTTPProxy))
}
if proxy.HTTPSProxy != "" {
proxyEnv.WriteString(fmt.Sprintf("https_proxy=%s\n", proxy.HTTPSProxy))
proxyEnv.WriteString(fmt.Sprintf("HTTPS_PROXY=%s\n", proxy.HTTPSProxy))
}
if len(proxy.GetNoProxyString()) != 0 {
proxyEnv.WriteString(fmt.Sprintf("no_proxy=%s\n", proxy.GetNoProxyString()))
proxyEnv.WriteString(fmt.Sprintf("NO_PROXY=%s\n", proxy.GetNoProxyString()))
}
err = sshRunner.CopyData([]byte(proxyEnv.String()), "/etc/environment.d/proxy-env.conf", 0644)
if err != nil {
return err
}

_, _, err = sshRunner.RunPrivileged("creating /etc/systemd/system/podman.service.d/", "mkdir -p /etc/systemd/system/podman.service.d/")
if err != nil {
return err
}
podmanServiceConf := "[Service]\nEnvironmentFile=/etc/environment.d/proxy-env.conf\n"
err = sshRunner.CopyData([]byte(podmanServiceConf), "/etc/systemd/system/podman.service.d/proxy-env.conf", 0644)
if err != nil {
return err
}

systemdCommander := systemd.NewInstanceSystemdCommander(sshRunner)
err = systemdCommander.DaemonReload()
if err != nil {
return err
}
err = systemdCommander.User().DaemonReload()
if err != nil {
return err
}

return nil

}

func ensureProxyIsConfiguredInOpenShift(ctx context.Context, ocConfig oc.Config, sshRunner *crcssh.Runner, proxy *network.ProxyConfig) (err error) {
if !proxy.IsEnabled() {
return nil
Expand Down

0 comments on commit a706553

Please sign in to comment.