Merge pull request #12748 from flouthoc/ign_add_proxy_vars

ignition: set `HTTP` proxy variable and `SSL_CERT_FILE` from `host` -> `machine`.
containers · Jan 11, 2022 · 4db1aff · 4db1aff
2 parents 7621291 + a95c01e
commit 4db1aff
Show file tree

Hide file tree

Showing 2 changed files with 104 additions and 35 deletions.
diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go
@@ -10,6 +10,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/containers/common/pkg/config"
 	"github.com/sirupsen/logrus"
 )
 
@@ -340,6 +341,24 @@ machine_enabled=true
 		},
 	})
 
+	setProxyOpts := getProxyVariables()
+	if setProxyOpts != "" {
+		files = append(files, File{
+			Node: Node{
+				Group: getNodeGrp("root"),
+				Path:  "/etc/profile.d/proxy-opts.sh",
+				User:  getNodeUsr("root"),
+			},
+			FileEmbedded1: FileEmbedded1{
+				Append: nil,
+				Contents: Resource{
+					Source: encodeDataURLPtr(setProxyOpts),
+				},
+				Mode: intToPtr(0644),
+			},
+		})
+	}
+
 	setDockerHost := `export DOCKER_HOST="unix://$(podman info -f "{{.Host.RemoteSocket.Path}}")"
 `
 
@@ -365,52 +384,110 @@ machine_enabled=true
 		return files
 	}
 
-	certFiles := getCerts(filepath.Join(userHome, ".config/containers/certs.d"))
+	certFiles := getCerts(filepath.Join(userHome, ".config/containers/certs.d"), true)
 	files = append(files, certFiles...)
 
-	certFiles = getCerts(filepath.Join(userHome, ".config/docker/certs.d"))
+	certFiles = getCerts(filepath.Join(userHome, ".config/docker/certs.d"), true)
 	files = append(files, certFiles...)
 
+	if sslCertFile, ok := os.LookupEnv("SSL_CERT_FILE"); ok {
+		if _, err := os.Stat(sslCertFile); err == nil {
+			certFiles = getCerts(sslCertFile, false)
+			files = append(files, certFiles...)
+
+			if len(certFiles) > 0 {
+				setSSLCertFile := fmt.Sprintf("export %s=%s", "SSL_CERT_FILE", filepath.Join("/etc/containers/certs.d", filepath.Base(sslCertFile)))
+				files = append(files, File{
+					Node: Node{
+						Group: getNodeGrp("root"),
+						Path:  "/etc/profile.d/ssl_cert_file.sh",
+						User:  getNodeUsr("root"),
+					},
+					FileEmbedded1: FileEmbedded1{
+						Append: nil,
+						Contents: Resource{
+							Source: encodeDataURLPtr(setSSLCertFile),
+						},
+						Mode: intToPtr(0644),
+					},
+				})
+			}
+		}
+	}
+
 	return files
 }
 
-func getCerts(certsDir string) []File {
+func getCerts(certsDir string, isDir bool) []File {
 	var (
 		files []File
 	)
 
 	certs, err := ioutil.ReadDir(certsDir)
-	if err == nil {
-		for _, cert := range certs {
-			b, err := ioutil.ReadFile(filepath.Join(certsDir, cert.Name()))
-			if err != nil {
-				logrus.Warnf("Unable to read cert file %s", err.Error())
-				continue
-			}
-			files = append(files, File{
-				Node: Node{
-					Group: getNodeGrp("root"),
-					Path:  filepath.Join("/etc/containers/certs.d/", cert.Name()),
-					User:  getNodeUsr("root"),
-				},
-				FileEmbedded1: FileEmbedded1{
-					Append: nil,
-					Contents: Resource{
-						Source: encodeDataURLPtr(string(b)),
+	if isDir {
+		if err == nil {
+			for _, cert := range certs {
+				b, err := ioutil.ReadFile(filepath.Join(certsDir, cert.Name()))
+				if err != nil {
+					logrus.Warnf("Unable to read cert file %s", err.Error())
+					continue
+				}
+				files = append(files, File{
+					Node: Node{
+						Group: getNodeGrp("root"),
+						Path:  filepath.Join("/etc/containers/certs.d/", cert.Name()),
+						User:  getNodeUsr("root"),
 					},
-					Mode: intToPtr(0644),
-				},
-			})
+					FileEmbedded1: FileEmbedded1{
+						Append: nil,
+						Contents: Resource{
+							Source: encodeDataURLPtr(string(b)),
+						},
+						Mode: intToPtr(0644),
+					},
+				})
+			}
+		} else {
+			if !os.IsNotExist(err) {
+				logrus.Warnf("Unable to copy certs via ignition, error while reading certs from %s:  %s", certsDir, err.Error())
+			}
 		}
 	} else {
-		if !os.IsNotExist(err) {
-			logrus.Warnf("Unable to copy certs via ignition, error while reading certs from %s:  %s", certsDir, err.Error())
+		fileName := filepath.Base(certsDir)
+		b, err := ioutil.ReadFile(certsDir)
+		if err != nil {
+			logrus.Warnf("Unable to read cert file %s", err.Error())
+			return files
 		}
+		files = append(files, File{
+			Node: Node{
+				Group: getNodeGrp("root"),
+				Path:  filepath.Join("/etc/containers/certs.d/", fileName),
+				User:  getNodeUsr("root"),
+			},
+			FileEmbedded1: FileEmbedded1{
+				Append: nil,
+				Contents: Resource{
+					Source: encodeDataURLPtr(string(b)),
+				},
+				Mode: intToPtr(0644),
+			},
+		})
 	}
 
 	return files
 }
 
+func getProxyVariables() string {
+	proxyOpts := ""
+	for _, variable := range config.ProxyEnv {
+		if value, ok := os.LookupEnv(variable); ok {
+			proxyOpts += fmt.Sprintf("\n export %s=%s", variable, value)
+		}
+	}
+	return proxyOpts
+}
+
 func getLinks(usrName string) []Link {
 	return []Link{{
 		Node: Node{

diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
@@ -7,6 +7,7 @@ import (
 	"time"
 
 	"github.com/containers/common/libimage"
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/podman/v3/libpod"
 	"github.com/containers/podman/v3/libpod/define"
 	ann "github.com/containers/podman/v3/pkg/annotations"
@@ -126,16 +127,7 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 	if s.EnvHost {
 		defaultEnvs = envLib.Join(defaultEnvs, osEnv)
 	} else if s.HTTPProxy {
-		for _, envSpec := range []string{
-			"http_proxy",
-			"HTTP_PROXY",
-			"https_proxy",
-			"HTTPS_PROXY",
-			"ftp_proxy",
-			"FTP_PROXY",
-			"no_proxy",
-			"NO_PROXY",
-		} {
+		for _, envSpec := range config.ProxyEnv {
 			if v, ok := osEnv[envSpec]; ok {
 				defaultEnvs[envSpec] = v
 			}