From ad2ef4962c83a42692fb0662e4eac2484fd7cf83 Mon Sep 17 00:00:00 2001
From: Feilong Wang <flwang@catalyst.net.nz>
Date: Wed, 11 Dec 2019 16:19:52 +1300
Subject: [PATCH] Fix proxy issue for k8s fedora drivers
Due to the big changes recently to support k8s rolling upgrade, a
regression issue was introduced which is broken the proxy function
for image downloading. This patch fixes it for both fedor atomic
driver and fedora coreos driver.
Task: 37784
Story: 2007005
Change-Id: I11113d69629e1a97a58e5270f67c7404292b45c3
---
.../templates/kubernetes/fragments/start-container-agent.sh | 3 +++
.../drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml | 3 +++
.../drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml | 3 +++
.../drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml | 3 +++
.../drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml | 3 +++
.../drivers/k8s_fedora_coreos_v1/templates/user_data.json | 4 ++--
releasenotes/notes/fix-fedora-proxy-a4b8d5fc4ec65e80.yaml | 6 ++++++
7 files changed, 23 insertions(+), 2 deletions(-)
create mode 100644 releasenotes/notes/fix-fedora-proxy-a4b8d5fc4ec65e80.yaml
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/start-container-agent.sh b/magnum/drivers/common/templates/kubernetes/fragments/start-container-agent.sh
index e141b4d17d..86d26990db 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/start-container-agent.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/start-container-agent.sh
@@ -11,14 +11,17 @@ HEAT_CONTAINER_AGENT_TAG="$HEAT_CONTAINER_AGENT_TAG"
if [ -n "${HTTP_PROXY}" ]; then
export HTTP_PROXY
+ echo "http_proxy=${HTTP_PROXY}" >> /etc/environment
fi
if [ -n "${HTTPS_PROXY}" ]; then
export HTTPS_PROXY
+ echo "https_proxy=${HTTPS_PROXY}" >> /etc/environment
fi
if [ -n "${NO_PROXY}" ]; then
export NO_PROXY
+ echo "no_proxy=${NO_PROXY}" >> /etc/environment
fi
# Create a keypair for the heat-container-agent to
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
index de9ac053cf..0421a63207 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
@@ -620,6 +620,9 @@ resources:
$CONTAINER_INFRA_PREFIX: {get_param: container_infra_prefix}
$HEAT_CONTAINER_AGENT_TAG: {get_param: heat_container_agent_tag}
$USE_PODMAN: {get_param: use_podman}
+ $HTTP_PROXY: {get_param: http_proxy}
+ $HTTPS_PROXY: {get_param: https_proxy}
+ $NO_PROXY: {get_param: no_proxy}
- get_file: ../../common/templates/kubernetes/fragments/disable-selinux.sh
master_config:
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
index 48711159e4..085291292f 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
@@ -357,6 +357,9 @@ resources:
$CONTAINER_INFRA_PREFIX: {get_param: container_infra_prefix}
$HEAT_CONTAINER_AGENT_TAG: {get_param: heat_container_agent_tag}
$USE_PODMAN: {get_param: use_podman}
+ $HTTP_PROXY: {get_param: http_proxy}
+ $HTTPS_PROXY: {get_param: https_proxy}
+ $NO_PROXY: {get_param: no_proxy}
- get_file: ../../common/templates/kubernetes/fragments/disable-selinux.sh
######################################################################
diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml
index a92d4073c0..4b15a4e412 100644
--- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml
+++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml
@@ -627,6 +627,9 @@ resources:
- "docker.io/openstackmagnum/"
- get_param: container_infra_prefix
$HEAT_CONTAINER_AGENT_TAG: {get_param: heat_container_agent_tag}
+ $HTTP_PROXY: {get_param: http_proxy}
+ $HTTPS_PROXY: {get_param: https_proxy}
+ $NO_PROXY: {get_param: no_proxy}
master_config:
type: OS::Heat::SoftwareConfig
diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml
index d76fdd4b64..c14a2c6cb0 100644
--- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml
+++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml
@@ -362,6 +362,9 @@ resources:
- "docker.io/openstackmagnum/"
- get_param: container_infra_prefix
$HEAT_CONTAINER_AGENT_TAG: {get_param: heat_container_agent_tag}
+ $HTTP_PROXY: {get_param: http_proxy}
+ $HTTPS_PROXY: {get_param: https_proxy}
+ $NO_PROXY: {get_param: no_proxy}
######################################################################
#
diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json b/magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json
index 2ba3b37f46..004361711e 100644
--- a/magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json
+++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json
@@ -61,7 +61,7 @@
"mode": 700,
"path": "/root/configure-agent-env.sh",
"contents": {
- "source": "data:,%23!%2Fbin%2Fbash%0A%0Aset%20-x%0Aset%20-e%0Aset%20%2Bu%0A%0Auntil%20%5B%20-f%20%2Fetc%2Fpki%2Fca-trust%2Fsource%2Fanchors%2Fopenstack-ca.pem%20%5D%0Ado%0A%20%20%20%20echo%20%22waiting%20for%20%2Fetc%2Fpki%2Fca-trust%2Fsource%2Fanchors%2Fopenstack-ca.pem%22%0A%20%20%20%20sleep%203s%0Adone%0A%2Fusr%2Fbin%2Fupdate-ca-trust%0A%0AHTTP_PROXY%3D%22%24HTTP_PROXY%22%0AHTTPS_PROXY%3D%22%24HTTPS_PROXY%22%0ANO_PROXY%3D%22%24NO_PROXY%22%0ACONTAINER_INFRA_PREFIX%3D%22%24CONTAINER_INFRA_PREFIX%22%0AHEAT_CONTAINER_AGENT_TAG%3D%22%24HEAT_CONTAINER_AGENT_TAG%22%0A%0A%0Aif%20%5B%20-n%20%22%24%7BHTTP_PROXY%7D%22%20%5D%3B%20then%0A%20%20%20%20export%20HTTP_PROXY%0Afi%0A%0Aif%20%5B%20-n%20%22%24%7BHTTPS_PROXY%7D%22%20%5D%3B%20then%0A%20%20%20%20export%20HTTPS_PROXY%0Afi%0A%0Aif%20%5B%20-n%20%22%24%7BNO_PROXY%7D%22%20%5D%3B%20then%0A%20%20%20%20export%20NO_PROXY%0Afi%0A%0A%23%20Create%20a%20keypair%20for%20the%20heat-container-agent%20to%0A%23%20access%20the%20node%20over%20ssh.%20It%20is%20useful%20to%20operate%0A%23%20in%20host%20mount%20namespace%20and%20apply%20configuration.%0Aid%0Amkdir%20-p%20%2Fsrv%2Fmagnum%2F.ssh%0Achmod%200700%20%2Fsrv%2Fmagnum%2F.ssh%0A%23touch%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa%0Assh-keygen%20-q%20-t%20rsa%20-N%20''%20-f%20%2Ftmp%2Fheat_agent_rsa%0Amv%20%2Ftmp%2Fheat_agent_rsa%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa%0Amv%20%2Ftmp%2Fheat_agent_rsa.pub%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa.pub%0Achmod%200400%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa%0Achmod%200400%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa.pub%0A%23%20Add%20the%20public%20to%20the%20host%20authorized_keys%20file.%0Amkdir%20-p%20%2Froot%2F.ssh%0Achmod%200700%20%2Froot%2F.ssh%0Acat%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa.pub%20%3E%20%2Froot%2F.ssh%2Fauthorized_keys%0A%23%20Add%20localost%20to%20know_hosts%0Assh-keyscan%20127.0.0.1%20%3E%20%2Fsrv%2Fmagnum%2F.ssh%2Fknown_hosts%0A%23%20ssh%20configguration%20file%2C%20to%20be%20specified%20with%20ssh%20-F%0Acat%20%3E%20%2Fsrv%2Fmagnum%2F.ssh%2Fconfig%20%3C%3CEOF%0AHost%20localhost%0A%20%20%20%20%20HostName%20127.0.0.1%0A%20%20%20%20%20User%20root%0A%20%20%20%20%20IdentityFile%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa%0A%20%20%20%20%20UserKnownHostsFile%20%2Fsrv%2Fmagnum%2F.ssh%2Fknown_hosts%0AEOF%0A%0Ased%20-i%20'%2F%5EPermitRootLogin%2F%20s%2F%20.*%2F%20without-password%2F'%20%2Fetc%2Fssh%2Fsshd_config%0A%23%20Security%20enhancement%3A%20Disable%20password%20authentication%0Ased%20-i%20'%2F%5EPasswordAuthentication%20yes%2F%20s%2F%20yes%2F%20no%2F'%20%2Fetc%2Fssh%2Fsshd_config%0A%0Asystemctl%20restart%20sshd%0A",
+ "source": "data:,%23%21%2Fbin%2Fbash%0A%0Aset%20-x%0Aset%20-e%0Aset%20%2Bu%0A%0Auntil%20%5B%20-f%20%2Fetc%2Fpki%2Fca-trust%2Fsource%2Fanchors%2Fopenstack-ca.pem%20%5D%0Ado%0A%20%20%20%20echo%20%22waiting%20for%20%2Fetc%2Fpki%2Fca-trust%2Fsource%2Fanchors%2Fopenstack-ca.pem%22%0A%20%20%20%20sleep%203s%0Adone%0A%2Fusr%2Fbin%2Fupdate-ca-trust%0A%0AHTTP_PROXY%3D%22$HTTP_PROXY%22%0AHTTPS_PROXY%3D%22$HTTPS_PROXY%22%0ANO_PROXY%3D%22$NO_PROXY%22%0ACONTAINER_INFRA_PREFIX%3D%22$CONTAINER_INFRA_PREFIX%22%0AHEAT_CONTAINER_AGENT_TAG%3D%22$HEAT_CONTAINER_AGENT_TAG%22%0A%0A%0Aif%20%5B%20-n%20%22%24%7BHTTP_PROXY%7D%22%20%5D%3B%20then%0A%20%20%20%20export%20HTTP_PROXY%0A%20%20%20%20echo%20%22http_proxy%3D%24%7BHTTP_PROXY%7D%22%20%3E%3E%20%2Fetc%2Fenvironment%0Afi%0A%0Aif%20%5B%20-n%20%22%24%7BHTTPS_PROXY%7D%22%20%5D%3B%20then%0A%20%20%20%20export%20HTTPS_PROXY%0A%20%20%20%20echo%20%22https_proxy%3D%24%7BHTTPS_PROXY%7D%22%20%3E%3E%20%2Fetc%2Fenvironment%0Afi%0A%0Aif%20%5B%20-n%20%22%24%7BNO_PROXY%7D%22%20%5D%3B%20then%0A%20%20%20%20export%20NO_PROXY%0A%20%20%20%20echo%20%22no_proxy%3D%24%7BNO_PROXY%7D%22%20%3E%3E%20%2Fetc%2Fenvironment%0Afi%0A%0A%23%20Create%20a%20keypair%20for%20the%20heat-container-agent%20to%0A%23%20access%20the%20node%20over%20ssh.%20It%20is%20useful%20to%20operate%0A%23%20in%20host%20mount%20namespace%20and%20apply%20configuration.%0Aid%0Amkdir%20-p%20%2Fsrv%2Fmagnum%2F.ssh%0Achmod%200700%20%2Fsrv%2Fmagnum%2F.ssh%0A%23touch%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa%0Assh-keygen%20-q%20-t%20rsa%20-N%20%27%27%20-f%20%2Ftmp%2Fheat_agent_rsa%0Amv%20%2Ftmp%2Fheat_agent_rsa%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa%0Amv%20%2Ftmp%2Fheat_agent_rsa.pub%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa.pub%0Achmod%200400%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa%0Achmod%200400%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa.pub%0A%23%20Add%20the%20public%20to%20the%20host%20authorized_keys%20file.%0Amkdir%20-p%20%2Froot%2F.ssh%0Achmod%200700%20%2Froot%2F.ssh%0Acat%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa.pub%20%3E%20%2Froot%2F.ssh%2Fauthorized_keys%0A%23%20Add%20localost%20to%20know_hosts%0Assh-keyscan%20127.0.0.1%20%3E%20%2Fsrv%2Fmagnum%2F.ssh%2Fknown_hosts%0A%23%20ssh%20configguration%20file%2C%20to%20be%20specified%20with%20ssh%20-F%0Acat%20%3E%20%2Fsrv%2Fmagnum%2F.ssh%2Fconfig%20%3C%3CEOF%0AHost%20localhost%0A%20%20%20%20%20HostName%20127.0.0.1%0A%20%20%20%20%20User%20root%0A%20%20%20%20%20IdentityFile%20%2Fsrv%2Fmagnum%2F.ssh%2Fheat_agent_rsa%0A%20%20%20%20%20UserKnownHostsFile%20%2Fsrv%2Fmagnum%2F.ssh%2Fknown_hosts%0AEOF%0A%0Ased%20-i%20%27%2F%5EPermitRootLogin%2F%20s%2F%20.%2A%2F%20without-password%2F%27%20%2Fetc%2Fssh%2Fsshd_config%0A%23%20Security%20enhancement%3A%20Disable%20password%20authentication%0Ased%20-i%20%27%2F%5EPasswordAuthentication%20yes%2F%20s%2F%20yes%2F%20no%2F%27%20%2Fetc%2Fssh%2Fsshd_config%0A%0Asystemctl%20restart%20sshd",
"verification": {}
}
}
@@ -77,7 +77,7 @@
{
"name": "heat-container-agent.service",
"enabled": true,
- "contents": "[Unit]\nDescription=Run heat-container-agent\nAfter=network-online.target configure-agent-env.service\nWants=network-online.target\n\n[Service]\nExecStartPre=mkdir -p /var/lib/heat-container-agent\nExecStartPre=mkdir -p /var/run/heat-config\nExecStartPre=mkdir -p /var/run/os-collect-config\nExecStartPre=mkdir -p /opt/stack/os-config-refresh\nExecStartPre=-mv /var/lib/os-collect-config/local-data /var/lib/cloud/data/cfn-init-data\nExecStartPre=mkdir -p /srv/magnum\nExecStartPre=-/bin/podman kill heat-container-agent\nExecStartPre=-/bin/podman rm heat-container-agent\nExecStartPre=-/bin/podman pull $CONTAINER_INFRA_PREFIXheat-container-agent:$HEAT_CONTAINER_AGENT_TAG\nExecStart=/bin/podman run \\\n --name heat-container-agent \\\n --privileged \\\n --volume /srv/magnum:/srv/magnum \\\n --volume /opt/stack/os-config-refresh:/opt/stack/os-config-refresh \\\n --volume /run/systemd:/run/systemd \\\n --volume /etc/:/etc/ \\\n --volume /var/lib:/var/lib \\\n --volume /var/run:/var/run \\\n --volume /var/log:/var/log \\\n --volume /tmp:/tmp \\\n --volume /dev:/dev \\\n --env REQUESTS_CA_BUNDLE=/etc/pki/ca-trust/source/anchors/openstack-ca.pem --net=host \\\n $CONTAINER_INFRA_PREFIXheat-container-agent:$HEAT_CONTAINER_AGENT_TAG \\\n /usr/bin/start-heat-container-agent\nTimeoutStartSec=10min\n\nExecStop=/bin/podman stop heat-container-agent\n\n[Install]\nWantedBy=multi-user.target\n"
+ "contents": "[Unit]\nDescription=Run heat-container-agent\nAfter=network-online.target configure-agent-env.service\nWants=network-online.target\n\n[Service]\nEnvironmentFile=-/etc/environment\nExecStartPre=mkdir -p /var/lib/heat-container-agent\nExecStartPre=mkdir -p /var/run/heat-config\nExecStartPre=mkdir -p /var/run/os-collect-config\nExecStartPre=mkdir -p /opt/stack/os-config-refresh\nExecStartPre=-mv /var/lib/os-collect-config/local-data /var/lib/cloud/data/cfn-init-data\nExecStartPre=mkdir -p /srv/magnum\nExecStartPre=-/bin/podman kill heat-container-agent\nExecStartPre=-/bin/podman rm heat-container-agent\nExecStartPre=-/bin/podman pull $CONTAINER_INFRA_PREFIXheat-container-agent:$HEAT_CONTAINER_AGENT_TAG\nExecStart=/bin/podman run \\\n --name heat-container-agent \\\n --privileged \\\n --volume /srv/magnum:/srv/magnum \\\n --volume /opt/stack/os-config-refresh:/opt/stack/os-config-refresh \\\n --volume /run/systemd:/run/systemd \\\n --volume /etc/:/etc/ \\\n --volume /var/lib:/var/lib \\\n --volume /var/run:/var/run \\\n --volume /var/log:/var/log \\\n --volume /tmp:/tmp \\\n --volume /dev:/dev \\\n --env REQUESTS_CA_BUNDLE=/etc/pki/ca-trust/source/anchors/openstack-ca.pem --net=host \\\n $CONTAINER_INFRA_PREFIXheat-container-agent:$HEAT_CONTAINER_AGENT_TAG \\\n /usr/bin/start-heat-container-agent\nTimeoutStartSec=10min\n\nExecStop=/bin/podman stop heat-container-agent\n\n[Install]\nWantedBy=multi-user.target\n"
}
]
}
diff --git a/releasenotes/notes/fix-fedora-proxy-a4b8d5fc4ec65e80.yaml b/releasenotes/notes/fix-fedora-proxy-a4b8d5fc4ec65e80.yaml
new file mode 100644
index 0000000000..1f28ffa877
--- /dev/null
+++ b/releasenotes/notes/fix-fedora-proxy-a4b8d5fc4ec65e80.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+ - |
+ A regression issue about downloading images has been fixed. Now both Fedora
+ Atomic driver and Fedora CoreOS driver can support using proxy in template
+ to create cluster.