openstack-helm/doc/source/troubleshooting/proxy.rst
wangqi 6bc4c2f9b7 fix spelling mistake in proxy.rst
Change-Id: I83930bbb48cc15a5d0690f627c178706676b4db0
2018-02-28 08:17:42 +00:00

3.3 KiB

Proxy Setting

This guide is to help enterprise users who wish to deploy OpenStack-Helm behind a corporate firewall and require a corporate proxy to reach the internet.

Proxy Environment Variables

Ensure the following proxy environment variables are defined either through an rc file or through modifying /etc/environment.

export http_proxy="http://username:password@host:port"
export HTTP_PROXY="http://username:password@host:port"
export https_proxy="https://username:password@host:port"
export HTTPS_PROXY="https://username:password@host:port"
export no_proxy="127.0.0.1,localhost,.svc.cluster.local"
export NO_PROXY="127.0.0.1,localhost,.svc.cluster.local"

Note the .svc.cluster.local is needed to allow the OpenStack client to connect without routing the connection to the proxy. Please update to the appropriate domain name if you have a different configuration.

External DNS

In tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml, under external_dns_nameservers, add the internal DNS IP addresses. These entries will overwrite the /etc/resolv.conf on the system. If your network cannot connect to the Google DNS servers, 8.8.8.8 or 8.8.4.4, the updates will fail as they cannot resolve the URLs.

Ansible Playbook

Either globally or in the tasks with pip or apt, ensure you add the following to the task:

environment:
  http_proxy: http://username:password@host:port
  https_proxy: https://username:password@host:port
  no_proxy: 127.0.0.1,localhost

Docker

Docker needs to be configured to use the proxy to pull down external images. For systemd, use a systemd drop-in directory outlined in https://docs.docker.com/engine/admin/systemd/#httphttps-proxy.

  1. Create a systemd drop-in directory for the docker service:
$ sudo mkdir -p /etc/systemd/system/docker.service.d
  1. Create a file called http-proxy.conf in the director created and add in the needed environment variable:
[Service]
Environment="HTTP_PROXY=http://username:password@host:port"
Environment="HTTPS_PROXY=https://username:password@host:port"
Environment="NO_PROXY=127.0.0.1,localhost,docker-registry.somecorporation.com"
  1. Once that's completed, flush the change:
$ systemctl daemon-reload
  1. Restart Docker:
$ systemctl restart docker
  1. Verify the configuration has been loaded:
$ systemctl show --property=Environment docker
Environment=HTTP_PROXY=http://proxy.example.com:80/

Kubeadm-AIO Dockerfile

In tools/images/kubeadm-aio/Dockerfile, add the following to the Dockerfile before RUN instructions.

ENV HTTP_PROXY http://username:password@host:port
ENV HTTPS_PROXY http://username:password@host:port
ENV http_proxy http://username:password@host:port
ENV https_proxy http://username:password@host:port
ENV no_proxy 127.0.0.1,localhost,172.17.0.1
ENV NO_PROXY 127.0.0.1,localhost,172.17.0.1

Note the IP address 172.17.0.1 is the advertised IP for the kubernetes API server. Replace it with the appropriate IP if it is different.