Adds http proxy support for registering RHEL overcloud nodes

It is quite common in large entreprises that direct HTTP/HTTPS to the outside
world is denied from nodes/systems but reaching out through a proxy is allowed.

This change adds support for an HTTP proxy when RHEL overcloud nodes reach
out to either the RHSM portal or to a satellite server. This allows the
overcloud nodes to download updates even in locked-down environments.

The following variables are settable through templates:
  rhel_reg_http_proxy_host:
  rhel_reg_http_proxy_port:
  rhel_reg_http_proxy_username:
  rhel_reg_http_proxy_password:

Note the following restrictions:
  - If setting rhel_reg_http_proxy_host,
    then rhel_reg_http_proxy_port cannot be empty.
  - If setting rhel_reg_http_proxy_port,
    then rhel_reg_http_proxy_host cannot be empty.
  - If setting rhel_reg_http_proxy_username,
    then rhel_reg_http_proxy_password cannot be empty.
  - If setting rhel_reg_http_proxy_password,
    then rhel_reg_http_proxy_username cannot be empty.
  - If setting either rhel_reg_http_proxy_username or
    rhel_reg_http_proxy_password, then rhel_reg_http_proxy_host
    AND rhel_reg_http_proxy_port cannot be empty

Change-Id: I003ad5449bd99c01376781ec0ce9074eca3e2704
changes/47/437247/1
Vincent S. Cojot 6 years ago
parent 2da6d7f1c2
commit 3002edc90a
  1. 4
      extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml
  2. 16
      extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
  3. 80
      extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration

@ -21,3 +21,7 @@ parameter_defaults:
rhel_reg_type: ""
rhel_reg_method: ""
rhel_reg_sat_repo: "rhel-7-server-satellite-tools-6.1-rpms"
rhel_reg_http_proxy_host: ""
rhel_reg_http_proxy_port: ""
rhel_reg_http_proxy_username: ""
rhel_reg_http_proxy_password: ""

@ -45,6 +45,14 @@ parameters:
type: string
rhel_reg_sat_repo:
type: string
rhel_reg_http_proxy_host:
type: string
rhel_reg_http_proxy_port:
type: string
rhel_reg_http_proxy_username:
type: string
rhel_reg_http_proxy_password:
type: string
resources:
@ -71,6 +79,10 @@ resources:
- name: REG_TYPE
- name: REG_METHOD
- name: REG_SAT_REPO
- name: REG_HTTP_PROXY_HOST
- name: REG_HTTP_PROXY_PORT
- name: REG_HTTP_PROXY_USERNAME
- name: REG_HTTP_PROXY_PASSWORD
config: {get_file: scripts/rhel-registration}
RHELRegistrationDeployment:
@ -99,6 +111,10 @@ resources:
REG_TYPE: {get_param: rhel_reg_type}
REG_METHOD: {get_param: rhel_reg_method}
REG_SAT_REPO: {get_param: rhel_reg_sat_repo}
REG_HTTP_PROXY_HOST: {get_param: rhel_reg_http_proxy_host}
REG_HTTP_PROXY_PORT: {get_param: rhel_reg_http_proxy_port}
REG_HTTP_PROXY_USERNAME: {get_param: rhel_reg_http_proxy_username}
REG_HTTP_PROXY_PASSWORD: {get_param: rhel_reg_http_proxy_password}
RHELUnregistration:
type: OS::Heat::SoftwareConfig

@ -13,10 +13,18 @@ fi
retryCount=0
opts=
config_opts=
attach_opts=
sat5_opts=
repos="repos --enable rhel-7-server-rpms"
satellite_repo=${REG_SAT_REPO}
proxy_host=
proxy_port=
proxy_url=
proxy_username=
proxy_password=
# process variables..
if [ -n "${REG_AUTO_ATTACH:-}" ]; then
opts="$opts --auto-attach"
@ -97,6 +105,57 @@ if [ -n "${REG_TYPE:-}" ]; then
opts="$opts --type=$REG_TYPE"
fi
# Proxy settings (host and port)
if [ -n "${REG_HTTP_PROXY_HOST:-}" ]; then
proxy_host="${REG_HTTP_PROXY_HOST}"
fi
if [ -n "${REG_HTTP_PROXY_PORT:-}" ]; then
proxy_port="${REG_HTTP_PROXY_PORT}"
fi
# Proxy settings (user and password)
if [ -n "${REG_HTTP_PROXY_USERNAME:-}" ]; then
proxy_username="${REG_HTTP_PROXY_USERNAME}"
fi
if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then
proxy_password="${REG_HTTP_PROXY_PASSWORD}"
fi
# Sanity Checks for proxy host/port/user/password
if [ -n "${REG_HTTP_PROXY_HOST:-}" ]; then
if [ -n "${REG_HTTP_PROXY_PORT:-}" ]; then
# Good both values are not empty
proxy_url="http://${proxy_host}:${proxy_port}"
config_opts="--server.proxy_hostname=${proxy_host} --server.proxy_port=${proxy_port}"
sat5_opts="${sat5_opts} --proxy_hostname=${proxy_url}"
echo "RHSM Proxy set to: ${proxy_url}"
if [ -n "${REG_HTTP_PROXY_USERNAME:-}" ]; then
if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then
config_opts="${config_opts} --server.proxy_user=${proxy_username} --server.proxy_password=${proxy_password}"
sat5_opts="${sat5_opts} --proxyUser=${proxy_username} --proxyPassword=${proxy_password}"
else
echo "Warning: REG_HTTP_PROXY_PASSWORD cannot be null with non-empty REG_HTTP_PROXY_USERNAME! Skipping..."
proxy_username= ; proxy_password=
fi
else
if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then
echo "Warning: REG_HTTP_PROXY_USERNAME cannot be null with non-empty REG_HTTP_PROXY_PASSWORD! Skipping..."
proxy_username= ; proxy_password=
fi
fi
else
echo "Warning: REG_HTTP_PROXY_PORT cannot be null with non-empty REG_HTTP_PROXY_HOST! Skipping..."
proxy_host= ; proxy_port= ; proxy_url= ; proxy_username= ; proxy_password=
fi
else
if [ -n "${REG_HTTP_PROXY_PORT:-}" ]; then
echo "Warning: REG_HTTP_PROXY_HOST cannot be null with non-empty REG_HTTP_PROXY_PORT! Skipping..."
proxy_host= ; proxy_port= ; proxy_url= ; proxy_username= ; proxy_password=
fi
fi
function retry() {
if [[ $retryCount < 3 ]]; then
$@
@ -127,6 +186,27 @@ function detect_satellite_version {
fi
}
if [ "x${proxy_url}" != "x" ];then
# Config subscription-manager for proxy
subscription-manager config ${config_opts}
# Config yum for proxy..
sed -i -e '/^proxy=/d' /etc/yum.conf
echo "proxy=${proxy_url}" >> /etc/yum.conf
# Handle optional username/password
if [ -n "${proxy_username}" ]; then
sed -i -e '/^proxy_username=/d' /etc/yum.conf
echo "proxy_username=${proxy_username}" >> /etc/yum.conf
fi
if [ -n "${proxy_password}" ]; then
sed -i -e '/^proxy_password=/d' /etc/yum.conf
echo "proxy_password=${proxy_password}" >> /etc/yum.conf
fi
fi
case "${REG_METHOD:-}" in
portal)
retry subscription-manager register $opts

Loading…
Cancel
Save