Add proxy support to CRI-O service (#4607)

* Add proxy support to CRI-O service The crio.service requires proxy environment variables when it's deployed behind a corporated network. This change creates a systemd configuration file when the proxy variables are defined. * Remove unnecesary crio's tasks
2020-04-21 04:12:55 -07:00 · 2020-04-21 04:12:55 -07:00 · 2bec26dba5
parent 03c8d0113c
commit 2bec26dba5
7 changed files with 26 additions and 13 deletions
--- a/roles/container-engine/cri-o/handlers/main.yml
+++ b/roles/container-engine/cri-o/handlers/main.yml
@ -0,0 +1,15 @@
+---
+- name: restart crio
+  command: /bin/true
+  notify:
+    - CRI-O | reload systemd
+    - CRI-O | reload crio
+
+- name: CRI-O | reload systemd
+  systemd:
+    daemon_reload: true
+
+- name: CRI-O | reload crio
+  service:
+    name: crio
+    state: restarted
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@ -54,6 +54,7 @@
  with_items:
    - /etc/crio
    - /etc/containers
+    - /etc/systemd/system/crio.service.d
  file:
    path: "{{ item }}"
    state: directory
@ -64,6 +65,7 @@
    state: present
  when: not is_ostree
  with_items: "{{ crio_packages }}"
+  notify: restart crio

 - name: Check if already installed
  stat:
@ -110,6 +112,7 @@
    dest: /etc/containers/mounts.conf
  when:
    - ansible_os_family == 'RedHat'
+  notify: restart crio

 - name: Create directory for oci hooks
  file:
@ -118,12 +121,9 @@
    owner: root
    mode: 0755

- name: Reload systemd daemon
-  systemd:
-    daemon_reload: yes
-
- name: Install cri-o service
-  service:
-    name: "{{ crio_service }}"
-    enabled: yes
-    state: restarted
+- name: Write cri-o proxy drop-in
+  template:
+    src: http-proxy.conf.j2
+    dest: /etc/systemd/system/crio.service.d/http-proxy.conf
+  notify: restart crio
+  when: http_proxy is defined or https_proxy is defined
--- a/roles/container-engine/cri-o/templates/http-proxy.conf.j2
+++ b/roles/container-engine/cri-o/templates/http-proxy.conf.j2
@ -0,0 +1,2 @@
+[Service]
+Environment={% if http_proxy is defined %}"HTTP_PROXY={{ http_proxy }}"{% endif %} {% if https_proxy is defined %}"HTTPS_PROXY={{ https_proxy }}"{% endif %} {% if no_proxy is defined %}"NO_PROXY={{ no_proxy }}"{% endif %}
--- a/roles/container-engine/cri-o/vars/clearlinux.yml
+++ b/roles/container-engine/cri-o/vars/clearlinux.yml
@ -2,7 +2,6 @@
 crio_packages:
  - containers-basic

-crio_service: crio
 crio_conmon: /usr/libexec/crio/conmon
 crio_seccomp_profile: /usr/share/defaults/crio/seccomp.json
 crio_runc_path: /usr/bin/runc
--- a/roles/container-engine/cri-o/vars/fedora.yml
+++ b/roles/container-engine/cri-o/vars/fedora.yml
@ -3,6 +3,5 @@ crio_packages:
  - cri-o
  - cri-tools

-crio_service: cri-o
 crio_conmon: /usr/libexec/crio/conmon
 crio_seccomp_profile: ""
--- a/roles/container-engine/cri-o/vars/redhat.yml
+++ b/roles/container-engine/cri-o/vars/redhat.yml
@ -3,6 +3,5 @@ crio_packages:
  - cri-o
  - oci-systemd-hook

-crio_service: crio
 crio_conmon: /usr/libexec/crio/conmon
 crio_runc_path: /usr/bin/runc
--- a/roles/container-engine/cri-o/vars/ubuntu.yml
+++ b/roles/container-engine/cri-o/vars/ubuntu.yml
@ -2,7 +2,6 @@
 crio_packages:
  - "cri-o-{{ kube_version | regex_replace('^v(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') }}"

-crio_service: crio
 crio_conmon: /usr/libexec/podman/conmon
 crio_seccomp_profile: ""
 crio_runc_path: /usr/lib/cri-o-runc/sbin/runc