Add proxy support to CRI-O service (#4607)

* Add proxy support to CRI-O service The crio.service requires proxy environment variables when it's deployed behind a corporated network. This change creates a systemd configuration file when the proxy variables are defined. * Remove unnecesary crio's tasks
2020-04-21 04:12:55 -07:00 · 2020-04-21 04:12:55 -07:00 · 2bec26dba5
commit 2bec26dba5
parent 03c8d0113c
7 changed files with 26 additions and 13 deletions
--- a/roles/container-engine/cri-o/handlers/main.yml
+++ b/roles/container-engine/cri-o/handlers/main.yml
@ -0,0 +1,15 @@
 ---
 - name: restart crio
  command: /bin/true
  notify:
    - CRI-O | reload systemd
    - CRI-O | reload crio
 - name: CRI-O | reload systemd
  systemd:
    daemon_reload: true
 - name: CRI-O | reload crio
  service:
    name: crio
    state: restarted
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@ -54,6 +54,7 @@
  with_items:
    - /etc/crio
    - /etc/containers
    - /etc/systemd/system/crio.service.d
  file:
    path: "{{ item }}"
    state: directory
@ -64,6 +65,7 @@
    state: present
  when: not is_ostree
  with_items: "{{ crio_packages }}"
  notify: restart crio
 - name: Check if already installed
  stat:
@ -110,6 +112,7 @@
    dest: /etc/containers/mounts.conf
  when:
    - ansible_os_family == 'RedHat'
  notify: restart crio
 - name: Create directory for oci hooks
  file:
@ -118,12 +121,9 @@
    owner: root
    mode: 0755
- name: Reload systemd daemon
+- name: Write cri-o proxy drop-in
-  systemd:
+  template:
-    daemon_reload: yes
+    src: http-proxy.conf.j2
-
+    dest: /etc/systemd/system/crio.service.d/http-proxy.conf
- name: Install cri-o service
+  notify: restart crio
-  service:
+  when: http_proxy is defined or https_proxy is defined
    name: "{{ crio_service }}"
    enabled: yes
    state: restarted
--- a/roles/container-engine/cri-o/templates/http-proxy.conf.j2
+++ b/roles/container-engine/cri-o/templates/http-proxy.conf.j2
@ -0,0 +1,2 @@
 [Service]
 Environment={% if http_proxy is defined %}"HTTP_PROXY={{ http_proxy }}"{% endif %} {% if https_proxy is defined %}"HTTPS_PROXY={{ https_proxy }}"{% endif %} {% if no_proxy is defined %}"NO_PROXY={{ no_proxy }}"{% endif %}
--- a/roles/container-engine/cri-o/vars/clearlinux.yml
+++ b/roles/container-engine/cri-o/vars/clearlinux.yml
@ -2,7 +2,6 @@
 crio_packages:
  - containers-basic
 crio_service: crio
 crio_conmon: /usr/libexec/crio/conmon
 crio_seccomp_profile: /usr/share/defaults/crio/seccomp.json
 crio_runc_path: /usr/bin/runc
--- a/roles/container-engine/cri-o/vars/fedora.yml
+++ b/roles/container-engine/cri-o/vars/fedora.yml
@ -3,6 +3,5 @@ crio_packages:
  - cri-o
  - cri-tools
 crio_service: cri-o
 crio_conmon: /usr/libexec/crio/conmon
 crio_seccomp_profile: ""
--- a/roles/container-engine/cri-o/vars/redhat.yml
+++ b/roles/container-engine/cri-o/vars/redhat.yml
@ -3,6 +3,5 @@ crio_packages:
  - cri-o
  - oci-systemd-hook
 crio_service: crio
 crio_conmon: /usr/libexec/crio/conmon
 crio_runc_path: /usr/bin/runc
--- a/roles/container-engine/cri-o/vars/ubuntu.yml
+++ b/roles/container-engine/cri-o/vars/ubuntu.yml
@ -2,7 +2,6 @@
 crio_packages:
  - "cri-o-{{ kube_version | regex_replace('^v(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') }}"
 crio_service: crio
 crio_conmon: /usr/libexec/podman/conmon
 crio_seccomp_profile: ""
 crio_runc_path: /usr/lib/cri-o-runc/sbin/runc
		`@ -0,0 +1,2 @@`
							`[Service]`
							`Environment={% if http_proxy is defined %}"HTTP_PROXY={{ http_proxy }}"{% endif %} {% if https_proxy is defined %}"HTTPS_PROXY={{ https_proxy }}"{% endif %} {% if no_proxy is defined %}"NO_PROXY={{ no_proxy }}"{% endif %}`