Add proxy support to CRI-O service (#4607)

* Add proxy support to CRI-O service

The crio.service requires proxy environment variables when it's
deployed behind a corporated network. This change creates a systemd
configuration file when the proxy variables are defined.

* Remove unnecesary crio's tasks
This commit is contained in:
Victor Morales 2020-04-21 04:12:55 -07:00 committed by GitHub
parent 03c8d0113c
commit 2bec26dba5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 26 additions and 13 deletions

View file

@ -0,0 +1,15 @@
---
- name: restart crio
command: /bin/true
notify:
- CRI-O | reload systemd
- CRI-O | reload crio
- name: CRI-O | reload systemd
systemd:
daemon_reload: true
- name: CRI-O | reload crio
service:
name: crio
state: restarted

View file

@ -54,6 +54,7 @@
with_items: with_items:
- /etc/crio - /etc/crio
- /etc/containers - /etc/containers
- /etc/systemd/system/crio.service.d
file: file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
@ -64,6 +65,7 @@
state: present state: present
when: not is_ostree when: not is_ostree
with_items: "{{ crio_packages }}" with_items: "{{ crio_packages }}"
notify: restart crio
- name: Check if already installed - name: Check if already installed
stat: stat:
@ -110,6 +112,7 @@
dest: /etc/containers/mounts.conf dest: /etc/containers/mounts.conf
when: when:
- ansible_os_family == 'RedHat' - ansible_os_family == 'RedHat'
notify: restart crio
- name: Create directory for oci hooks - name: Create directory for oci hooks
file: file:
@ -118,12 +121,9 @@
owner: root owner: root
mode: 0755 mode: 0755
- name: Reload systemd daemon - name: Write cri-o proxy drop-in
systemd: template:
daemon_reload: yes src: http-proxy.conf.j2
dest: /etc/systemd/system/crio.service.d/http-proxy.conf
- name: Install cri-o service notify: restart crio
service: when: http_proxy is defined or https_proxy is defined
name: "{{ crio_service }}"
enabled: yes
state: restarted

View file

@ -0,0 +1,2 @@
[Service]
Environment={% if http_proxy is defined %}"HTTP_PROXY={{ http_proxy }}"{% endif %} {% if https_proxy is defined %}"HTTPS_PROXY={{ https_proxy }}"{% endif %} {% if no_proxy is defined %}"NO_PROXY={{ no_proxy }}"{% endif %}

View file

@ -2,7 +2,6 @@
crio_packages: crio_packages:
- containers-basic - containers-basic
crio_service: crio
crio_conmon: /usr/libexec/crio/conmon crio_conmon: /usr/libexec/crio/conmon
crio_seccomp_profile: /usr/share/defaults/crio/seccomp.json crio_seccomp_profile: /usr/share/defaults/crio/seccomp.json
crio_runc_path: /usr/bin/runc crio_runc_path: /usr/bin/runc

View file

@ -3,6 +3,5 @@ crio_packages:
- cri-o - cri-o
- cri-tools - cri-tools
crio_service: cri-o
crio_conmon: /usr/libexec/crio/conmon crio_conmon: /usr/libexec/crio/conmon
crio_seccomp_profile: "" crio_seccomp_profile: ""

View file

@ -3,6 +3,5 @@ crio_packages:
- cri-o - cri-o
- oci-systemd-hook - oci-systemd-hook
crio_service: crio
crio_conmon: /usr/libexec/crio/conmon crio_conmon: /usr/libexec/crio/conmon
crio_runc_path: /usr/bin/runc crio_runc_path: /usr/bin/runc

View file

@ -2,7 +2,6 @@
crio_packages: crio_packages:
- "cri-o-{{ kube_version | regex_replace('^v(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') }}" - "cri-o-{{ kube_version | regex_replace('^v(?P<major>\\d+).(?P<minor>\\d+).(?P<patch>\\d+)$', '\\g<major>.\\g<minor>') }}"
crio_service: crio
crio_conmon: /usr/libexec/podman/conmon crio_conmon: /usr/libexec/podman/conmon
crio_seccomp_profile: "" crio_seccomp_profile: ""
crio_runc_path: /usr/lib/cri-o-runc/sbin/runc crio_runc_path: /usr/lib/cri-o-runc/sbin/runc