From 7fa419cfc39b16445f81536f8964d4f8277d45f7 Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Wed, 21 Oct 2020 09:13:53 +0200
Subject: [PATCH] baremetal: Add support for Docker http/https proxy setup

Change-Id: I947c2940518c0f4872acaa977edeaca370dc9a96
---
 ansible/roles/baremetal/defaults/main.yml     |  4 ++++
 .../roles/baremetal/tasks/post-install.yml    | 19 ++++++++++++++++---
 .../templates/docker_systemd_service.j2       |  9 +++++++++
 .../bootstrap-servers.rst                     |  4 ++++
 .../docker-http-proxy-f3925e652ea3fc5d.yaml   |  4 ++++
 5 files changed, 37 insertions(+), 3 deletions(-)
 create mode 100644 releasenotes/notes/docker-http-proxy-f3925e652ea3fc5d.yaml

diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml
index 27226aa8f..35947469c 100644
--- a/ansible/roles/baremetal/defaults/main.yml
+++ b/ansible/roles/baremetal/defaults/main.yml
@@ -34,6 +34,10 @@ docker_storage_driver: ""
 docker_custom_option: ""
 docker_custom_config: {}
 
+docker_http_proxy: ""
+docker_https_proxy: ""
+docker_no_proxy: ""
+
 # Version of python used to execute Ansible modules.
 host_python_version: "{{ ansible_python.version.major }}.{{ ansible_python.version.minor }}"
 
diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml
index e742e1162..5d1be104d 100644
--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@@ -136,7 +136,10 @@
     state: absent
   when:
     - not docker_custom_option
-    - not docker_configure_for_zun|bool
+    - not docker_configure_for_zun | bool
+    - not docker_http_proxy
+    - not docker_https_proxy
+    - not docker_no_proxy
 
 - name: Ensure docker service directory exists
   become: True
@@ -144,14 +147,24 @@
     path: /etc/systemd/system/docker.service.d
     state: directory
     recurse: yes
-  when: docker_custom_option | length > 0 or docker_configure_for_zun|bool
+  when: >
+    docker_custom_option | length > 0 or
+    docker_configure_for_zun | bool or
+    docker_http_proxy | length > 0 or
+    docker_https_proxy | length > 0 or
+    docker_no_proxy | length > 0
 
 - name: Configure docker service
   become: True
   template:
     src: docker_systemd_service.j2
     dest: /etc/systemd/system/docker.service.d/kolla.conf
-  when: docker_custom_option | length > 0 or docker_configure_for_zun|bool
+  when: >
+    docker_custom_option | length > 0 or
+    docker_configure_for_zun | bool or
+    docker_http_proxy | length > 0 or
+    docker_https_proxy | length > 0 or
+    docker_no_proxy | length > 0
 
 - name: Reload docker service file
   become: True
diff --git a/ansible/roles/baremetal/templates/docker_systemd_service.j2 b/ansible/roles/baremetal/templates/docker_systemd_service.j2
index f6d19c226..4f15d60ce 100644
--- a/ansible/roles/baremetal/templates/docker_systemd_service.j2
+++ b/ansible/roles/baremetal/templates/docker_systemd_service.j2
@@ -1,4 +1,13 @@
 [Service]
+{% if docker_http_proxy | length > 0 %}
+Environment="HTTP_PROXY={{ docker_http_proxy }}"
+{% endif %}
+{% if docker_https_proxy | length > 0 %}
+Environment="HTTPS_PROXY={{ docker_https_proxy }}"
+{% endif %}
+{% if docker_no_proxy | length > 0 %}
+Environment="NO_PROXY={{ docker_no_proxy }}"
+{% endif %}
 ExecStart=
 # ExecStart commandline copied from 'docker-ce' package. Same on CentOS/Debian/Ubuntu systems.
 ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock{% if docker_custom_option %} {{ docker_custom_option }}{% endif %}{% if docker_configure_for_zun|bool %} {{ docker_zun_options }}{% endif %}
diff --git a/doc/source/reference/deployment-and-bootstrapping/bootstrap-servers.rst b/doc/source/reference/deployment-and-bootstrapping/bootstrap-servers.rst
index 71e952c7f..147dce965 100644
--- a/doc/source/reference/deployment-and-bootstrapping/bootstrap-servers.rst
+++ b/doc/source/reference/deployment-and-bootstrapping/bootstrap-servers.rst
@@ -178,6 +178,10 @@ maximum number of log files to retain per container. The
 ``docker_log_max_size`` variable, which defaults to ``50m``, defines the
 maximum size of each rotated log file per container.
 
+The ``docker_http_proxy``, ``docker_https_proxy`` and ``docker_no_proxy``
+variables can be used to configure Docker Engine to connect to the internet
+using http/https proxies.
+
 Additional options for the Docker engine can be passed in
 ``docker_custom_config`` variable. It will be stored in ``daemon.json`` config
 file. Example:
diff --git a/releasenotes/notes/docker-http-proxy-f3925e652ea3fc5d.yaml b/releasenotes/notes/docker-http-proxy-f3925e652ea3fc5d.yaml
new file mode 100644
index 000000000..e795b32b6
--- /dev/null
+++ b/releasenotes/notes/docker-http-proxy-f3925e652ea3fc5d.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Add support for configuring Docker Engine http/https proxy.
-- 
GitLab