diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2018-01-22 21:55:26 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-01-22 21:55:26 -0800 |
| commit | 9c280e42f1c936e314e477339c3ef0f63eb75ef6 (patch) | |
| tree | 0a1d2dbd624cf7a6eb46ea5f4ef1610aa038d1f5 /roles | |
| parent | c5e465c7a6c153f3473f319349e0c9f277d9c672 (diff) | |
| parent | f2d12f922c7d14fb480dead94a4a40a308e3a789 (diff) | |
| download | openshift-9c280e42f1c936e314e477339c3ef0f63eb75ef6.tar.gz openshift-9c280e42f1c936e314e477339c3ef0f63eb75ef6.tar.bz2 openshift-9c280e42f1c936e314e477339c3ef0f63eb75ef6.tar.xz openshift-9c280e42f1c936e314e477339c3ef0f63eb75ef6.zip | |
Merge pull request #6716 from sosiouxme/20180112-skopeo-proxies
Automatic merge from submit-queue.
docker_image_availability: enable skopeo to use proxies
Fixes https://github.com/openshift/openshift-ansible/issues/6300 and https://bugzilla.redhat.com/show_bug.cgi?id=1499358
Run skopeo via shell and add in environment variables for proxies if specified in variables.
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/openshift_health_checker/openshift_checks/docker_image_availability.py | 32 |
1 files changed, 26 insertions, 6 deletions
diff --git a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py index ac6ffbbad..d298fbab2 100644 --- a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py +++ b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py @@ -40,7 +40,7 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): # to look for images available remotely without waiting to pull them. dependencies = ["python-docker-py", "skopeo"] # command for checking if remote registries have an image, without docker pull - skopeo_command = "timeout 10 skopeo inspect --tls-verify={tls} {creds} docker://{registry}/{image}" + skopeo_command = "{proxyvars} timeout 10 skopeo inspect --tls-verify={tls} {creds} docker://{registry}/{image}" skopeo_example_command = "skopeo inspect [--tls-verify=false] [--creds=<user>:<pass>] docker://<registry>/<image>" def __init__(self, *args, **kwargs): @@ -76,11 +76,20 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): if oreg_auth_user != '' and oreg_auth_password != '': oreg_auth_user = self.template_var(oreg_auth_user) oreg_auth_password = self.template_var(oreg_auth_password) - self.skopeo_command_creds = "--creds={}:{}".format(quote(oreg_auth_user), quote(oreg_auth_password)) + self.skopeo_command_creds = quote("--creds={}:{}".format(oreg_auth_user, oreg_auth_password)) # record whether we could reach a registry or not (and remember results) self.reachable_registries = {} + # take note of any proxy settings needed + proxies = [] + for var in ['http_proxy', 'https_proxy', 'no_proxy']: + # ansible vars are openshift_http_proxy, openshift_https_proxy, openshift_no_proxy + value = self.get_var("openshift_" + var, default=None) + if value: + proxies.append(var.upper() + "=" + quote(self.template_var(value))) + self.skopeo_proxy_vars = " ".join(proxies) + def is_active(self): """Skip hosts with unsupported deployment types.""" deployment_type = self.get_var("openshift_deployment_type") @@ -249,11 +258,18 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): if not self.reachable_registries[registry]: continue # do not keep trying unreachable registries - args = dict(registry=registry, image=image) - args["tls"] = "false" if registry in self.registries["insecure"] else "true" - args["creds"] = self.skopeo_command_creds if registry == self.registries["oreg"] else "" + args = dict( + proxyvars=self.skopeo_proxy_vars, + tls="false" if registry in self.registries["insecure"] else "true", + creds=self.skopeo_command_creds if registry == self.registries["oreg"] else "", + registry=quote(registry), + image=quote(image), + ) - result = self.execute_module_with_retries("command", {"_raw_params": self.skopeo_command.format(**args)}) + result = self.execute_module_with_retries("command", { + "_uses_shell": True, + "_raw_params": self.skopeo_command.format(**args), + }) if result.get("rc", 0) == 0 and not result.get("failed"): return True if result.get("rc") == 124: # RC 124 == timed out; mark unreachable @@ -263,6 +279,10 @@ class DockerImageAvailability(DockerHostMixin, OpenShiftCheck): def connect_to_registry(self, registry): """Use ansible wait_for module to test connectivity from host to registry. Returns bool.""" + if self.skopeo_proxy_vars != "": + # assume we can't connect directly; just waive the test + return True + # test a simple TCP connection host, _, port = registry.partition(":") port = port or 443 |