Accesso a Internet tramite proxy

Se stai distribuendo in un ambiente che richiede l’accesso a Internet tramite un proxy, dovrai configurare i servizi in modo che possano accedere alle risorse come previsto.

È meglio farlo definendo un singolo file con le variabili di ambiente necessarie nella tua configurazione Butane e facendo riferimento a questo tramite file di unità drop-in di systemd per tutti questi servizi.

Definizione delle variabili d’ambiente comuni per il proxy

Questo file comune deve essere successivamente referenziato esplicitamente da ciascun servizio che richiede l’accesso a Internet.

variant: fcos
version: 1.6.0
storage:
  files:
    - path: /etc/example-proxy.env
      mode: 0644
      contents:
        inline: |
          https_proxy="http://example.com:8080"
          all_proxy="http://example.com:8080"
          http_proxy="http://example.com:8080"
          HTTP_PROXY="http://example.com:8080"
          HTTPS_PROXY="http://example.com:8080"
          no_proxy="*.example.com,127.0.0.1,0.0.0.0,localhost"

Defining drop-in units for core services

Zincati polls for OS updates, and rpm-ostree is used to apply OS and layered package updates both therefore requiring internet access. The optional anonymized countme service also requires access if enabled.

You may be able to use local file references to systemd units instead of inlining them. See Using butane’s --files-dir Parameter to Embed Files for more information.

variant: fcos
version: 1.6.0
systemd:
  units:
    - name: rpm-ostreed.service
      dropins:
        - name: 99-proxy.conf
          contents: |
            [Service]
            EnvironmentFile=/etc/example-proxy.env
    - name: zincati.service
      dropins:
        - name: 99-proxy.conf
          contents: |
            [Service]
            EnvironmentFile=/etc/example-proxy.env
    - name: rpm-ostree-countme.service
      dropins:
        - name: 99-proxy.conf
          contents: |
            [Service]
            EnvironmentFile=/etc/example-proxy.env

Defining drop-in units for container daemons

Se utilizzi Docker, il drop-in docker.service è sufficiente. Se usi Kubernetes con containerd (senza Docker), potrebbe essere necessario il drop-in containerd.service.

variant: fcos
version: 1.6.0
systemd:
  units:
    - name: docker.service
      enabled: true
      dropins:
        - name: 99-proxy.conf
          contents: |
            [Service]
            EnvironmentFile=/etc/example-proxy.env
    - name: containerd.service
      enabled: true
      dropins:
        - name: 99-proxy.conf
          contents: |
            [Service]
            EnvironmentFile=/etc/example-proxy.env

Defining proxy use for podman systemd units

Podman has no daemon and so configuration is for each individual service scheduled, and can be done as part of the full systemd unit definition.

variant: fcos
version: 1.6.0
systemd:
  units:
    - name: example-svc.service
      enabled: true
      contents: |
        [Unit]
        After=network-online.target
        Wants=network-online.target

        [Service]
        EnvironmentFile=/etc/example-proxy.env
        ExecStartPre=-/bin/podman kill example-svc
        ExecStartPre=-/bin/podman rm example-svc
        ExecStartPre=-/bin/podman pull example-image:latest
        ExecStart=/bin/podman run --name example-svc example-image:latest
        ExecStop=/bin/podman stop example-svc

        [Install]
        WantedBy=multi-user.target

Want to help? Learn how to contribute to Fedora Docs ›