Adds http proxy support for registering RHEL overcloud nodes

It is quite common in large entreprises that direct HTTP/HTTPS to the outside
world is denied from nodes/systems but reaching out through a proxy is allowed.

This change adds support for an HTTP proxy when RHEL overcloud nodes reach
out to either the RHSM portal or to a satellite server. This allows the
overcloud nodes to download updates even in locked-down environments.

The following variables are settable through templates:
  rhel_reg_http_proxy_host:
  rhel_reg_http_proxy_port:
  rhel_reg_http_proxy_username:
  rhel_reg_http_proxy_password:

Note the following restrictions:
  - If setting rhel_reg_http_proxy_host,
    then rhel_reg_http_proxy_port cannot be empty.
  - If setting rhel_reg_http_proxy_port,
    then rhel_reg_http_proxy_host cannot be empty.
  - If setting rhel_reg_http_proxy_username,
    then rhel_reg_http_proxy_password cannot be empty.
  - If setting rhel_reg_http_proxy_password,
    then rhel_reg_http_proxy_username cannot be empty.
  - If setting either rhel_reg_http_proxy_username or
    rhel_reg_http_proxy_password, then rhel_reg_http_proxy_host
    AND rhel_reg_http_proxy_port cannot be empty

Closes-Bug: #1668618
Change-Id: I003ad5449bd99c01376781ec0ce9074eca3e2704
(cherry picked from commit 3002edc90a631f3adb8ae0ee696062347f94ea52)

diff --git a/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml
index c388358..2455751 100644 (file)
--- a/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml
+++ b/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml
@@ -21,3 +21,7 @@ parameter_defaults:
   rhel_reg_type: ""
   rhel_reg_method: ""
   rhel_reg_sat_repo: "rhel-7-server-satellite-tools-6.1-rpms"
+  rhel_reg_http_proxy_host: ""
+  rhel_reg_http_proxy_port: ""
+  rhel_reg_http_proxy_username: ""
+  rhel_reg_http_proxy_password: ""

diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
index fdf2e95..e8316c5 100644 (file)
--- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
+++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
@@ -45,6 +45,14 @@ parameters:
     type: string
   rhel_reg_sat_repo:
     type: string
+  rhel_reg_http_proxy_host:
+    type: string
+  rhel_reg_http_proxy_port:
+    type: string
+  rhel_reg_http_proxy_username:
+    type: string
+  rhel_reg_http_proxy_password:
+    type: string
 
 resources:
 
@@ -71,6 +79,10 @@ resources:
         - name: REG_TYPE
         - name: REG_METHOD
         - name: REG_SAT_REPO
+        - name: REG_HTTP_PROXY_HOST
+        - name: REG_HTTP_PROXY_PORT
+        - name: REG_HTTP_PROXY_USERNAME
+        - name: REG_HTTP_PROXY_PASSWORD
       config: {get_file: scripts/rhel-registration}
 
   RHELRegistrationDeployment:
@@ -99,6 +111,10 @@ resources:
         REG_TYPE: {get_param: rhel_reg_type}
         REG_METHOD: {get_param: rhel_reg_method}
         REG_SAT_REPO: {get_param: rhel_reg_sat_repo}
+        REG_HTTP_PROXY_HOST: {get_param: rhel_reg_http_proxy_host}
+        REG_HTTP_PROXY_PORT: {get_param: rhel_reg_http_proxy_port}
+        REG_HTTP_PROXY_USERNAME: {get_param: rhel_reg_http_proxy_username}
+        REG_HTTP_PROXY_PASSWORD: {get_param: rhel_reg_http_proxy_password}
 
   RHELUnregistration:
     type: OS::Heat::SoftwareConfig

diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
index 2650a96..4c9e08e 100644 (file)
--- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
+++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
@@ -13,10 +13,18 @@ fi
 
 retryCount=0
 opts=
+config_opts=
 attach_opts=
 sat5_opts=
 repos="repos --enable rhel-7-server-rpms"
 satellite_repo=${REG_SAT_REPO}
+proxy_host=
+proxy_port=
+proxy_url=
+proxy_username=
+proxy_password=
+
+# process variables..
 if [ -n "${REG_AUTO_ATTACH:-}" ]; then
     opts="$opts --auto-attach"
 
@@ -97,6 +105,57 @@ if [ -n "${REG_TYPE:-}" ]; then
     opts="$opts --type=$REG_TYPE"
 fi
 
+# Proxy settings (host and port)
+if [ -n "${REG_HTTP_PROXY_HOST:-}" ]; then
+    proxy_host="${REG_HTTP_PROXY_HOST}"
+fi
+
+if [ -n "${REG_HTTP_PROXY_PORT:-}" ]; then
+    proxy_port="${REG_HTTP_PROXY_PORT}"
+fi
+
+# Proxy settings (user and password)
+if [ -n "${REG_HTTP_PROXY_USERNAME:-}" ]; then
+    proxy_username="${REG_HTTP_PROXY_USERNAME}"
+fi
+
+if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then
+    proxy_password="${REG_HTTP_PROXY_PASSWORD}"
+fi
+
+# Sanity Checks for proxy host/port/user/password
+if [ -n "${REG_HTTP_PROXY_HOST:-}" ]; then
+    if [ -n "${REG_HTTP_PROXY_PORT:-}" ]; then
+        # Good both values are not empty
+        proxy_url="http://${proxy_host}:${proxy_port}"
+        config_opts="--server.proxy_hostname=${proxy_host} --server.proxy_port=${proxy_port}"
+        sat5_opts="${sat5_opts} --proxy_hostname=${proxy_url}"
+        echo "RHSM Proxy set to: ${proxy_url}"
+        if [ -n "${REG_HTTP_PROXY_USERNAME:-}" ]; then
+            if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then
+                config_opts="${config_opts} --server.proxy_user=${proxy_username} --server.proxy_password=${proxy_password}"
+                sat5_opts="${sat5_opts} --proxyUser=${proxy_username} --proxyPassword=${proxy_password}"
+            else
+                echo "Warning: REG_HTTP_PROXY_PASSWORD cannot be null with non-empty REG_HTTP_PROXY_USERNAME! Skipping..."
+                proxy_username= ; proxy_password=
+            fi
+        else
+            if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then
+                echo "Warning: REG_HTTP_PROXY_USERNAME cannot be null with non-empty REG_HTTP_PROXY_PASSWORD! Skipping..."
+                proxy_username= ; proxy_password=
+            fi
+        fi
+    else
+        echo "Warning: REG_HTTP_PROXY_PORT cannot be null with non-empty REG_HTTP_PROXY_HOST! Skipping..."
+        proxy_host= ; proxy_port= ; proxy_url= ; proxy_username= ; proxy_password=
+    fi
+else
+    if [ -n "${REG_HTTP_PROXY_PORT:-}" ]; then
+        echo "Warning: REG_HTTP_PROXY_HOST cannot be null with non-empty REG_HTTP_PROXY_PORT! Skipping..."
+        proxy_host= ; proxy_port= ; proxy_url= ; proxy_username= ; proxy_password=
+    fi
+fi
+
 function retry() {
   if [[ $retryCount < 3 ]]; then
     $@
@@ -127,6 +186,27 @@ function detect_satellite_version {
     fi
 }
 
+if [ "x${proxy_url}" != "x" ];then
+    # Config subscription-manager for proxy
+    subscription-manager config ${config_opts}
+
+    # Config yum for proxy..
+    sed -i -e '/^proxy=/d' /etc/yum.conf
+    echo "proxy=${proxy_url}" >> /etc/yum.conf
+
+    # Handle optional username/password
+    if [ -n "${proxy_username}" ]; then
+        sed -i -e '/^proxy_username=/d' /etc/yum.conf
+        echo "proxy_username=${proxy_username}" >> /etc/yum.conf
+    fi
+
+    if [ -n "${proxy_password}" ]; then
+        sed -i -e '/^proxy_password=/d' /etc/yum.conf
+        echo "proxy_password=${proxy_password}" >> /etc/yum.conf
+    fi
+
+fi
+
 case "${REG_METHOD:-}" in
     portal)
         retry subscription-manager register $opts