Creating local registry will fail on bastion, if Internet access is only possible with proxy

Question

Creating local registry will fail on bastion, if Internet access is only possible with proxy

torwen1 opened this issue 3 years ago · 0 comments

Hi,

I'm using the project ocp-power-automation/ocp4-upi-powervm a lot and it uses the ocp4-helpernode to prepare the bastion.
I just discovered an issue in environments, where Internet access is only possible with a proxy. Most of the proxy stuff got already fixes/implemented by the ocp-power-automation/ocp4-upi-powervm project. But I discovered an issue with the local-registry.service in situations where you want to setup a local registry on the bastion. The systemd does not use the *_PROXY environment variables and to download the registry package, the installation/download will fail.

To be able to setup a local registry in such environments, we would need an option to pass the proxy information with the help of the yaml file to the Ansible scripts and an update of the template file of the service similar to the example below:
cat /etc/systemd/system/local-registry.service
[Unit]
Description=OpenShift Registry for HelperNode
After=network.target syslog.target

[Service]
Environment=ftp_proxy="http://:3128/" # PROXY FIX
Environment=http_proxy="http://:3128/" # PROXY FIX
Environment=https_proxy="http://:3128/" # PROXY FIX
Type=simple
TimeoutStartSec=5m
ExecStartPre=-/usr/bin/podman rm "local-registry"

ExecStart=/usr/bin/podman run --name local-registry -p 5000:5000
-v /opt/registry/data:/var/lib/registry:z
-v /opt/registry/auth:/auth:z
-e "REGISTRY_AUTH=htpasswd"

Reference: ocp-power-automation/ocp4-upi-powervm#225