Add default domainname for no_proxy

All internal service and known internal hostname shuold add to no_proxy by default Signed-off-by: DQ <dengq@vmware.com>
2019-11-25 17:28:11 +08:00 · 2019-11-25 17:28:11 +08:00 · ed6438cf69
parent 7914c58e50
commit ed6438cf69
5 changed files with 33 additions and 6 deletions
--- a/make/harbor.yml
+++ b/make/harbor.yml
@ -157,7 +157,7 @@ _version: 1.10.0
 proxy:
  http_proxy:
  https_proxy:
-  no_proxy: 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair,chartmuseum,notary-server,clair-adapter
+  no_proxy:
  components:
    - core
    - jobservice
--- a/make/photon/prepare/g.py
+++ b/make/photon/prepare/g.py
@ -32,4 +32,26 @@ input_config_path = '/input/harbor.yml'
 versions_file_path = Path('/usr/src/app/versions')

 cert_dir = os.path.join(config_dir, "nginx", "cert")
-core_cert_dir = os.path.join(config_dir, "core", "certificates")
+core_cert_dir = os.path.join(config_dir, "core", "certificates")
+
+INTERNAL_NO_PROXY_DN = {
+    '127.0.0.1',
+    'localhost',
+    '.local',
+    '.internal',
+    'log',
+    'db',
+    'redis',
+    'nginx',
+    'core',
+    'portal',
+    'postgresql',
+    'jobservice',
+    'registry',
+    'registryctl',
+    'clair',
+    'chartmuseum',
+    'notary-server',
+    'notary-signer',
+    'clair-adapter'
+    }
--- a/make/photon/prepare/utils/configs.py
+++ b/make/photon/prepare/utils/configs.py
@ -1,7 +1,7 @@
 import os
 import yaml
 import logging
-from g import versions_file_path, host_root_dir, DEFAULT_UID
+from g import versions_file_path, host_root_dir, DEFAULT_UID, INTERNAL_NO_PROXY_DN
 from utils.misc import generate_random_string, owner_can_read, other_can_read

 default_db_max_idle_conns = 2  # NOTE: https://golang.org/pkg/database/sql/#DB.SetMaxIdleConns
@ -215,10 +215,15 @@ def parse_yaml_config(config_file_path, with_notary, with_clair, with_chartmuseu
    # Global proxy configs
    proxy_config = configs.get('proxy') or {}
    proxy_components = proxy_config.get('components') or []
+    no_proxy_config = proxy_config.get('no_proxy')
+    all_no_proxy = INTERNAL_NO_PROXY_DN
+    if no_proxy_config:
+        all_no_proxy |= set(no_proxy_config.split(','))
+
    for proxy_component in proxy_components:
      config_dict[proxy_component + '_http_proxy'] = proxy_config.get('http_proxy') or ''
      config_dict[proxy_component + '_https_proxy'] = proxy_config.get('https_proxy') or ''
-      config_dict[proxy_component + '_no_proxy'] = proxy_config.get('no_proxy') or '127.0.0.1,localhost,core,registry'
+      config_dict[proxy_component + '_no_proxy'] = ','.join(all_no_proxy)

    # Clair configs, optional
    clair_configs = configs.get("clair") or {}
--- a/tools/migration/cfg/migrator_1_10_0/harbor.yml.jinja
+++ b/tools/migration/cfg/migrator_1_10_0/harbor.yml.jinja
@ -334,7 +334,7 @@ proxy:
 proxy:
  http_proxy:
  https_proxy:
-  no_proxy: 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair
+  no_proxy:
  components:
    - core
    - jobservice
--- a/tools/migration/cfg/migrator_1_9_0/harbor.yml.jinja
+++ b/tools/migration/cfg/migrator_1_9_0/harbor.yml.jinja
@ -262,7 +262,7 @@ proxy:
 proxy:
  http_proxy:
  https_proxy:
-  no_proxy: 127.0.0.1,localhost,.local,.internal,log,db,redis,nginx,core,portal,postgresql,jobservice,registry,registryctl,clair
+  no_proxy:
  components:
    - core
    - jobservice