我有一个用例,其中大多数 remote_file 资源和 yum 资源直接从内部服务器下载文件。但是,需要使用 remote_file 下载防火墙之外的一两个文件,并且必须通过 HTTP 代理。如果我在 /etc/chef/client.rb 中设置 http_proxy 设置,则会对配方从内部资源下载 yum 和其他文件的能力产生不利影响。有没有办法让 remote_file 资源通过代理下载远程 URL,而无需在 /etc/chef/client.rb 中设置 http_proxy 值?
在下面的示例代码中,我从 rubyforge.org 下载了一个 redmine 包,这需要我的服务器通过公司代理。我在 remote_file 资源之前和之后想出了一个 ruby_block,用于设置 http_proxy 并“取消设置”。我正在寻找一种更简洁的方法来做到这一点。
ruby_block "setenv-http_proxy" do
block do
Chef::Config.http_proxy = node['redmine']['http_proxy']
ENV['http_proxy'] = node['redmine']['http_proxy']
ENV['HTTP_PROXY'] = node['redmine']['http_proxy']
end
action node['redmine']['rubyforge_use_proxy'] ? :create : :nothing
notifies :create_if_missing, "remote_file[redmine-bundle.zip]", :immediately
end
remote_file "redmine-bundle.zip" do
path "#{Dir.tmpdir}/redmine-#{attrs['version']}-bundle.zip"
source attrs['download_url']
mode "0644"
action :create_if_missing
notifies :decompress, "zipp[redmine-bundle.zip]", :immediately
notifies :create, "ruby_block[unsetenv-http_proxy]", :immediately
end
ruby_block "unsetenv-http_proxy" do
block do
Chef::Config.http_proxy = nil
ENV['http_proxy'] = nil
ENV['HTTP_PROXY'] = nil
end
action node['redmine']['rubyforge_use_proxy'] ? :create : :nothing
end
答案1
您可以尝试在 remote_file 之前立即设置 :http_proxy(然后取消设置),如下所示:
save_http_proxy = Chef::Config[:http_proxy]
Chef::Config[:http_proxy] = "http://someproxyserver.com:8080"
remote_file "redmine-bundle.zip" do
path "#{Dir.tmpdir}/redmine-#{attrs['version']}-bundle.zip"
source attrs['download_url']
mode "0644"
action :create_if_missing
notifies :decompress, "zipp[redmine-bundle.zip]", :immediately
notifies :create, "ruby_block[unsetenv-http_proxy]", :immediately
end
Chef::Config[:http_proxy] = save_http_proxy
答案2
像这样在您的 client.rb 中设置 no_proxy...以排除所有内部地址使用代理。
no_proxy "chef-server,*.my.dom,192.168.*,10.*"