maas-proxy upstream proxy support and jenkins slave proxy port
Change-Id: I6d2ab5fcf08ec8961d9d91918b9a0ef3dee129c2
diff --git a/README.rst b/README.rst
index 250ea82..178b0c9 100644
--- a/README.rst
+++ b/README.rst
@@ -23,6 +23,9 @@
maas:
salt_master_ip: 192.168.0.10
region:
+ upstream_proxy:
+ address: 10.0.0.1
+ port: 8080
theme: mirantis
bind:
host: 192.168.0.10:5240
diff --git a/maas/files/maas-proxy.conf.template b/maas/files/maas-proxy.conf.template
new file mode 100644
index 0000000..c35cf93
--- /dev/null
+++ b/maas/files/maas-proxy.conf.template
@@ -0,0 +1,67 @@
+{%- from "maas/map.jinja" import region with context %}
+{% raw %}
+# DO NOT EDIT. This file is automatically created by MAAS.
+# Last updated at {{modified}}.
+
+# Inspired by UDS's conference proxy
+
+acl maas_proxy_manager proto cache_object
+# Make sure that localnet has at least one entry in it, to avoid errors.
+acl localnet src 127.0.0.0/8
+{{for cidr in cidrs}}
+acl localnet src {{cidr}}
+{{endfor}}
+acl SSL_ports port 443
+acl SSL_ports port 50000 # jenkins slave
+acl Safe_ports port 80 # http
+acl Safe_ports port 21 # ftp
+acl Safe_ports port 443 # https
+acl Safe_ports port 1025-65535 # unregistered ports
+acl CONNECT method CONNECT
+http_access allow maas_proxy_manager localhost
+http_access deny maas_proxy_manager
+http_access deny !Safe_ports
+http_access deny CONNECT !SSL_ports
+http_access allow localnet
+http_access allow localhost
+http_access deny all
+http_port 3128 transparent
+http_port 8000
+refresh_pattern ^ftp: 1440 20% 10080
+refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
+refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
+refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
+refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
+refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
+refresh_pattern . 0 20% 4320
+forwarded_for delete
+visible_hostname {{fqdn}}
+cache_mem 512 MB
+minimum_object_size 0 MB
+maximum_object_size 1024 MB
+maximum_object_size_in_memory 100 MB
+{{if running_in_snap}}
+pid_filename {{snap_data_path}}/proxy/squid.pid
+mime_table {{snap_path}}/usr/share/squid/mime.conf
+pinger_program {{snap_path}}/usr/lib/squid/pinger
+unlinkd_program {{snap_path}}/usr/lib/squid/unlinkd
+logfile_daemon {{snap_path}}/usr/lib/squid/log_file_daemon
+icon_directory {{snap_path}}/usr/share/squid/icons
+error_directory {{snap_path}}/usr/share/squid-langpack/en
+coredump_dir {{snap_common_path}}/proxy/spool
+cache_dir aufs {{snap_common_path}}/proxy/cache 40000 16 256
+cache_access_log {{snap_common_path}}/log/proxy/access.log
+cache_log {{snap_common_path}}/log/proxy/cache.log
+cache_store_log {{snap_common_path}}/log/proxy/store.log
+{{else}}
+coredump_dir /var/spool/maas-proxy
+cache_dir aufs /var/spool/maas-proxy 40000 16 256
+cache_access_log /var/log/maas/proxy/access.log
+cache_log /var/log/maas/proxy/cache.log
+cache_store_log /var/log/maas/proxy/store.log
+{{endif}}
+{% endraw %}
+{% if region.upstream_proxy is defined %}
+cache_peer {{ region.upstream_proxy.address }} parent {{ region.upstream_proxy.port }} 0 no-query default
+never_direct allow all
+{%- endif %}
diff --git a/maas/region.sls b/maas/region.sls
index f09f400..a83003f 100644
--- a/maas/region.sls
+++ b/maas/region.sls
@@ -13,6 +13,13 @@
- require:
- pkg: maas_region_packages
+/usr/lib/python3/dist-packages/provisioningserver/templates/proxy/maas-proxy.conf.template:
+ file.managed:
+ - source: salt://maas/files/maas-proxy.conf.template
+ - template: jinja
+ - require:
+ - pkg: maas_region_packages
+
{%- if region.get('enable_iframe', False) %}
/etc/apache2/conf-enabled/maas-http.conf: