[build]: support no_proxy environment variable in Azure SONiC build files (#7333)

Lack of having the support for no_proxy in SONiC build environment limits enterprise companies to put some internal hacks to ensure the proxy's dont refer to some Intranet site for artifactory downloads etc. Today. Using no_proxy is familiar in proxy settings terminology and excludes traffic destined to certain hosts.

Most Web clients hence support connection to proxy servers via environment variables:

http_proxy / HTTP_PROXY
https_proxy / HTTPS_PROXY
no_proxy / NO_PROXY
These variables tell the client what URL should be used to access the proxy servers and which exceptions should be made.

How to verify it

Simply set up the variable in the bash shell at build time.

export no_proxy=internal.example.com, internal2.example.com

Usage is:
no_proxy is a comma- or space-separated list of machine or domain names, with optional :port part. If no :port
part is present, it applies to all ports on that domain.
This commit is contained in:
VenkatCisco 2021-04-15 23:10:19 -07:00 committed by GitHub
parent 0939c54d36
commit 534a5b8093
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 3 deletions

View File

@ -138,6 +138,7 @@ DOCKER_RUN := docker run --rm=true --privileged --init \
-w $(DOCKER_BUILDER_WORKDIR) \ -w $(DOCKER_BUILDER_WORKDIR) \
-e "http_proxy=$(http_proxy)" \ -e "http_proxy=$(http_proxy)" \
-e "https_proxy=$(https_proxy)" \ -e "https_proxy=$(https_proxy)" \
-e "no_proxy=$(no_proxy)" \
-i$(shell { if [ -t 0 ]; then echo t; fi }) \ -i$(shell { if [ -t 0 ]; then echo t; fi }) \
$(SONIC_BUILDER_EXTRA_CMDLINE) $(SONIC_BUILDER_EXTRA_CMDLINE)
@ -197,6 +198,7 @@ DOCKER_BASE_BUILD = docker build --no-cache \
-t $(SLAVE_BASE_IMAGE):$(SLAVE_BASE_TAG) \ -t $(SLAVE_BASE_IMAGE):$(SLAVE_BASE_TAG) \
--build-arg http_proxy=$(http_proxy) \ --build-arg http_proxy=$(http_proxy) \
--build-arg https_proxy=$(https_proxy) \ --build-arg https_proxy=$(https_proxy) \
--build-arg no_proxy=$(no_proxy) \
$(SLAVE_DIR) $(SLAVE_DIR)
DOCKER_BASE_PULL = docker pull \ DOCKER_BASE_PULL = docker pull \
@ -240,6 +242,7 @@ SONIC_BUILD_INSTRUCTION := make \
SONIC_DPKG_CACHE_SOURCE=$(SONIC_DPKG_CACHE_SOURCE) \ SONIC_DPKG_CACHE_SOURCE=$(SONIC_DPKG_CACHE_SOURCE) \
HTTP_PROXY=$(http_proxy) \ HTTP_PROXY=$(http_proxy) \
HTTPS_PROXY=$(https_proxy) \ HTTPS_PROXY=$(https_proxy) \
NO_PROXY=$(no_proxy) \
SONIC_INCLUDE_SYSTEM_TELEMETRY=$(INCLUDE_SYSTEM_TELEMETRY) \ SONIC_INCLUDE_SYSTEM_TELEMETRY=$(INCLUDE_SYSTEM_TELEMETRY) \
SONIC_INCLUDE_RESTAPI=$(INCLUDE_RESTAPI) \ SONIC_INCLUDE_RESTAPI=$(INCLUDE_RESTAPI) \
TELEMETRY_WRITABLE=$(TELEMETRY_WRITABLE) \ TELEMETRY_WRITABLE=$(TELEMETRY_WRITABLE) \

View File

@ -153,7 +153,7 @@ To build Arm64 bit for platform
`/usr/bin/tar: /path/to/sonic-buildimage/<some_file>: Cannot write: No space left on device` `/usr/bin/tar: /path/to/sonic-buildimage/<some_file>: Cannot write: No space left on device`
The solution is to [move the directory](https://linuxconfig.org/how-to-move-docker-s-default-var-lib-docker-to-another-directory-on-ubuntu-debian-linux) to a partition with more free space. The solution is to [move the directory](https://linuxconfig.org/how-to-move-docker-s-default-var-lib-docker-to-another-directory-on-ubuntu-debian-linux) to a partition with more free space.
- Use `http_proxy=[your_proxy] https_proxy=[your_proxy] make` to enable http(s) proxy in the build process. - Use `http_proxy=[your_proxy] https_proxy=[your_proxy] no_proxy=[your_no_proxy] make` to enable http(s) proxy in the build process.
- Add your user account to `docker` group and use your user account to make. `root` or `sudo` are not supported. - Add your user account to `docker` group and use your user account to make. `root` or `sudo` are not supported.
The SONiC installer contains all docker images needed. SONiC uses one image for all devices of a same ASIC vendor. The supported ASIC vendors are: The SONiC installer contains all docker images needed. SONiC uses one image for all devices of a same ASIC vendor. The supported ASIC vendors are:

View File

@ -238,6 +238,7 @@ $(info "ENABLE_SYNCD_RPC" : "$(ENABLE_SYNCD_RPC)")
$(info "ENABLE_ORGANIZATION_EXTENSIONS" : "$(ENABLE_ORGANIZATION_EXTENSIONS)") $(info "ENABLE_ORGANIZATION_EXTENSIONS" : "$(ENABLE_ORGANIZATION_EXTENSIONS)")
$(info "HTTP_PROXY" : "$(HTTP_PROXY)") $(info "HTTP_PROXY" : "$(HTTP_PROXY)")
$(info "HTTPS_PROXY" : "$(HTTPS_PROXY)") $(info "HTTPS_PROXY" : "$(HTTPS_PROXY)")
$(info "NO_PROXY" : "$(NO_PROXY)")
$(info "ENABLE_ZTP" : "$(ENABLE_ZTP)") $(info "ENABLE_ZTP" : "$(ENABLE_ZTP)")
$(info "SONIC_DEBUGGING_ON" : "$(SONIC_DEBUGGING_ON)") $(info "SONIC_DEBUGGING_ON" : "$(SONIC_DEBUGGING_ON)")
$(info "SONIC_PROFILING_ON" : "$(SONIC_PROFILING_ON)") $(info "SONIC_PROFILING_ON" : "$(SONIC_PROFILING_ON)")
@ -647,7 +648,8 @@ $(SONIC_INSTALL_WHEELS) : $(PYTHON_WHEELS_PATH)/%-install : .platform $$(addsuff
# start docker daemon # start docker daemon
docker-start : docker-start :
@sudo sed -i '/http_proxy/d' /etc/default/docker @sudo sed -i '/http_proxy/d' /etc/default/docker
@sudo bash -c "echo \"export http_proxy=$$http_proxy\" >> /etc/default/docker" @sudo bash -c "{ echo \"export http_proxy=$$http_proxy\"; \
echo \"export no_proxy=$$no_proxy\"; } >> /etc/default/docker"
@test x$(SONIC_CONFIG_USE_NATIVE_DOCKERD_FOR_BUILD) != x"y" && sudo service docker status &> /dev/null || ( sudo service docker start &> /dev/null && ./scripts/wait_for_docker.sh 60 ) @test x$(SONIC_CONFIG_USE_NATIVE_DOCKERD_FOR_BUILD) != x"y" && sudo service docker status &> /dev/null || ( sudo service docker start &> /dev/null && ./scripts/wait_for_docker.sh 60 )
# targets for building simple docker images that do not depend on any debian packages # targets for building simple docker images that do not depend on any debian packages
@ -661,6 +663,7 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_SIMPLE_DOCKER_IMAGES)) : $(TARGET_PATH)/%.g
docker build --squash --no-cache \ docker build --squash --no-cache \
--build-arg http_proxy=$(HTTP_PROXY) \ --build-arg http_proxy=$(HTTP_PROXY) \
--build-arg https_proxy=$(HTTPS_PROXY) \ --build-arg https_proxy=$(HTTPS_PROXY) \
--build-arg no_proxy=$(NO_PROXY) \
--build-arg user=$(USER) \ --build-arg user=$(USER) \
--build-arg uid=$(UID) \ --build-arg uid=$(UID) \
--build-arg guid=$(GUID) \ --build-arg guid=$(GUID) \
@ -751,6 +754,7 @@ $(addprefix $(TARGET_PATH)/, $(DOCKER_IMAGES)) : $(TARGET_PATH)/%.gz : .platform
docker build --squash --no-cache \ docker build --squash --no-cache \
--build-arg http_proxy=$(HTTP_PROXY) \ --build-arg http_proxy=$(HTTP_PROXY) \
--build-arg https_proxy=$(HTTPS_PROXY) \ --build-arg https_proxy=$(HTTPS_PROXY) \
--build-arg no_proxy=$(NO_PROXY) \
--build-arg user=$(USER) \ --build-arg user=$(USER) \
--build-arg uid=$(UID) \ --build-arg uid=$(UID) \
--build-arg guid=$(GUID) \ --build-arg guid=$(GUID) \
@ -802,7 +806,8 @@ $(addprefix $(TARGET_PATH)/, $(DOCKER_DBG_IMAGES)) : $(TARGET_PATH)/%-$(DBG_IMAG
docker build \ docker build \
$(if $($*.gz_DBG_DEPENDS), --squash --no-cache, --no-cache) \ $(if $($*.gz_DBG_DEPENDS), --squash --no-cache, --no-cache) \
--build-arg http_proxy=$(HTTP_PROXY) \ --build-arg http_proxy=$(HTTP_PROXY) \
--build-arg https_proxy=$(HTTPS_PROXY) \ --build-arg http_proxy=$(HTTP_PROXY) \
--build-arg no_proxy=$(NO_PROXY) \
--build-arg docker_container_name=$($*.gz_CONTAINER_NAME) \ --build-arg docker_container_name=$($*.gz_CONTAINER_NAME) \
--label Tag=$(SONIC_IMAGE_VERSION) \ --label Tag=$(SONIC_IMAGE_VERSION) \
--file $($*.gz_PATH)/Dockerfile-dbg \ --file $($*.gz_PATH)/Dockerfile-dbg \