[pve-devel] [RFC cluster/manager/storage 0/7] datacenter config: add setting for HTTP{, S} proxies

[Maximiliano Sandoval]

Most of the relevant information is in the first commit.

The intention is to have an extensible and future-proof setting where different
proxies can be selected based on the connection protocol and the use-case. In a
follow-up this will be exposed in the web UI, ideally leaving most of this
complexity out, i.e. only showing the option to set up a global proxy
(HTTP+HTTPS) and allow configuring overrides for each use-case but setting both
HTTP+HTTPS simultaneously to the same value. If finer granularity (different
proxies for HTTP and HTTPS) is required then the configuration file can be
edited manually.

In follow ups the the following will be done:

 - Add more proxy overrides, e.g. for OpenID
 - Expose it in the web UI


## Testing

On a Proxmox VE host this could be tested, for example, by configuring a proxy
(e.g. squid [1]) at 10.10.10.138 and accepting 'out' traffic to the gateway
(10.10.10.1) and the proxy and dropping all traffic to ports 80 and 443.

```
$ cat /etc/pve/firewall/cluster.fw
[OPTIONS]

enable: 1

[RULES]

OUT ACCEPT -dest 10.10.10.138 -log nolog
OUT ACCEPT -dest 10.10.10.1 -log nolog
OUT DROP -p tcp -dport 443 -log nolog
OUT DROP -p tcp -dport 80 -log nolog
```

Then the config can be set via:

    pvesh set /cluster/options --proxy=http://10.10.10.139:3128,https-subscription=http://10.10.10.138:3128,http-download=none

and then, for example, one can check if the following call runs or not into a
timeout to see if the proxy is used:

    pvesubscription set $KEY

[1] https://www.squid-cache.org/

pve-cluster:

Maximiliano Sandoval (3):
  datacenter config: add setting for HTTP{,S} proxies
  datacenter config: deprecate http_proxy
  cluster: add helper to retrieve proxies

 src/PVE/Cluster.pm          | 58 +++++++++++++++++++++++++++++++++
 src/PVE/DataCenterConfig.pm | 64 ++++++++++++++++++++++++++++++++++++-
 2 files changed, 121 insertions(+), 1 deletion(-)


pve-manager:

Maximiliano Sandoval (3):
  api: subscription: use new proxy dc option
  api: apt: use new dc proxy option
  api: nodes: use new dc proxy option

 PVE/API2/APT.pm          |  7 +++++--
 PVE/API2/Nodes.pm        | 11 ++++++++---
 PVE/API2/Subscription.pm |  4 ++--
 3 files changed, 15 insertions(+), 7 deletions(-)


pve-storage:

Maximiliano Sandoval (1):
  api: storage: status: use new dc proxy option

 src/PVE/API2/Storage/Status.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


Summary over all repositories:
  6 files changed, 138 insertions(+), 10 deletions(-)

-- 
Generated by git-murpp 0.8.1