add proxy capability to dns server (#1270)

src/terraform/modules/dnsserver/main.tf

@@ -123,6 +123,8 @@ locals {
   script_file_b64       = base64gzip(replace(file("${path.module}/install.sh"), "\r", ""))
   unbound_conf_file_b64 = base64gzip(replace(templatefile("${path.module}/unbound.conf", { max_ttl = var.dns_max_ttl_seconds, excluded_subnets = local.excluded_subnets_str, local_zone_line = local.local_zone_record_str, arecord_lines = local.local_a_records_str, forward_addr_lines = local.foward_lines_str }), "\r", ""))
   cloud_init_file       = templatefile("${path.module}/cloud-init.tpl", { installcmd = local.script_file_b64, unboundconf = local.unbound_conf_file_b64, ssh_port = var.ssh_port })
+
+  proxy_env = (var.proxy == null || var.proxy == "") ? "" : "http_proxy=${var.proxy} https_proxy=${var.proxy} no_proxy=169.254.169.254"
 }
 
 data "azurerm_subnet" "vnet" {
@@ -193,7 +195,7 @@ resource "azurerm_virtual_machine_extension" "cse" {
 
   settings = <<SETTINGS
     {
-        "commandToExecute": " /bin/bash /opt/install.sh"
+        "commandToExecute": " ${var.proxy_env} /bin/bash /opt/install.sh"
     }
 SETTINGS
 }

src/terraform/modules/dnsserver/variables.tf

@@ -119,3 +119,8 @@ variable "avere_filer_alternate_fqdn" {
   default     = []
   description = "alternate fqdn of the avere and is useful to point other names at Avere or can be used to emulate a domain search list."
 }
+
+variable "proxy" {
+  description = "specify a proxy address if one exists in the format of http://PROXY_SERVER:PORT"
+  default     = null
+}

src/terraform/modules/dnsserveru/main.tf

@@ -3,20 +3,20 @@ locals {
   last_octet  = split(".", var.avere_first_ip_addr)[3]
   addr_prefix = trimsuffix(var.avere_first_ip_addr, ".${local.last_octet}")
   # technique from article: https://forum.netgate.com/topic/120486/round-robin-for-dns-forwarder-network-address/3
-  local_a_records = [for i in range(var.avere_ip_addr_count): "local-data: \"${var.avere_filer_fqdn} ${var.dns_max_ttl_seconds} A ${local.addr_prefix}.${local.last_octet + i}\""]
-  local_a_records_reverse = [for i in range(var.avere_ip_addr_count): "local-data-ptr: \"${local.addr_prefix}.${local.last_octet + i} ${var.dns_max_ttl_seconds} ${var.avere_filer_fqdn}\""]
+  local_a_records         = [for i in range(var.avere_ip_addr_count) : "local-data: \"${var.avere_filer_fqdn} ${var.dns_max_ttl_seconds} A ${local.addr_prefix}.${local.last_octet + i}\""]
+  local_a_records_reverse = [for i in range(var.avere_ip_addr_count) : "local-data-ptr: \"${local.addr_prefix}.${local.last_octet + i} ${var.dns_max_ttl_seconds} ${var.avere_filer_fqdn}\""]
 
   # alternate fqdn
   local_alternate_a_records = flatten([
-    for i in range(length(var.avere_filer_alternate_fqdn)): [
-      for j in range(var.avere_ip_addr_count): 
+    for i in range(length(var.avere_filer_alternate_fqdn)) : [
+      for j in range(var.avere_ip_addr_count) :
       "local-data: \"${var.avere_filer_alternate_fqdn[i]} ${var.dns_max_ttl_seconds} A ${local.addr_prefix}.${local.last_octet + j}\""
     ]
   ])
   # reverse records
   local_alternate_a_records_reverse = flatten([
-    for i in range(length(var.avere_filer_alternate_fqdn)): [
-      for j in range(var.avere_ip_addr_count): 
+    for i in range(length(var.avere_filer_alternate_fqdn)) : [
+      for j in range(var.avere_ip_addr_count) :
       "local-data-ptr: \"${local.addr_prefix}.${local.last_octet + j} ${var.dns_max_ttl_seconds} ${var.avere_filer_alternate_fqdn[i]}\""
     ]
   ])
@@ -25,20 +25,20 @@ locals {
   last_octet2  = var.avere_first_ip_addr2 == "" ? "" : split(".", var.avere_first_ip_addr2)[3]
   addr_prefix2 = var.avere_first_ip_addr2 == "" ? "" : trimsuffix(var.avere_first_ip_addr2, ".${local.last_octet2}")
 
-  local_a_records2 = var.avere_first_ip_addr2 == "" ? [] : [for i in range(var.avere_ip_addr_count2): "local-data: \"${var.avere_filer_fqdn} ${var.dns_max_ttl_seconds} A ${local.addr_prefix2}.${local.last_octet2 + i}\""]
-  local_a_records_reverse2 = var.avere_first_ip_addr2 == "" ? [] : [for i in range(var.avere_ip_addr_count2): "local-data-ptr: \"${local.addr_prefix2}.${local.last_octet2 + i} ${var.dns_max_ttl_seconds} ${var.avere_filer_fqdn}\""]
+  local_a_records2         = var.avere_first_ip_addr2 == "" ? [] : [for i in range(var.avere_ip_addr_count2) : "local-data: \"${var.avere_filer_fqdn} ${var.dns_max_ttl_seconds} A ${local.addr_prefix2}.${local.last_octet2 + i}\""]
+  local_a_records_reverse2 = var.avere_first_ip_addr2 == "" ? [] : [for i in range(var.avere_ip_addr_count2) : "local-data-ptr: \"${local.addr_prefix2}.${local.last_octet2 + i} ${var.dns_max_ttl_seconds} ${var.avere_filer_fqdn}\""]
 
   # alternate fqdn
   local_alternate_a_records2 = var.avere_first_ip_addr2 == "" ? [] : flatten([
-    for i in range(length(var.avere_filer_alternate_fqdn)): [
-      for j in range(var.avere_ip_addr_count2): 
+    for i in range(length(var.avere_filer_alternate_fqdn)) : [
+      for j in range(var.avere_ip_addr_count2) :
       "local-data: \"${var.avere_filer_alternate_fqdn[i]} ${var.dns_max_ttl_seconds} A ${local.addr_prefix2}.${local.last_octet2 + j}\""
     ]
   ])
   # reverse records
   local_alternate_a_records_reverse2 = var.avere_first_ip_addr2 == "" ? [] : flatten([
-    for i in range(length(var.avere_filer_alternate_fqdn)): [
-      for j in range(var.avere_ip_addr_count2): 
+    for i in range(length(var.avere_filer_alternate_fqdn)) : [
+      for j in range(var.avere_ip_addr_count2) :
       "local-data-ptr: \"${local.addr_prefix2}.${local.last_octet2 + j} ${var.dns_max_ttl_seconds} ${var.avere_filer_alternate_fqdn[i]}\""
     ]
   ])
@@ -47,20 +47,20 @@ locals {
   last_octet3  = var.avere_first_ip_addr3 == "" ? "" : split(".", var.avere_first_ip_addr3)[3]
   addr_prefix3 = var.avere_first_ip_addr3 == "" ? "" : trimsuffix(var.avere_first_ip_addr3, ".${local.last_octet3}")
 
-  local_a_records3 = var.avere_first_ip_addr3 == "" ? [] : [for i in range(var.avere_ip_addr_count3): "local-data: \"${var.avere_filer_fqdn} ${var.dns_max_ttl_seconds} A ${local.addr_prefix3}.${local.last_octet3 + i}\""]
-  local_a_records_reverse3 = var.avere_first_ip_addr3 == "" ? [] : [for i in range(var.avere_ip_addr_count3): "local-data-ptr: \"${local.addr_prefix3}.${local.last_octet3 + i} ${var.dns_max_ttl_seconds} ${var.avere_filer_fqdn}\""]
+  local_a_records3         = var.avere_first_ip_addr3 == "" ? [] : [for i in range(var.avere_ip_addr_count3) : "local-data: \"${var.avere_filer_fqdn} ${var.dns_max_ttl_seconds} A ${local.addr_prefix3}.${local.last_octet3 + i}\""]
+  local_a_records_reverse3 = var.avere_first_ip_addr3 == "" ? [] : [for i in range(var.avere_ip_addr_count3) : "local-data-ptr: \"${local.addr_prefix3}.${local.last_octet3 + i} ${var.dns_max_ttl_seconds} ${var.avere_filer_fqdn}\""]
 
   # alternate fqdn
   local_alternate_a_records3 = var.avere_first_ip_addr3 == "" ? [] : flatten([
-    for i in range(length(var.avere_filer_alternate_fqdn)): [
-      for j in range(var.avere_ip_addr_count3): 
+    for i in range(length(var.avere_filer_alternate_fqdn)) : [
+      for j in range(var.avere_ip_addr_count3) :
       "local-data: \"${var.avere_filer_alternate_fqdn[i]} ${var.dns_max_ttl_seconds} A ${local.addr_prefix3}.${local.last_octet3 + j}\""
     ]
   ])
   # reverse records
   local_alternate_a_records_reverse3 = var.avere_first_ip_addr3 == "" ? [] : flatten([
-    for i in range(length(var.avere_filer_alternate_fqdn)): [
-      for j in range(var.avere_ip_addr_count3): 
+    for i in range(length(var.avere_filer_alternate_fqdn)) : [
+      for j in range(var.avere_ip_addr_count3) :
       "local-data-ptr: \"${local.addr_prefix3}.${local.last_octet3 + j} ${var.dns_max_ttl_seconds} ${var.avere_filer_alternate_fqdn[i]}\""
     ]
   ])
@@ -69,20 +69,20 @@ locals {
   last_octet4  = var.avere_first_ip_addr4 == "" ? "" : split(".", var.avere_first_ip_addr4)[3]
   addr_prefix4 = var.avere_first_ip_addr4 == "" ? "" : trimsuffix(var.avere_first_ip_addr4, ".${local.last_octet4}")
 
-  local_a_records4 = var.avere_first_ip_addr4 == "" ? [] : [for i in range(var.avere_ip_addr_count4): "local-data: \"${var.avere_filer_fqdn} ${var.dns_max_ttl_seconds} A ${local.addr_prefix4}.${local.last_octet4 + i}\""]
-  local_a_records_reverse4 = var.avere_first_ip_addr4 == "" ? [] : [for i in range(var.avere_ip_addr_count4): "local-data-ptr: \"${local.addr_prefix4}.${local.last_octet4 + i} ${var.dns_max_ttl_seconds} ${var.avere_filer_fqdn}\""]
+  local_a_records4         = var.avere_first_ip_addr4 == "" ? [] : [for i in range(var.avere_ip_addr_count4) : "local-data: \"${var.avere_filer_fqdn} ${var.dns_max_ttl_seconds} A ${local.addr_prefix4}.${local.last_octet4 + i}\""]
+  local_a_records_reverse4 = var.avere_first_ip_addr4 == "" ? [] : [for i in range(var.avere_ip_addr_count4) : "local-data-ptr: \"${local.addr_prefix4}.${local.last_octet4 + i} ${var.dns_max_ttl_seconds} ${var.avere_filer_fqdn}\""]
 
   # alternate fqdn
   local_alternate_a_records4 = var.avere_first_ip_addr4 == "" ? [] : flatten([
-    for i in range(length(var.avere_filer_alternate_fqdn)): [
-      for j in range(var.avere_ip_addr_count4): 
+    for i in range(length(var.avere_filer_alternate_fqdn)) : [
+      for j in range(var.avere_ip_addr_count4) :
       "local-data: \"${var.avere_filer_alternate_fqdn[i]} ${var.dns_max_ttl_seconds} A ${local.addr_prefix4}.${local.last_octet4 + j}\""
     ]
   ])
   # reverse records
   local_alternate_a_records_reverse4 = var.avere_first_ip_addr4 == "" ? [] : flatten([
-    for i in range(length(var.avere_filer_alternate_fqdn)): [
-      for j in range(var.avere_ip_addr_count4): 
+    for i in range(length(var.avere_filer_alternate_fqdn)) : [
+      for j in range(var.avere_ip_addr_count4) :
       "local-data-ptr: \"${local.addr_prefix4}.${local.last_octet4 + j} ${var.dns_max_ttl_seconds} ${var.avere_filer_alternate_fqdn[i]}\""
     ]
   ])
@@ -97,9 +97,11 @@ locals {
   foward_lines_str = join("\n  ", local.forward_lines)
 
   # send the script file to custom data, adding env vars
-  script_file_b64 = base64gzip(replace(file("${path.module}/install.sh"),"\r",""))
-  unbound_conf_file_b64 = base64gzip(replace(templatefile("${path.module}/unbound.conf", { max_ttl = var.dns_max_ttl_seconds, arecord_lines = local.local_a_records_str, forward_addr_lines = local.foward_lines_str }),"\r",""))
+  script_file_b64       = base64gzip(replace(file("${path.module}/install.sh"), "\r", ""))
+  unbound_conf_file_b64 = base64gzip(replace(templatefile("${path.module}/unbound.conf", { max_ttl = var.dns_max_ttl_seconds, arecord_lines = local.local_a_records_str, forward_addr_lines = local.foward_lines_str }), "\r", ""))
   cloud_init_file       = templatefile("${path.module}/cloud-init.tpl", { installcmd = local.script_file_b64, unboundconf = local.unbound_conf_file_b64, ssh_port = var.ssh_port })
+
+  proxy_env = (var.proxy == null || var.proxy == "") ? "" : "http_proxy=${var.proxy} https_proxy=${var.proxy} no_proxy=169.254.169.254"
 }
 
 data "azurerm_subnet" "vnet" {
@@ -174,7 +176,7 @@ resource "azurerm_virtual_machine_extension" "cse" {
 
   settings = <<SETTINGS
     {
-        "commandToExecute": " /bin/bash /opt/install.sh"
+        "commandToExecute": " ${var.proxy_env} /bin/bash /opt/install.sh"
     }
 SETTINGS
 }

src/terraform/modules/dnsserveru/variables.tf

@@ -107,3 +107,8 @@ variable "avere_filer_alternate_fqdn" {
   default     = []
   description = "alternate fqdn of the avere and is useful to point other names at Avere or can be used to emulate a domain search list."
 }
+
+variable "proxy" {
+  description = "specify a proxy address if one exists in the format of http://PROXY_SERVER:PORT"
+  default     = null
+}