Drop TLS on caddy internal endpoint (#81)

Signed-off-by: Rajeev Ranjan <rajeev2.ranjan@intel.com>

Author: rranjan3

dkam/pkg/curation/curation.go

@@ -151,7 +151,6 @@ func GetCommonInfraTemplateVariables(infraConfig config.InfraConfig, osType osv1
 		"RELEASE_FQDN":                   strings.Split(infraConfig.ReleaseServiceURL, ":")[0],
 		"RELEASE_TOKEN_URL":              infraConfig.ReleaseServiceURL,
 		"ORCH_APT_PORT":                  strings.Split(infraConfig.FileServerURL, ":")[1],
-		"ORCH_IMG_PORT":                  strings.Split(infraConfig.RegistryURL, ":")[1],
 		"FILE_SERVER":                    strings.Split(infraConfig.FileServerURL, ":")[0],
 		"IMG_REGISTRY_URL":               strings.Split(infraConfig.RegistryURL, ":")[0],
 		"NTP_SERVERS":                    strings.Join(infraConfig.NTPServers, ","),

dkam/pkg/script/Installer

@@ -78,8 +78,7 @@ NODE_RS_URL={{ .RELEASE_TOKEN_URL }}
 RELEASE_FQDN={{ .RELEASE_FQDN }}
 CADDY_APT_PROXY_URL={{ .FILE_SERVER }}
 CADDY_APT_PROXY_PORT={{ .ORCH_APT_PORT }}
-CADDY_REGISTRY_PROXY_URL={{ .IMG_REGISTRY_URL }}
-CADDY_REGISTRY_PROXY_PORT={{ .ORCH_IMG_PORT }}
+REGISTRY_URL={{ .IMG_REGISTRY_URL }}
 DEB_PACKAGES_REPO={{ .DEB_PACKAGES_REPO }}
 FILE_RS_ROOT={{ .FILE_RS_ROOT }}
 
@@ -252,8 +251,7 @@ install_node_agent(){
         echo "node-agent node-agent/auth.rsTokenURL string ${NODE_RS_URL}" | debconf-set-selections
         echo "node-agent node-agent/proxy.aptSourceURL string ${CADDY_APT_PROXY_URL}" | debconf-set-selections
         echo "node-agent node-agent/proxy.aptSourceProxyPort string ${CADDY_APT_PROXY_PORT}" | debconf-set-selections
-        echo "node-agent node-agent/proxy.imgRegistryURL string ${CADDY_REGISTRY_PROXY_URL}" | debconf-set-selections
-        echo "node-agent node-agent/proxy.imgRegistryProxyPort string ${CADDY_REGISTRY_PROXY_PORT}" | debconf-set-selections
+        echo "node-agent node-agent/proxy.aptSourceFilesRSRoot string ${FILE_RS_ROOT}" | debconf-set-selections
         echo "node-agent node-agent/auth.RSType string ${RS_TYPE}" | debconf-set-selections
 
         echo "Install caddy for node agent..."
@@ -262,9 +260,9 @@ install_node_agent(){
         CADDY_VERSION={{ index . "caddy-VERSION" }}
         CADDY_PKGFILE="./caddy_${CADDY_VERSION}_linux_amd64.deb"
         if [ "$RS_TYPE" == "auth" ]; then
-            echo "${RS_AT}" | oras pull "${CADDY_REGISTRY_PROXY_URL}/${DEB_PACKAGES_REPO}/caddy:$CADDY_VERSION" --password-stdin
+            echo "${RS_AT}" | oras pull "${REGISTRY_URL}/${DEB_PACKAGES_REPO}/caddy:$CADDY_VERSION" --password-stdin
         else
-            oras pull "${CADDY_REGISTRY_PROXY_URL}/${DEB_PACKAGES_REPO}/caddy:$CADDY_VERSION"
+            oras pull "${REGISTRY_URL}/${DEB_PACKAGES_REPO}/caddy:$CADDY_VERSION"
         fi
         if [ ! -f "${CADDY_PKGFILE}" ]; then
             echo "caddy debian package could not be downloaded. Aborting installation"
@@ -285,9 +283,9 @@ install_node_agent(){
 
         echo "download node agent"
         if [ "$RS_TYPE" == "auth" ]; then
-            echo "${RS_AT}" | oras pull "${CADDY_REGISTRY_PROXY_URL}/${DEB_PACKAGES_REPO}/node-agent:$VERSION" --password-stdin
+            echo "${RS_AT}" | oras pull "${REGISTRY_URL}/${DEB_PACKAGES_REPO}/node-agent:$VERSION" --password-stdin
         else
-            oras pull "${CADDY_REGISTRY_PROXY_URL}/${DEB_PACKAGES_REPO}/node-agent:$VERSION"
+            oras pull "${REGISTRY_URL}/${DEB_PACKAGES_REPO}/node-agent:$VERSION"
         fi
 
         if [ ! -f "${PKGFILE}" ]; then
@@ -303,7 +301,7 @@ install_node_agent(){
 
         echo "wait for node agent and client proxy to start"
         while true; do
-            http_status=$(curl -s -o /dev/null -w "%{http_code}" "https://localhost:$CADDY_APT_PROXY_PORT/${FILE_RS_ROOT}/edge-node.asc")
+            http_status=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:$CADDY_APT_PROXY_PORT/${FILE_RS_ROOT}/edge-node.asc")
             if [ "$http_status" -eq 200 ]; then
                 echo "Client proxy is active"
                 break
@@ -319,7 +317,7 @@ install_node_agent(){
         else
             curl -kfsSL "https://$CADDY_APT_PROXY_URL/${FILE_RS_ROOT}/edge-node.asc" -o /etc/apt/trusted.gpg.d/edge-node.asc
         fi
-        echo "deb https://localhost:$CADDY_APT_PROXY_PORT/${FILE_RS_ROOT}/repository ${APT_DISTRO} main" | tee /etc/apt/sources.list.d/edge-node.list
+        echo "deb http://localhost:$CADDY_APT_PROXY_PORT/${FILE_RS_ROOT}/repository ${APT_DISTRO} main" | tee /etc/apt/sources.list.d/edge-node.list
 
         apt-get update
         echo "install_node_agent done" | tee -a "$SCRIPT_DIR"/$STATUS_FILENAME

dkam/testing/testing_utils.go

@@ -179,7 +179,7 @@ func PrepareTestInfraConfig(_ *testing.T) {
 		MetricsObservabilityURL:               "metrics.test:443",
 		KeycloakURL:                           "keycloak.test:443",
 		TelemetryURL:                          "telemetry.test:443",
-		RegistryURL:                           "registry.test:443",
+		RegistryURL:                           "registry.test",
 		FileServerURL:                         "fs.test:443",
 		ProvisioningService:                   "provisioning.test:443",
 		ProvisioningServerURL:                 "provisioning.test:443",

onboarding-manager/pkg/cloudinit/infra.cfg

@@ -114,8 +114,7 @@ datasource:
                  NODE_RS_URL={{ .RELEASE_TOKEN_URL }}
                  CADDY_APT_PROXY_URL={{ .FILE_SERVER }}
                  CADDY_APT_PROXY_PORT={{ .ORCH_APT_PORT }}
-                 CADDY_REGISTRY_PROXY_URL={{ .IMG_REGISTRY_URL }}
-                 CADDY_REGISTRY_PROXY_PORT={{ .ORCH_IMG_PORT }}
+                 REGISTRY_URL={{ .IMG_REGISTRY_URL }}
                  OBSERVABILITY_LOGGING_URL={{ .ORCH_PLATFORM_OBS_HOST }}
                  OBSERVABILITY_LOGGING_PORT={{ .ORCH_PLATFORM_OBS_PORT }}
                  OBSERVABILITY_METRICS_URL={{ .ORCH_PLATFORM_OBS_METRICS_HOST }}

onboarding-manager/pkg/cloudinit/testout/expected-installer-01.cfg

@@ -70,8 +70,7 @@ datasource:
                  NODE_RS_URL=rs.test:443
                  CADDY_APT_PROXY_URL=fs.test
                  CADDY_APT_PROXY_PORT=443
-                 CADDY_REGISTRY_PROXY_URL=registry.test
-                 CADDY_REGISTRY_PROXY_PORT=443
+                 REGISTRY_URL=registry.test
                  OBSERVABILITY_LOGGING_URL=logs.test
                  OBSERVABILITY_LOGGING_PORT=443
                  OBSERVABILITY_METRICS_URL=metrics.test

onboarding-manager/pkg/cloudinit/testout/expected-installer-02.cfg

@@ -70,8 +70,7 @@ datasource:
                  NODE_RS_URL=rs.test:443
                  CADDY_APT_PROXY_URL=fs.test
                  CADDY_APT_PROXY_PORT=443
-                 CADDY_REGISTRY_PROXY_URL=registry.test
-                 CADDY_REGISTRY_PROXY_PORT=443
+                 REGISTRY_URL=registry.test
                  OBSERVABILITY_LOGGING_URL=logs.test
                  OBSERVABILITY_LOGGING_PORT=443
                  OBSERVABILITY_METRICS_URL=metrics.test

onboarding-manager/pkg/cloudinit/testout/expected-installer-03.cfg

@@ -70,8 +70,7 @@ datasource:
                  NODE_RS_URL=rs.test:443
                  CADDY_APT_PROXY_URL=fs.test
                  CADDY_APT_PROXY_PORT=443
-                 CADDY_REGISTRY_PROXY_URL=registry.test
-                 CADDY_REGISTRY_PROXY_PORT=443
+                 REGISTRY_URL=registry.test
                  OBSERVABILITY_LOGGING_URL=logs.test
                  OBSERVABILITY_LOGGING_PORT=443
                  OBSERVABILITY_METRICS_URL=metrics.test

onboarding-manager/pkg/cloudinit/testout/expected-installer-04.cfg

@@ -62,8 +62,7 @@ datasource:
                  NODE_RS_URL=rs.test:443
                  CADDY_APT_PROXY_URL=fs.test
                  CADDY_APT_PROXY_PORT=443
-                 CADDY_REGISTRY_PROXY_URL=registry.test
-                 CADDY_REGISTRY_PROXY_PORT=443
+                 REGISTRY_URL=registry.test
                  OBSERVABILITY_LOGGING_URL=logs.test
                  OBSERVABILITY_LOGGING_PORT=443
                  OBSERVABILITY_METRICS_URL=metrics.test

onboarding-manager/pkg/cloudinit/testout/expected-installer-05.cfg

@@ -62,8 +62,7 @@ datasource:
                  NODE_RS_URL=rs.test:443
                  CADDY_APT_PROXY_URL=fs.test
                  CADDY_APT_PROXY_PORT=443
-                 CADDY_REGISTRY_PROXY_URL=registry.test
-                 CADDY_REGISTRY_PROXY_PORT=443
+                 REGISTRY_URL=registry.test
                  OBSERVABILITY_LOGGING_URL=logs.test
                  OBSERVABILITY_LOGGING_PORT=443
                  OBSERVABILITY_METRICS_URL=metrics.test

onboarding-manager/pkg/cloudinit/testout/expected-installer-06.cfg

@@ -62,8 +62,7 @@ datasource:
                  NODE_RS_URL=rs.test:443
                  CADDY_APT_PROXY_URL=fs.test
                  CADDY_APT_PROXY_PORT=443
-                 CADDY_REGISTRY_PROXY_URL=registry.test
-                 CADDY_REGISTRY_PROXY_PORT=443
+                 REGISTRY_URL=registry.test
                  OBSERVABILITY_LOGGING_URL=logs.test
                  OBSERVABILITY_LOGGING_PORT=443
                  OBSERVABILITY_METRICS_URL=metrics.test

onboarding-manager/pkg/cloudinit/testout/expected-installer-07.cfg

@@ -62,8 +62,7 @@ datasource:
                  NODE_RS_URL=rs.test:443
                  CADDY_APT_PROXY_URL=fs.test
                  CADDY_APT_PROXY_PORT=443
-                 CADDY_REGISTRY_PROXY_URL=registry.test
-                 CADDY_REGISTRY_PROXY_PORT=443
+                 REGISTRY_URL=registry.test
                  OBSERVABILITY_LOGGING_URL=logs.test
                  OBSERVABILITY_LOGGING_PORT=443
                  OBSERVABILITY_METRICS_URL=metrics.test

onboarding-manager/pkg/cloudinit/testout/expected-installer-08.cfg

@@ -62,8 +62,7 @@ datasource:
                  NODE_RS_URL=rs.test:443
                  CADDY_APT_PROXY_URL=fs.test
                  CADDY_APT_PROXY_PORT=443
-                 CADDY_REGISTRY_PROXY_URL=registry.test
-                 CADDY_REGISTRY_PROXY_PORT=443
+                 REGISTRY_URL=registry.test
                  OBSERVABILITY_LOGGING_URL=logs.test
                  OBSERVABILITY_LOGGING_PORT=443
                  OBSERVABILITY_METRICS_URL=metrics.test

onboarding-manager/pkg/cloudinit/testout/expected-installer-09.cfg

@@ -88,8 +88,7 @@ datasource:
                  NODE_RS_URL=rs.test:443
                  CADDY_APT_PROXY_URL=fs.test
                  CADDY_APT_PROXY_PORT=443
-                 CADDY_REGISTRY_PROXY_URL=registry.test
-                 CADDY_REGISTRY_PROXY_PORT=443
+                 REGISTRY_URL=registry.test
                  OBSERVABILITY_LOGGING_URL=logs.test
                  OBSERVABILITY_LOGGING_PORT=443
                  OBSERVABILITY_METRICS_URL=metrics.test

onboarding-manager/pkg/cloudinit/testout/expected-installer-10.cfg

@@ -88,8 +88,7 @@ datasource:
                  NODE_RS_URL=rs.test:443
                  CADDY_APT_PROXY_URL=fs.test
                  CADDY_APT_PROXY_PORT=443
-                 CADDY_REGISTRY_PROXY_URL=registry.test
-                 CADDY_REGISTRY_PROXY_PORT=443
+                 REGISTRY_URL=registry.test
                  OBSERVABILITY_LOGGING_URL=logs.test
                  OBSERVABILITY_LOGGING_PORT=443
                  OBSERVABILITY_METRICS_URL=metrics.test

onboarding-manager/pkg/cloudinit/testout/expected-installer-11.cfg

@@ -71,8 +71,7 @@ datasource:
                  NODE_RS_URL=rs.test:443
                  CADDY_APT_PROXY_URL=fs.test
                  CADDY_APT_PROXY_PORT=443
-                 CADDY_REGISTRY_PROXY_URL=registry.test
-                 CADDY_REGISTRY_PROXY_PORT=443
+                 REGISTRY_URL=registry.test
                  OBSERVABILITY_LOGGING_URL=logs.test
                  OBSERVABILITY_LOGGING_PORT=443
                  OBSERVABILITY_METRICS_URL=metrics.test

onboarding-manager/pkg/cloudinit/testout/expected-installer-12.cfg

@@ -77,8 +77,7 @@ datasource:
                  NODE_RS_URL=rs.test:443
                  CADDY_APT_PROXY_URL=fs.test
                  CADDY_APT_PROXY_PORT=443
-                 CADDY_REGISTRY_PROXY_URL=registry.test
-                 CADDY_REGISTRY_PROXY_PORT=443
+                 REGISTRY_URL=registry.test
                  OBSERVABILITY_LOGGING_URL=logs.test
                  OBSERVABILITY_LOGGING_PORT=443
                  OBSERVABILITY_METRICS_URL=metrics.test

onboarding-manager/pkg/platformbundle/ubuntu-22.04/Installer

@@ -177,18 +177,17 @@ install_node_agent(){
         echo "node-agent node-agent/auth.rsTokenURL string ${NODE_RS_URL}" | debconf-set-selections
         echo "node-agent node-agent/proxy.aptSourceURL string ${CADDY_APT_PROXY_URL}" | debconf-set-selections
         echo "node-agent node-agent/proxy.aptSourceProxyPort string ${CADDY_APT_PROXY_PORT}" | debconf-set-selections
-        echo "node-agent node-agent/proxy.imgRegistryURL string ${CADDY_REGISTRY_PROXY_URL}" | debconf-set-selections
-        echo "node-agent node-agent/proxy.imgRegistryProxyPort string ${CADDY_REGISTRY_PROXY_PORT}" | debconf-set-selections
+        echo "node-agent node-agent/proxy.aptSourceFilesRSRoot string ${FILE_RS_ROOT}" | debconf-set-selections
         echo "node-agent node-agent/auth.RSType string ${RS_TYPE}" | debconf-set-selections
 
         echo "Install caddy for node agent..."
 
         echo "download caddy deb package..."
         CADDY_PKGFILE="./caddy_${CADDY_VERSION}_linux_amd64.deb"
          if [ "$RS_TYPE" == "auth" ]; then
-            echo "${RS_AT}" | oras pull "${CADDY_REGISTRY_PROXY_URL}/${DEB_PACKAGES_REPO}/caddy:$CADDY_VERSION" --password-stdin
+            echo "${RS_AT}" | oras pull "${REGISTRY_URL}/${DEB_PACKAGES_REPO}/caddy:$CADDY_VERSION" --password-stdin
         else
-            oras pull "${CADDY_REGISTRY_PROXY_URL}/${DEB_PACKAGES_REPO}/caddy:$CADDY_VERSION"
+            oras pull "${REGISTRY_URL}/${DEB_PACKAGES_REPO}/caddy:$CADDY_VERSION"
         fi
 
         if [ ! -f "${CADDY_PKGFILE}" ]; then
@@ -209,9 +208,9 @@ install_node_agent(){
 
         echo "download node agent"
          if [ "$RS_TYPE" == "auth" ]; then
-            echo "${RS_AT}" | oras pull "${CADDY_REGISTRY_PROXY_URL}/${DEB_PACKAGES_REPO}/node-agent:$NODE_AGENT_VERSION" --password-stdin
+            echo "${RS_AT}" | oras pull "${REGISTRY_URL}/${DEB_PACKAGES_REPO}/node-agent:$NODE_AGENT_VERSION" --password-stdin
         else
-            oras pull "${CADDY_REGISTRY_PROXY_URL}/${DEB_PACKAGES_REPO}/node-agent:$NODE_AGENT_VERSION"
+            oras pull "${REGISTRY_URL}/${DEB_PACKAGES_REPO}/node-agent:$NODE_AGENT_VERSION"
         fi
 
         if [ ! -f "${PKGFILE}" ]; then
@@ -227,7 +226,7 @@ install_node_agent(){
 
         echo "wait for node agent and client proxy to start"
         while true; do
-            http_status=$(curl -s -o /dev/null -w "%{http_code}" "https://localhost:$CADDY_APT_PROXY_PORT/${FILE_RS_ROOT}/edge-node.asc")
+            http_status=$(curl -s -o /dev/null -w "%{http_code}" "http://localhost:$CADDY_APT_PROXY_PORT/${FILE_RS_ROOT}/edge-node.asc")
             if [ "$http_status" -eq 200 ]; then
                 echo "Client proxy is active"
                 break
@@ -243,7 +242,7 @@ install_node_agent(){
         else
             curl -kfsSL "https://$CADDY_APT_PROXY_URL/${FILE_RS_ROOT}/edge-node.asc" -o /etc/apt/trusted.gpg.d/edge-node.asc
         fi
-        echo "deb https://localhost:$CADDY_APT_PROXY_PORT/${FILE_RS_ROOT}/repository ${APT_DISTRO} main" | tee /etc/apt/sources.list.d/edge-node.list
+        echo "deb http://localhost:$CADDY_APT_PROXY_PORT/${FILE_RS_ROOT}/repository ${APT_DISTRO} main" | tee /etc/apt/sources.list.d/edge-node.list
 
         apt-get update
         echo "install_node_agent done" | tee -a "$SCRIPT_DIR"/$STATUS_FILENAME