diff --git a/inventory/sample/group_vars/all/all.yml b/inventory/sample/group_vars/all/all.yml index 074321902..68e670ba9 100644 --- a/inventory/sample/group_vars/all/all.yml +++ b/inventory/sample/group_vars/all/all.yml @@ -61,6 +61,11 @@ bin_dir: /usr/local/bin ## Refer to roles/kubespray-defaults/defaults/main.yml before modifying no_proxy #no_proxy: "" +## Some problems may occur when downloading files over https proxy due to ansible bug +## https://github.com/ansible/ansible/issues/32750. Set this variable to False to disable +## SSL validation of get_url module. Note that kubespray will still be performing checksum validation. +#download_validate_certs: False + ## If you need exclude all cluster nodes from proxy and other resources, add other resources here. #additional_no_proxy: "" diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 969f66b3c..8cd4da3d0 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -23,6 +23,11 @@ download_localhost: False # Always pull images if set to True. Otherwise check by the repo's tag/digest. download_always_pull: False +# Some problems may occur when downloading files over https proxy due to ansible bug +# https://github.com/ansible/ansible/issues/32750. Set this variable to False to disable +# SSL validation of get_url module. Note that kubespray will still be performing checksum validation. +download_validate_certs: True + # Use the first kube-master if download_localhost is not set download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}" diff --git a/roles/download/tasks/download_file.yml b/roles/download/tasks/download_file.yml index 832fec41e..2d0106fe6 100644 --- a/roles/download/tasks/download_file.yml +++ b/roles/download/tasks/download_file.yml @@ -22,6 +22,7 @@ sha256sum: "{{download.sha256 | default(omit)}}" owner: "{{ download.owner|default(omit) }}" mode: "{{ download.mode|default(omit) }}" + validate_certs: "{{ download_validate_certs }}" register: get_url_result until: "'OK' in get_url_result.msg or 'file already exists' in get_url_result.msg" retries: 4