assembly fallback_ips and no_proxy var only one time on localhost and… (#5957)
* assembly fallback_ips and no_proxy var only one time on localhost and populate result on all hosts * add tag always, fix ansible lint errors * workaround to mitogen issue dw/mitogen#663 * do not gather fact before install python on coreos like distros * try to pass docker molecule test
This commit is contained in:
parent
b09fe64ff1
commit
35f248dff0
6 changed files with 86 additions and 33 deletions
|
@ -1,6 +1,6 @@
|
||||||
# Setting up Environment Proxy
|
# Setting up Environment Proxy
|
||||||
|
|
||||||
If you set http and https proxy, all nodes and loadbalancer will be excluded from proxy with generating no_proxy variable in `roles/kubespray-defaults/defaults/main.yml`, if you have additional resources for exclude add them to `additional_no_proxy` variable. If you want fully override your `no_proxy` setting, then fill in just `no_proxy` and no nodes or loadbalancer addresses will be added to no_proxy.
|
If you set http and https proxy, all nodes and loadbalancer will be excluded from proxy with generating no_proxy variable in `roles/kubespray-defaults/tasks/no_proxy.yml`, if you have additional resources for exclude add them to `additional_no_proxy` variable. If you want fully override your `no_proxy` setting, then fill in just `no_proxy` and no nodes or loadbalancer addresses will be added to no_proxy.
|
||||||
|
|
||||||
## Set proxy for http and https
|
## Set proxy for http and https
|
||||||
|
|
||||||
|
|
|
@ -405,38 +405,6 @@ contiv_peer_with_uplink_leaf: false
|
||||||
contiv_global_as: "65002"
|
contiv_global_as: "65002"
|
||||||
contiv_global_neighbor_as: "500"
|
contiv_global_neighbor_as: "500"
|
||||||
|
|
||||||
# Set 127.0.0.1 as fallback IP if we do not have host facts for host
|
|
||||||
# ansible_default_ipv4 isn't what you think.
|
|
||||||
# Thanks https://medium.com/opsops/ansible-default-ipv4-is-not-what-you-think-edb8ab154b10
|
|
||||||
fallback_ips_base: |
|
|
||||||
---
|
|
||||||
{% for item in groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([])|unique %}
|
|
||||||
{% set found = hostvars[item].get('ansible_default_ipv4') %}
|
|
||||||
{{ item }}: "{{ found.get('address', '127.0.0.1') }}"
|
|
||||||
{% endfor %}
|
|
||||||
fallback_ips: "{{ fallback_ips_base | from_yaml }}"
|
|
||||||
|
|
||||||
## Set no_proxy to all assigned cluster IPs and hostnames
|
|
||||||
no_proxy: >-
|
|
||||||
{%- if http_proxy is defined or https_proxy is defined %}
|
|
||||||
{%- if loadbalancer_apiserver is defined -%}
|
|
||||||
{{ apiserver_loadbalancer_domain_name| default('') }},
|
|
||||||
{{ loadbalancer_apiserver.address | default('') }},
|
|
||||||
{%- endif -%}
|
|
||||||
{%- for item in (groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]))|unique -%}
|
|
||||||
{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }},
|
|
||||||
{%- if item != hostvars[item].get('ansible_hostname', '') -%}
|
|
||||||
{{ hostvars[item]['ansible_hostname'] }},
|
|
||||||
{{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }},
|
|
||||||
{%- endif -%}
|
|
||||||
{{ item }},{{ item }}.{{ dns_domain }},
|
|
||||||
{%- endfor -%}
|
|
||||||
{%- if additional_no_proxy is defined -%}
|
|
||||||
{{ additional_no_proxy }},
|
|
||||||
{%- endif -%}
|
|
||||||
127.0.0.1,localhost,{{kube_service_addresses}},{{kube_pods_subnet}}
|
|
||||||
{%- endif %}
|
|
||||||
|
|
||||||
ssl_ca_dirs: >-
|
ssl_ca_dirs: >-
|
||||||
[
|
[
|
||||||
{% if ansible_os_family in ['CoreOS', 'Container Linux by CoreOS', 'Flatcar', 'Flatcar Container Linux by Kinvolk'] -%}
|
{% if ansible_os_family in ['CoreOS', 'Container Linux by CoreOS', 'Flatcar', 'Flatcar Container Linux by Kinvolk'] -%}
|
||||||
|
|
29
roles/kubespray-defaults/tasks/fallback_ips.yml
Normal file
29
roles/kubespray-defaults/tasks/fallback_ips.yml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
# Set 127.0.0.1 as fallback IP if we do not have host facts for host
|
||||||
|
# ansible_default_ipv4 isn't what you think.
|
||||||
|
# Thanks https://medium.com/opsops/ansible-default-ipv4-is-not-what-you-think-edb8ab154b10
|
||||||
|
|
||||||
|
- name: Gather ansible_default_ipv4 from all hosts
|
||||||
|
include_tasks: fallback_ips_gather.yml
|
||||||
|
when: hostvars[delegate_host_to_gather_facts].ansible_default_ipv4 is not defined
|
||||||
|
loop: "{{ groups['all'] }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: delegate_host_to_gather_facts
|
||||||
|
run_once: yes
|
||||||
|
|
||||||
|
- name: create fallback_ips_base
|
||||||
|
set_fact:
|
||||||
|
fallback_ips_base: |
|
||||||
|
---
|
||||||
|
{% for item in (groups['k8s-cluster']|default([]) + groups['etcd']|default([]) + groups['calico-rr']|default([]))|unique %}
|
||||||
|
{% set found = hostvars[item].get('ansible_default_ipv4') %}
|
||||||
|
{{ item }}: "{{ found.get('address', '127.0.0.1') }}"
|
||||||
|
{% endfor %}
|
||||||
|
delegate_to: localhost
|
||||||
|
delegate_facts: yes
|
||||||
|
become: no
|
||||||
|
run_once: yes
|
||||||
|
|
||||||
|
- name: set fallback_ips
|
||||||
|
set_fact:
|
||||||
|
fallback_ips: "{{ hostvars.localhost.fallback_ips_base | from_yaml }}"
|
10
roles/kubespray-defaults/tasks/fallback_ips_gather.yml
Normal file
10
roles/kubespray-defaults/tasks/fallback_ips_gather.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
# include to workaround mitogen issue
|
||||||
|
# https://github.com/dw/mitogen/issues/663
|
||||||
|
|
||||||
|
- name: "Gather ansible_default_ipv4 from {{ delegate_host_to_gather_facts }}"
|
||||||
|
setup:
|
||||||
|
gather_subset: '!all,network'
|
||||||
|
filter: "ansible_default_ipv4"
|
||||||
|
delegate_to: "{{ delegate_host_to_gather_facts }}"
|
||||||
|
delegate_facts: yes
|
|
@ -4,3 +4,21 @@
|
||||||
msg: "Check roles/kubespray-defaults/defaults/main.yml"
|
msg: "Check roles/kubespray-defaults/defaults/main.yml"
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
|
||||||
|
# do not run gather facts when bootstrap-os in roles
|
||||||
|
- name: set fallback_ips
|
||||||
|
include_tasks: fallback_ips.yml
|
||||||
|
when:
|
||||||
|
- "'bootstrap-os' not in ansible_play_role_names"
|
||||||
|
- fallback_ips is not defined
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
||||||
|
- name: set no_proxy
|
||||||
|
include_tasks: no_proxy.yml
|
||||||
|
when:
|
||||||
|
- "'bootstrap-os' not in ansible_play_role_names"
|
||||||
|
- http_proxy is defined or https_proxy is defined
|
||||||
|
- no_proxy is not defined
|
||||||
|
tags:
|
||||||
|
- always
|
||||||
|
|
28
roles/kubespray-defaults/tasks/no_proxy.yml
Normal file
28
roles/kubespray-defaults/tasks/no_proxy.yml
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
- name: Set no_proxy to all assigned cluster IPs and hostnames
|
||||||
|
set_fact:
|
||||||
|
no_proxy_prepare: >-
|
||||||
|
{%- if loadbalancer_apiserver is defined -%}
|
||||||
|
{{ apiserver_loadbalancer_domain_name| default('') }},
|
||||||
|
{{ loadbalancer_apiserver.address | default('') }},
|
||||||
|
{%- endif -%}
|
||||||
|
{%- for item in (groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]))|unique -%}
|
||||||
|
{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }},
|
||||||
|
{%- if item != hostvars[item].get('ansible_hostname', '') -%}
|
||||||
|
{{ hostvars[item]['ansible_hostname'] }},
|
||||||
|
{{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }},
|
||||||
|
{%- endif -%}
|
||||||
|
{{ item }},{{ item }}.{{ dns_domain }},
|
||||||
|
{%- endfor -%}
|
||||||
|
{%- if additional_no_proxy is defined -%}
|
||||||
|
{{ additional_no_proxy }},
|
||||||
|
{%- endif -%}
|
||||||
|
127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }}
|
||||||
|
delegate_to: localhost
|
||||||
|
delegate_facts: yes
|
||||||
|
become: no
|
||||||
|
run_once: yes
|
||||||
|
|
||||||
|
- name: Populates no_proxy to all hosts
|
||||||
|
set_fact:
|
||||||
|
no_proxy: "{{ hostvars.localhost.no_proxy_prepare }}"
|
Loading…
Reference in a new issue