assembly fallback_ips and no_proxy var only one time on localhost and… (#5957)
* assembly fallback_ips and no_proxy var only one time on localhost and populate result on all hosts * add tag always, fix ansible lint errors * workaround to mitogen issue dw/mitogen#663 * do not gather fact before install python on coreos like distros * try to pass docker molecule test
This commit is contained in:
Sergey
GitHub
parent
b09fe64ff1
commit
35f248dff0
6 changed files with 86 additions and 33 deletions
|
|
@ -1,6 +1,6 @@
|
|||
# Setting up Environment Proxy
|
||||
|
||||
If you set http and https proxy, all nodes and loadbalancer will be excluded from proxy with generating no_proxy variable in `roles/kubespray-defaults/defaults/main.yml`, if you have additional resources for exclude add them to `additional_no_proxy` variable. If you want fully override your `no_proxy` setting, then fill in just `no_proxy` and no nodes or loadbalancer addresses will be added to no_proxy.
|
||||
If you set http and https proxy, all nodes and loadbalancer will be excluded from proxy with generating no_proxy variable in `roles/kubespray-defaults/tasks/no_proxy.yml`, if you have additional resources for exclude add them to `additional_no_proxy` variable. If you want fully override your `no_proxy` setting, then fill in just `no_proxy` and no nodes or loadbalancer addresses will be added to no_proxy.
|
||||
|
||||
## Set proxy for http and https
|
||||
|
||||
|
|
|
|||
|
|
@ -405,38 +405,6 @@ contiv_peer_with_uplink_leaf: false
|
|||
contiv_global_as: "65002"
|
||||
contiv_global_neighbor_as: "500"
|
||||
|
||||
# Set 127.0.0.1 as fallback IP if we do not have host facts for host
|
||||
# ansible_default_ipv4 isn't what you think.
|
||||
# Thanks https://medium.com/opsops/ansible-default-ipv4-is-not-what-you-think-edb8ab154b10
|
||||
fallback_ips_base: |
|
||||
---
|
||||
{% for item in groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([])|unique %}
|
||||
{% set found = hostvars[item].get('ansible_default_ipv4') %}
|
||||
{{ item }}: "{{ found.get('address', '127.0.0.1') }}"
|
||||
{% endfor %}
|
||||
fallback_ips: "{{ fallback_ips_base | from_yaml }}"
|
||||
|
||||
## Set no_proxy to all assigned cluster IPs and hostnames
|
||||
no_proxy: >-
|
||||
{%- if http_proxy is defined or https_proxy is defined %}
|
||||
{%- if loadbalancer_apiserver is defined -%}
|
||||
{{ apiserver_loadbalancer_domain_name| default('') }},
|
||||
{{ loadbalancer_apiserver.address | default('') }},
|
||||
{%- endif -%}
|
||||
{%- for item in (groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]))|unique -%}
|
||||
{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }},
|
||||
{%- if item != hostvars[item].get('ansible_hostname', '') -%}
|
||||
{{ hostvars[item]['ansible_hostname'] }},
|
||||
{{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }},
|
||||
{%- endif -%}
|
||||
{{ item }},{{ item }}.{{ dns_domain }},
|
||||
{%- endfor -%}
|
||||
{%- if additional_no_proxy is defined -%}
|
||||
{{ additional_no_proxy }},
|
||||
{%- endif -%}
|
||||
127.0.0.1,localhost,{{kube_service_addresses}},{{kube_pods_subnet}}
|
||||
{%- endif %}
|
||||
|
||||
ssl_ca_dirs: >-
|
||||
[
|
||||
{% if ansible_os_family in ['CoreOS', 'Container Linux by CoreOS', 'Flatcar', 'Flatcar Container Linux by Kinvolk'] -%}
|
||||
|
|
|
|||
29
roles/kubespray-defaults/tasks/fallback_ips.yml
Normal file
29
roles/kubespray-defaults/tasks/fallback_ips.yml
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
---
|
||||
# Set 127.0.0.1 as fallback IP if we do not have host facts for host
|
||||
# ansible_default_ipv4 isn't what you think.
|
||||
# Thanks https://medium.com/opsops/ansible-default-ipv4-is-not-what-you-think-edb8ab154b10
|
||||
|
||||
- name: Gather ansible_default_ipv4 from all hosts
|
||||
include_tasks: fallback_ips_gather.yml
|
||||
when: hostvars[delegate_host_to_gather_facts].ansible_default_ipv4 is not defined
|
||||
loop: "{{ groups['all'] }}"
|
||||
loop_control:
|
||||
loop_var: delegate_host_to_gather_facts
|
||||
run_once: yes
|
||||
|
||||
- name: create fallback_ips_base
|
||||
set_fact:
|
||||
fallback_ips_base: |
|
||||
---
|
||||
{% for item in (groups['k8s-cluster']|default([]) + groups['etcd']|default([]) + groups['calico-rr']|default([]))|unique %}
|
||||
{% set found = hostvars[item].get('ansible_default_ipv4') %}
|
||||
{{ item }}: "{{ found.get('address', '127.0.0.1') }}"
|
||||
{% endfor %}
|
||||
delegate_to: localhost
|
||||
delegate_facts: yes
|
||||
become: no
|
||||
run_once: yes
|
||||
|
||||
- name: set fallback_ips
|
||||
set_fact:
|
||||
fallback_ips: "{{ hostvars.localhost.fallback_ips_base | from_yaml }}"
|
||||
10
roles/kubespray-defaults/tasks/fallback_ips_gather.yml
Normal file
10
roles/kubespray-defaults/tasks/fallback_ips_gather.yml
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
# include to workaround mitogen issue
|
||||
# https://github.com/dw/mitogen/issues/663
|
||||
|
||||
- name: "Gather ansible_default_ipv4 from {{ delegate_host_to_gather_facts }}"
|
||||
setup:
|
||||
gather_subset: '!all,network'
|
||||
filter: "ansible_default_ipv4"
|
||||
delegate_to: "{{ delegate_host_to_gather_facts }}"
|
||||
delegate_facts: yes
|
||||
|
|
@ -4,3 +4,21 @@
|
|||
msg: "Check roles/kubespray-defaults/defaults/main.yml"
|
||||
tags:
|
||||
- always
|
||||
|
||||
# do not run gather facts when bootstrap-os in roles
|
||||
- name: set fallback_ips
|
||||
include_tasks: fallback_ips.yml
|
||||
when:
|
||||
- "'bootstrap-os' not in ansible_play_role_names"
|
||||
- fallback_ips is not defined
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: set no_proxy
|
||||
include_tasks: no_proxy.yml
|
||||
when:
|
||||
- "'bootstrap-os' not in ansible_play_role_names"
|
||||
- http_proxy is defined or https_proxy is defined
|
||||
- no_proxy is not defined
|
||||
tags:
|
||||
- always
|
||||
|
|
|
|||
28
roles/kubespray-defaults/tasks/no_proxy.yml
Normal file
28
roles/kubespray-defaults/tasks/no_proxy.yml
Normal file
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
- name: Set no_proxy to all assigned cluster IPs and hostnames
|
||||
set_fact:
|
||||
no_proxy_prepare: >-
|
||||
{%- if loadbalancer_apiserver is defined -%}
|
||||
{{ apiserver_loadbalancer_domain_name| default('') }},
|
||||
{{ loadbalancer_apiserver.address | default('') }},
|
||||
{%- endif -%}
|
||||
{%- for item in (groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]))|unique -%}
|
||||
{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }},
|
||||
{%- if item != hostvars[item].get('ansible_hostname', '') -%}
|
||||
{{ hostvars[item]['ansible_hostname'] }},
|
||||
{{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }},
|
||||
{%- endif -%}
|
||||
{{ item }},{{ item }}.{{ dns_domain }},
|
||||
{%- endfor -%}
|
||||
{%- if additional_no_proxy is defined -%}
|
||||
{{ additional_no_proxy }},
|
||||
{%- endif -%}
|
||||
127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }}
|
||||
delegate_to: localhost
|
||||
delegate_facts: yes
|
||||
become: no
|
||||
run_once: yes
|
||||
|
||||
- name: Populates no_proxy to all hosts
|
||||
set_fact:
|
||||
no_proxy: "{{ hostvars.localhost.no_proxy_prepare }}"
|
||||
Loading…
Reference in a new issue