Added download_validate_certs option which allows to disables SSL validation for file downloads

This commit is contained in:
Anatoly Rugalev 2018-09-21 11:51:17 +02:00
parent 51a5f54fc4
commit 8f85ea89fa
3 changed files with 11 additions and 0 deletions

View file

@ -61,6 +61,11 @@ bin_dir: /usr/local/bin
## Refer to roles/kubespray-defaults/defaults/main.yml before modifying no_proxy ## Refer to roles/kubespray-defaults/defaults/main.yml before modifying no_proxy
#no_proxy: "" #no_proxy: ""
## Some problems may occur when downloading files over https proxy due to ansible bug
## https://github.com/ansible/ansible/issues/32750. Set this variable to False to disable
## SSL validation of get_url module. Note that kubespray will still be performing checksum validation.
#download_validate_certs: False
## If you need exclude all cluster nodes from proxy and other resources, add other resources here. ## If you need exclude all cluster nodes from proxy and other resources, add other resources here.
#additional_no_proxy: "" #additional_no_proxy: ""

View file

@ -23,6 +23,11 @@ download_localhost: False
# Always pull images if set to True. Otherwise check by the repo's tag/digest. # Always pull images if set to True. Otherwise check by the repo's tag/digest.
download_always_pull: False download_always_pull: False
# Some problems may occur when downloading files over https proxy due to ansible bug
# https://github.com/ansible/ansible/issues/32750. Set this variable to False to disable
# SSL validation of get_url module. Note that kubespray will still be performing checksum validation.
download_validate_certs: True
# Use the first kube-master if download_localhost is not set # Use the first kube-master if download_localhost is not set
download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}" download_delegate: "{% if download_localhost %}localhost{% else %}{{groups['kube-master'][0]}}{% endif %}"

View file

@ -22,6 +22,7 @@
sha256sum: "{{download.sha256 | default(omit)}}" sha256sum: "{{download.sha256 | default(omit)}}"
owner: "{{ download.owner|default(omit) }}" owner: "{{ download.owner|default(omit) }}"
mode: "{{ download.mode|default(omit) }}" mode: "{{ download.mode|default(omit) }}"
validate_certs: "{{ download_validate_certs }}"
register: get_url_result register: get_url_result
until: "'OK' in get_url_result.msg or 'file already exists' in get_url_result.msg" until: "'OK' in get_url_result.msg or 'file already exists' in get_url_result.msg"
retries: 4 retries: 4