diff --git a/docs/proxy.md b/docs/proxy.md index cb8472d76..cc5398637 100644 --- a/docs/proxy.md +++ b/docs/proxy.md @@ -13,7 +13,7 @@ If you set http and https proxy, all nodes and loadbalancer will be excluded fro ## Set additional addresses to default no_proxy (all cluster nodes and loadbalancer) -`additional_no_proxy: "aditional_host,"` +`additional_no_proxy: "aditional_host1,aditional_host2"` ## Exclude workers from no_proxy diff --git a/roles/bootstrap-os/tasks/bootstrap-centos.yml b/roles/bootstrap-os/tasks/bootstrap-centos.yml index 538b66028..d32efe54b 100644 --- a/roles/bootstrap-os/tasks/bootstrap-centos.yml +++ b/roles/bootstrap-os/tasks/bootstrap-centos.yml @@ -4,6 +4,17 @@ gather_subset: '!all' filter: ansible_distribution_*version +- name: Add proxy to yum.conf or dnf.conf if http_proxy is defined + ini_file: + path: "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('/etc/yum.conf','/etc/dnf/dnf.conf') }}" + section: main + option: proxy + value: "{{ http_proxy | default(omit) }}" + state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}" + no_extra_spaces: true + become: true + when: not skip_http_proxy_on_os_packages + # For Oracle Linux install public repo - name: Download Oracle Linux public yum repo get_url: @@ -69,17 +80,6 @@ - fastestmirror.stat.exists - not centos_fastestmirror_enabled -- name: Add proxy to /etc/yum.conf if http_proxy is defined - ini_file: - path: "/etc/yum.conf" - section: main - option: proxy - value: "{{ http_proxy | default(omit) }}" - state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}" - no_extra_spaces: true - become: true - when: not skip_http_proxy_on_os_packages - # libselinux-python is required on SELinux enabled hosts # See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements - name: Install libselinux python package diff --git a/roles/bootstrap-os/tasks/bootstrap-fedora.yml b/roles/bootstrap-os/tasks/bootstrap-fedora.yml index 67bf35a77..e766948a1 100644 --- a/roles/bootstrap-os/tasks/bootstrap-fedora.yml +++ b/roles/bootstrap-os/tasks/bootstrap-fedora.yml @@ -10,26 +10,16 @@ tags: - facts -- name: Check if a proxy is set in /etc/dnf/dnf.conf - raw: grep -qs 'proxy=' /etc/dnf/dnf.conf - register: need_http_proxy - failed_when: false - changed_when: false - # This command should always run, even in check mode - check_mode: false - environment: {} - when: - - http_proxy is defined - - not skip_http_proxy_on_os_packages - -- name: Add http_proxy to /etc/dnf/dnf.conf if http_proxy is defined - raw: echo 'proxy={{ http_proxy }}' >> /etc/dnf/dnf.conf +- name: Add proxy to dnf.conf if http_proxy is defined + ini_file: + path: "/etc/dnf/dnf.conf" + section: main + option: proxy + value: "{{ http_proxy | default(omit) }}" + state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}" + no_extra_spaces: true become: true - environment: {} - when: - - http_proxy is defined - - need_http_proxy.rc != 0 - - not skip_http_proxy_on_os_packages + when: not skip_http_proxy_on_os_packages - name: Install python3 on fedora raw: "dnf install --assumeyes --quiet python3" diff --git a/roles/bootstrap-os/tasks/bootstrap-redhat.yml b/roles/bootstrap-os/tasks/bootstrap-redhat.yml index f2518557b..9170635d4 100644 --- a/roles/bootstrap-os/tasks/bootstrap-redhat.yml +++ b/roles/bootstrap-os/tasks/bootstrap-redhat.yml @@ -4,6 +4,17 @@ gather_subset: '!all' filter: ansible_distribution_*version +- name: Add proxy to yum.conf or dnf.conf if http_proxy is defined + ini_file: + path: "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('/etc/yum.conf','/etc/dnf/dnf.conf') }}" + section: main + option: proxy + value: "{{ http_proxy | default(omit) }}" + state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}" + no_extra_spaces: true + become: true + when: not skip_http_proxy_on_os_packages + - name: Check RHEL subscription-manager status command: /sbin/subscription-manager status register: rh_subscription_status @@ -66,16 +77,6 @@ - fastestmirror.stat.exists - not centos_fastestmirror_enabled -- name: Add proxy to /etc/yum.conf if http_proxy is defined - ini_file: - path: "/etc/yum.conf" - section: main - option: proxy - value: "{{ http_proxy | default(omit) }}" - state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}" - no_extra_spaces: true - become: true - # libselinux-python is required on SELinux enabled hosts # See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements - name: Install libselinux python package diff --git a/roles/kubespray-defaults/tasks/no_proxy.yml b/roles/kubespray-defaults/tasks/no_proxy.yml index a0de178f7..954418537 100644 --- a/roles/kubespray-defaults/tasks/no_proxy.yml +++ b/roles/kubespray-defaults/tasks/no_proxy.yml @@ -6,11 +6,11 @@ {{ apiserver_loadbalancer_domain_name| default('') }}, {{ loadbalancer_apiserver.address | default('') }}, {%- endif -%} - {%- if ( (no_proxy_exclude_workers is defined) and (no_proxy_exclude_workers) ) -%} + {%- if no_proxy_exclude_workers | default(false) -%} {% set cluster_or_master = 'kube-master' %} - {% else %} + {%- else -%} {% set cluster_or_master = 'k8s-cluster' %} - {% endif %} + {%- endif -%} {%- for item in (groups[cluster_or_master] + groups['etcd']|default([]) + groups['calico-rr']|default([]))|unique -%} {{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }}, {%- if item != hostvars[item].get('ansible_hostname', '') -%} @@ -22,7 +22,7 @@ {%- if additional_no_proxy is defined -%} {{ additional_no_proxy }}, {%- endif -%} - 127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }} + 127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }},svc,svc.{{ dns_domain }} delegate_to: localhost connection: local delegate_facts: yes