Proxy small fixes (#7102)
* Improve how we set 'proxy=' in yum.conf or dnf.conf Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> * Fixup spaces in no_proxy Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> * Add svc,svc.{{ dns_domain }} to no_proxy Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
This commit is contained in:
parent
29f1c40580
commit
ab2bfd7f8c
5 changed files with 36 additions and 45 deletions
|
@ -13,7 +13,7 @@ If you set http and https proxy, all nodes and loadbalancer will be excluded fro
|
||||||
|
|
||||||
## Set additional addresses to default no_proxy (all cluster nodes and loadbalancer)
|
## Set additional addresses to default no_proxy (all cluster nodes and loadbalancer)
|
||||||
|
|
||||||
`additional_no_proxy: "aditional_host,"`
|
`additional_no_proxy: "aditional_host1,aditional_host2"`
|
||||||
|
|
||||||
## Exclude workers from no_proxy
|
## Exclude workers from no_proxy
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,17 @@
|
||||||
gather_subset: '!all'
|
gather_subset: '!all'
|
||||||
filter: ansible_distribution_*version
|
filter: ansible_distribution_*version
|
||||||
|
|
||||||
|
- name: Add proxy to yum.conf or dnf.conf if http_proxy is defined
|
||||||
|
ini_file:
|
||||||
|
path: "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('/etc/yum.conf','/etc/dnf/dnf.conf') }}"
|
||||||
|
section: main
|
||||||
|
option: proxy
|
||||||
|
value: "{{ http_proxy | default(omit) }}"
|
||||||
|
state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
|
||||||
|
no_extra_spaces: true
|
||||||
|
become: true
|
||||||
|
when: not skip_http_proxy_on_os_packages
|
||||||
|
|
||||||
# For Oracle Linux install public repo
|
# For Oracle Linux install public repo
|
||||||
- name: Download Oracle Linux public yum repo
|
- name: Download Oracle Linux public yum repo
|
||||||
get_url:
|
get_url:
|
||||||
|
@ -69,17 +80,6 @@
|
||||||
- fastestmirror.stat.exists
|
- fastestmirror.stat.exists
|
||||||
- not centos_fastestmirror_enabled
|
- not centos_fastestmirror_enabled
|
||||||
|
|
||||||
- name: Add proxy to /etc/yum.conf if http_proxy is defined
|
|
||||||
ini_file:
|
|
||||||
path: "/etc/yum.conf"
|
|
||||||
section: main
|
|
||||||
option: proxy
|
|
||||||
value: "{{ http_proxy | default(omit) }}"
|
|
||||||
state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
|
|
||||||
no_extra_spaces: true
|
|
||||||
become: true
|
|
||||||
when: not skip_http_proxy_on_os_packages
|
|
||||||
|
|
||||||
# libselinux-python is required on SELinux enabled hosts
|
# libselinux-python is required on SELinux enabled hosts
|
||||||
# See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements
|
# See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements
|
||||||
- name: Install libselinux python package
|
- name: Install libselinux python package
|
||||||
|
|
|
@ -10,26 +10,16 @@
|
||||||
tags:
|
tags:
|
||||||
- facts
|
- facts
|
||||||
|
|
||||||
- name: Check if a proxy is set in /etc/dnf/dnf.conf
|
- name: Add proxy to dnf.conf if http_proxy is defined
|
||||||
raw: grep -qs 'proxy=' /etc/dnf/dnf.conf
|
ini_file:
|
||||||
register: need_http_proxy
|
path: "/etc/dnf/dnf.conf"
|
||||||
failed_when: false
|
section: main
|
||||||
changed_when: false
|
option: proxy
|
||||||
# This command should always run, even in check mode
|
value: "{{ http_proxy | default(omit) }}"
|
||||||
check_mode: false
|
state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
|
||||||
environment: {}
|
no_extra_spaces: true
|
||||||
when:
|
|
||||||
- http_proxy is defined
|
|
||||||
- not skip_http_proxy_on_os_packages
|
|
||||||
|
|
||||||
- name: Add http_proxy to /etc/dnf/dnf.conf if http_proxy is defined
|
|
||||||
raw: echo 'proxy={{ http_proxy }}' >> /etc/dnf/dnf.conf
|
|
||||||
become: true
|
become: true
|
||||||
environment: {}
|
when: not skip_http_proxy_on_os_packages
|
||||||
when:
|
|
||||||
- http_proxy is defined
|
|
||||||
- need_http_proxy.rc != 0
|
|
||||||
- not skip_http_proxy_on_os_packages
|
|
||||||
|
|
||||||
- name: Install python3 on fedora
|
- name: Install python3 on fedora
|
||||||
raw: "dnf install --assumeyes --quiet python3"
|
raw: "dnf install --assumeyes --quiet python3"
|
||||||
|
|
|
@ -4,6 +4,17 @@
|
||||||
gather_subset: '!all'
|
gather_subset: '!all'
|
||||||
filter: ansible_distribution_*version
|
filter: ansible_distribution_*version
|
||||||
|
|
||||||
|
- name: Add proxy to yum.conf or dnf.conf if http_proxy is defined
|
||||||
|
ini_file:
|
||||||
|
path: "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('/etc/yum.conf','/etc/dnf/dnf.conf') }}"
|
||||||
|
section: main
|
||||||
|
option: proxy
|
||||||
|
value: "{{ http_proxy | default(omit) }}"
|
||||||
|
state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
|
||||||
|
no_extra_spaces: true
|
||||||
|
become: true
|
||||||
|
when: not skip_http_proxy_on_os_packages
|
||||||
|
|
||||||
- name: Check RHEL subscription-manager status
|
- name: Check RHEL subscription-manager status
|
||||||
command: /sbin/subscription-manager status
|
command: /sbin/subscription-manager status
|
||||||
register: rh_subscription_status
|
register: rh_subscription_status
|
||||||
|
@ -66,16 +77,6 @@
|
||||||
- fastestmirror.stat.exists
|
- fastestmirror.stat.exists
|
||||||
- not centos_fastestmirror_enabled
|
- not centos_fastestmirror_enabled
|
||||||
|
|
||||||
- name: Add proxy to /etc/yum.conf if http_proxy is defined
|
|
||||||
ini_file:
|
|
||||||
path: "/etc/yum.conf"
|
|
||||||
section: main
|
|
||||||
option: proxy
|
|
||||||
value: "{{ http_proxy | default(omit) }}"
|
|
||||||
state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
|
|
||||||
no_extra_spaces: true
|
|
||||||
become: true
|
|
||||||
|
|
||||||
# libselinux-python is required on SELinux enabled hosts
|
# libselinux-python is required on SELinux enabled hosts
|
||||||
# See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements
|
# See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements
|
||||||
- name: Install libselinux python package
|
- name: Install libselinux python package
|
||||||
|
|
|
@ -6,11 +6,11 @@
|
||||||
{{ apiserver_loadbalancer_domain_name| default('') }},
|
{{ apiserver_loadbalancer_domain_name| default('') }},
|
||||||
{{ loadbalancer_apiserver.address | default('') }},
|
{{ loadbalancer_apiserver.address | default('') }},
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
{%- if ( (no_proxy_exclude_workers is defined) and (no_proxy_exclude_workers) ) -%}
|
{%- if no_proxy_exclude_workers | default(false) -%}
|
||||||
{% set cluster_or_master = 'kube-master' %}
|
{% set cluster_or_master = 'kube-master' %}
|
||||||
{% else %}
|
{%- else -%}
|
||||||
{% set cluster_or_master = 'k8s-cluster' %}
|
{% set cluster_or_master = 'k8s-cluster' %}
|
||||||
{% endif %}
|
{%- endif -%}
|
||||||
{%- for item in (groups[cluster_or_master] + groups['etcd']|default([]) + groups['calico-rr']|default([]))|unique -%}
|
{%- for item in (groups[cluster_or_master] + groups['etcd']|default([]) + groups['calico-rr']|default([]))|unique -%}
|
||||||
{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }},
|
{{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }},
|
||||||
{%- if item != hostvars[item].get('ansible_hostname', '') -%}
|
{%- if item != hostvars[item].get('ansible_hostname', '') -%}
|
||||||
|
@ -22,7 +22,7 @@
|
||||||
{%- if additional_no_proxy is defined -%}
|
{%- if additional_no_proxy is defined -%}
|
||||||
{{ additional_no_proxy }},
|
{{ additional_no_proxy }},
|
||||||
{%- endif -%}
|
{%- endif -%}
|
||||||
127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }}
|
127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }},svc,svc.{{ dns_domain }}
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
connection: local
|
connection: local
|
||||||
delegate_facts: yes
|
delegate_facts: yes
|
||||||
|
|
Loading…
Reference in a new issue