diff --git a/inventory/sample/group_vars/all/all.yml b/inventory/sample/group_vars/all/all.yml index aa517a903..4ddc54ab3 100644 --- a/inventory/sample/group_vars/all/all.yml +++ b/inventory/sample/group_vars/all/all.yml @@ -68,6 +68,11 @@ loadbalancer_apiserver_healthcheck_port: 8081 ## If you need exclude all cluster nodes from proxy and other resources, add other resources here. # additional_no_proxy: "" +## If you need to disable proxying of os package repositories but are still behind an http_proxy set +## skip_http_proxy_on_os_packages to true +## This will cause kubespray not to set proxy environment in /etc/yum.conf for centos +# skip_http_proxy_on_os_packages: false + ## Since workers are included in the no_proxy variable by default, docker engine will be restarted on all nodes (all ## pods will restart) when adding or removing workers. To override this behaviour by only including master nodes in the ## no_proxy variable, set below to true: diff --git a/roles/bootstrap-os/defaults/main.yml b/roles/bootstrap-os/defaults/main.yml index b9aee516a..649919b3a 100644 --- a/roles/bootstrap-os/defaults/main.yml +++ b/roles/bootstrap-os/defaults/main.yml @@ -23,3 +23,5 @@ fedora_coreos_packages: override_system_hostname: true is_fedora_coreos: false + +skip_http_proxy_on_os_packages: false diff --git a/roles/bootstrap-os/tasks/bootstrap-centos.yml b/roles/bootstrap-os/tasks/bootstrap-centos.yml index 1e7ca3653..538b66028 100644 --- a/roles/bootstrap-os/tasks/bootstrap-centos.yml +++ b/roles/bootstrap-os/tasks/bootstrap-centos.yml @@ -78,6 +78,7 @@ state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}" no_extra_spaces: true become: true + when: not skip_http_proxy_on_os_packages # libselinux-python is required on SELinux enabled hosts # See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements diff --git a/roles/bootstrap-os/tasks/bootstrap-debian.yml b/roles/bootstrap-os/tasks/bootstrap-debian.yml index ca9d28c65..484b9a67e 100644 --- a/roles/bootstrap-os/tasks/bootstrap-debian.yml +++ b/roles/bootstrap-os/tasks/bootstrap-debian.yml @@ -22,6 +22,7 @@ environment: {} when: - http_proxy is defined + - not skip_http_proxy_on_os_packages - name: Add http_proxy to /etc/apt/apt.conf if http_proxy is defined raw: echo 'Acquire::http::proxy "{{ http_proxy }}";' >> /etc/apt/apt.conf @@ -30,6 +31,7 @@ when: - http_proxy is defined - need_http_proxy.rc != 0 + - not skip_http_proxy_on_os_packages - name: Check https::proxy in apt configuration files raw: apt-config dump | grep -qsi 'Acquire::https::proxy' @@ -41,6 +43,7 @@ environment: {} when: - https_proxy is defined + - not skip_http_proxy_on_os_packages - name: Add https_proxy to /etc/apt/apt.conf if https_proxy is defined raw: echo 'Acquire::https::proxy "{{ https_proxy }}";' >> /etc/apt/apt.conf @@ -49,6 +52,7 @@ when: - https_proxy is defined - need_https_proxy.rc != 0 + - not skip_http_proxy_on_os_packages - name: Check Network Name Resolution configuration raw: grep '^DNSSEC=allow-downgrade' /etc/systemd/resolved.conf diff --git a/roles/bootstrap-os/tasks/bootstrap-fedora.yml b/roles/bootstrap-os/tasks/bootstrap-fedora.yml index 5c22289d2..67bf35a77 100644 --- a/roles/bootstrap-os/tasks/bootstrap-fedora.yml +++ b/roles/bootstrap-os/tasks/bootstrap-fedora.yml @@ -20,6 +20,7 @@ environment: {} when: - http_proxy is defined + - not skip_http_proxy_on_os_packages - name: Add http_proxy to /etc/dnf/dnf.conf if http_proxy is defined raw: echo 'proxy={{ http_proxy }}' >> /etc/dnf/dnf.conf @@ -28,6 +29,7 @@ when: - http_proxy is defined - need_http_proxy.rc != 0 + - not skip_http_proxy_on_os_packages - name: Install python3 on fedora raw: "dnf install --assumeyes --quiet python3"