diff --git a/cluster.yml b/cluster.yml
index b7476d47d944f1ae754f27d91654a81e5985c8ec..211e6e6f89ba69247dc9d830bae23eebc2a2d0a2 100644
--- a/cluster.yml
+++ b/cluster.yml
@@ -2,21 +2,6 @@
- name: Check ansible version
import_playbook: ansible_version.yml
-- hosts: all
- gather_facts: false
- tags: always
- tasks:
- - name: "Set up proxy environment"
- set_fact:
- proxy_env:
- http_proxy: "{{ http_proxy | default ('') }}"
- HTTP_PROXY: "{{ http_proxy | default ('') }}"
- https_proxy: "{{ https_proxy | default ('') }}"
- HTTPS_PROXY: "{{ https_proxy | default ('') }}"
- no_proxy: "{{ no_proxy | default ('') }}"
- NO_PROXY: "{{ no_proxy | default ('') }}"
- no_log: true
-
- hosts: bastion[0]
gather_facts: False
roles:
@@ -43,7 +28,6 @@
- { role: kubernetes/preinstall, tags: preinstall }
- { role: "container-engine", tags: "container-engine", when: deploy_container_engine|default(true) }
- { role: download, tags: download, when: "not skip_downloads" }
- environment: "{{ proxy_env }}"
- hosts: etcd
gather_facts: False
@@ -75,7 +59,6 @@
roles:
- { role: kubespray-defaults }
- { role: kubernetes/node, tags: node }
- environment: "{{ proxy_env }}"
- hosts: kube-master
gather_facts: False
@@ -127,7 +110,6 @@
roles:
- { role: kubespray-defaults }
- { role: kubernetes-apps, tags: apps }
- environment: "{{ proxy_env }}"
- hosts: k8s-cluster
gather_facts: False
diff --git a/remove-node.yml b/remove-node.yml
index a5a1d2a60b8aeff9f9ef1defd578b47b829d11e5..57d39240444fafe44483f16ce36989d514641b89 100644
--- a/remove-node.yml
+++ b/remove-node.yml
@@ -2,21 +2,6 @@
- name: Check ansible version
import_playbook: ansible_version.yml
-- hosts: all
- gather_facts: false
- tags: always
- tasks:
- - name: "Set up proxy environment"
- set_fact:
- proxy_env:
- http_proxy: "{{ http_proxy | default ('') }}"
- HTTP_PROXY: "{{ http_proxy | default ('') }}"
- https_proxy: "{{ https_proxy | default ('') }}"
- HTTPS_PROXY: "{{ https_proxy | default ('') }}"
- no_proxy: "{{ no_proxy | default ('') }}"
- NO_PROXY: "{{ no_proxy | default ('') }}"
- no_log: true
-
- hosts: "{{ node | default('etcd:k8s-cluster:calico-rr') }}"
gather_facts: no
vars_prompt:
diff --git a/reset.yml b/reset.yml
index 502aff0dff9f5dc1727f91a5012e19bc78b2b906..cf64c2f34cb910d31cc0fb954985031bfb9f7fea 100644
--- a/reset.yml
+++ b/reset.yml
@@ -2,21 +2,6 @@
- name: Check ansible version
import_playbook: ansible_version.yml
-- hosts: all
- gather_facts: false
- tags: always
- tasks:
- - name: "Set up proxy environment"
- set_fact:
- proxy_env:
- http_proxy: "{{ http_proxy | default ('') }}"
- HTTP_PROXY: "{{ http_proxy | default ('') }}"
- https_proxy: "{{ https_proxy | default ('') }}"
- HTTPS_PROXY: "{{ https_proxy | default ('') }}"
- no_proxy: "{{ no_proxy | default ('') }}"
- NO_PROXY: "{{ no_proxy | default ('') }}"
- no_log: true
-
- hosts: bastion[0]
gather_facts: False
roles:
diff --git a/roles/bootstrap-os/tasks/bootstrap-centos.yml b/roles/bootstrap-os/tasks/bootstrap-centos.yml
index d32efe54b244d787194b0937876c5b7239264ab7..fecf32d026bddb831f0e9e551f0d2d15217e04de 100644
--- a/roles/bootstrap-os/tasks/bootstrap-centos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-centos.yml
@@ -24,6 +24,7 @@
- use_oracle_public_repo|default(true)
- '"Oracle" in os_release.stdout'
- (ansible_distribution_version | float) < 7.6
+ environment: "{{ proxy_env }}"
- name: Enable Oracle Linux repo
ini_file:
diff --git a/roles/bootstrap-os/tasks/bootstrap-coreos.yml b/roles/bootstrap-os/tasks/bootstrap-coreos.yml
index 3be74e1f57a005bb142ef61d910d36ad9e36d500..737a7ec94c19e79ef9fbd4bdf9accac30070757f 100644
--- a/roles/bootstrap-os/tasks/bootstrap-coreos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-coreos.yml
@@ -4,7 +4,6 @@
- name: Check if bootstrap is needed
raw: stat /opt/bin/.bootstrapped
register: need_bootstrap
- environment: {}
failed_when: false
changed_when: false
tags:
@@ -19,9 +18,7 @@
- name: Run bootstrap.sh
script: bootstrap.sh
become: true
- environment:
- http_proxy: "{{ http_proxy | default('') }}"
- https_proxy: "{{ https_proxy | default('') }}"
+ environment: "{{ proxy_env }}"
when:
- need_bootstrap.rc != 0
diff --git a/roles/bootstrap-os/tasks/bootstrap-debian.yml b/roles/bootstrap-os/tasks/bootstrap-debian.yml
index 6e2b1d4e39d0cab2e089fda8072783bb8de158e3..c4e74e30167d9ab4868686dcdd6cd5a946125c3b 100644
--- a/roles/bootstrap-os/tasks/bootstrap-debian.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-debian.yml
@@ -8,7 +8,6 @@
changed_when: false
# This command should always run, even in check mode
check_mode: false
- environment: {}
tags:
- facts
@@ -19,12 +18,10 @@
changed_when: false
# This command should always run, even in check mode
check_mode: false
- environment: {}
- name: Add http_proxy to /etc/apt/apt.conf if http_proxy is defined
raw: echo 'Acquire::http::proxy "{{ http_proxy }}";' >> /etc/apt/apt.conf
become: true
- environment: {}
when:
- http_proxy is defined
- need_http_proxy.rc != 0
@@ -37,12 +34,10 @@
changed_when: false
# This command should always run, even in check mode
check_mode: false
- environment: {}
- name: Add https_proxy to /etc/apt/apt.conf if https_proxy is defined
raw: echo 'Acquire::https::proxy "{{ https_proxy }}";' >> /etc/apt/apt.conf
become: true
- environment: {}
when:
- https_proxy is defined
- need_https_proxy.rc != 0
@@ -55,14 +50,12 @@
changed_when: false
# This command should always run, even in check mode
check_mode: false
- environment: {}
when:
- '"bionic" in os_release.stdout'
- name: Change Network Name Resolution configuration
raw: sed -i 's/^DNSSEC=yes/DNSSEC=allow-downgrade/g' /etc/systemd/resolved.conf
become: true
- environment: {}
when:
- '"bionic" in os_release.stdout'
- need_dnssec_allow_downgrade.rc
@@ -70,7 +63,6 @@
- name: Restart systemd-resolved service
raw: systemctl restart systemd-resolved
become: true
- environment: {}
when:
- '"bionic" in os_release.stdout'
- need_dnssec_allow_downgrade.rc
@@ -80,7 +72,6 @@
apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y python3-minimal
become: true
- environment: {}
when:
- need_bootstrap.rc != 0
diff --git a/roles/bootstrap-os/tasks/bootstrap-fedora.yml b/roles/bootstrap-os/tasks/bootstrap-fedora.yml
index e766948a1998063e1aa4e865557eea18a66f2ab3..cfdd76e3a62c6c97a30949d6c73e76ebef41d1c5 100644
--- a/roles/bootstrap-os/tasks/bootstrap-fedora.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-fedora.yml
@@ -6,7 +6,6 @@
register: need_bootstrap
failed_when: false
changed_when: false
- environment: {}
tags:
- facts
@@ -24,7 +23,6 @@
- name: Install python3 on fedora
raw: "dnf install --assumeyes --quiet python3"
become: true
- environment: {}
when:
- need_bootstrap.rc != 0
diff --git a/roles/bootstrap-os/tasks/bootstrap-flatcar.yml b/roles/bootstrap-os/tasks/bootstrap-flatcar.yml
index ba1e8142eb53463aa9a7c4aa7c895bf3295e2fc2..b0f3a9eb86008b84df5bc6019abd752ca51c6a55 100644
--- a/roles/bootstrap-os/tasks/bootstrap-flatcar.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-flatcar.yml
@@ -4,7 +4,6 @@
- name: Check if bootstrap is needed
raw: stat /opt/bin/.bootstrapped
register: need_bootstrap
- environment: {}
failed_when: false
changed_when: false
tags:
@@ -19,9 +18,7 @@
- name: Run bootstrap.sh
script: bootstrap.sh
become: true
- environment:
- http_proxy: "{{ http_proxy | default('') }}"
- https_proxy: "{{ https_proxy | default('') }}"
+ environment: "{{ proxy_env }}"
when:
- need_bootstrap.rc != 0
diff --git a/roles/bootstrap-os/tasks/main.yml b/roles/bootstrap-os/tasks/main.yml
index 4df0b1944726d025f3c19645fcf75cfc17f555c3..98d7672f54dddeb18f018e71fe1585487433961d 100644
--- a/roles/bootstrap-os/tasks/main.yml
+++ b/roles/bootstrap-os/tasks/main.yml
@@ -5,7 +5,6 @@
changed_when: false
# This command should always run, even in check mode
check_mode: false
- environment: {}
- include_tasks: bootstrap-centos.yml
when: '"CentOS" in os_release.stdout or "Oracle" in os_release.stdout'
diff --git a/roles/container-engine/containerd/tasks/containerd_repo.yml b/roles/container-engine/containerd/tasks/containerd_repo.yml
index d4aa2167e37accdf58c07acb2b99bcb4a7308b5c..2c1fc7c92387ceb6654ec99c3bf7da1ca4174284 100644
--- a/roles/container-engine/containerd/tasks/containerd_repo.yml
+++ b/roles/container-engine/containerd/tasks/containerd_repo.yml
@@ -10,6 +10,7 @@
retries: 4
delay: "{{ retry_stagger | d(3) }}"
with_items: "{{ containerd_repo_key_info.repo_keys }}"
+ environment: "{{ proxy_env }}"
when:
- ansible_os_family in ['Ubuntu', 'Debian']
diff --git a/roles/container-engine/crun/tasks/main.yml b/roles/container-engine/crun/tasks/main.yml
index 97a983c3511ddf530095d26d0611be34d861fcb5..d580f32cfdc485ae722f656b5a78768ca761f913 100644
--- a/roles/container-engine/crun/tasks/main.yml
+++ b/roles/container-engine/crun/tasks/main.yml
@@ -11,9 +11,11 @@
path: "{{ crun_bin_dir }}/crun"
register: crun_stat
+# TODO: use download_file.yml
- name: Download binary
get_url:
url: "{{ crun_release_url }}"
dest: "{{ crun_bin_dir }}/crun"
mode: '0755'
when: not crun_stat.stat.exists
+ environment: "{{ proxy_env }}"
diff --git a/roles/container-engine/docker/tasks/main.yml b/roles/container-engine/docker/tasks/main.yml
index c60f80653538a18d5f4ee297a96c7ed98922ab12..4d650a19e22c1c2edbd70abe8dc68ab938e7aee9 100644
--- a/roles/container-engine/docker/tasks/main.yml
+++ b/roles/container-engine/docker/tasks/main.yml
@@ -74,6 +74,7 @@
retries: 4
delay: "{{ retry_stagger | d(3) }}"
with_items: "{{ docker_repo_key_info.repo_keys }}"
+ environment: "{{ proxy_env }}"
when: not (ansible_os_family in ["Flatcar Container Linux by Kinvolk", "RedHat", "Suse", "ClearLinux"] or is_ostree)
- name: ensure docker-ce repository is enabled
@@ -95,6 +96,7 @@
retries: 4
delay: "{{ retry_stagger | d(3) }}"
with_items: "{{ dockerproject_repo_key_info.repo_keys }}"
+ environment: "{{ proxy_env }}"
when:
- not (ansible_os_family in ["Flatcar Container Linux by Kinvolk", "RedHat", "Suse", "ClearLinux"] or is_ostree)
- use_docker_engine is defined and use_docker_engine
diff --git a/roles/download/tasks/download_file.yml b/roles/download/tasks/download_file.yml
index 648f4335387eb331409745d1e447e559c9f11321..a6725fdcfe0dd7a1ec13ce3c0b1f602603cf1f6a 100644
--- a/roles/download/tasks/download_file.yml
+++ b/roles/download/tasks/download_file.yml
@@ -66,6 +66,7 @@
until: "'OK' in get_url_result.msg or 'file already exists' in get_url_result.msg"
retries: 4
delay: "{{ retry_stagger | default(5) }}"
+ environment: "{{ proxy_env }}"
- name: download_file | Copy file back to ansible host file cache
synchronize:
diff --git a/roles/kubespray-defaults/tasks/main.yaml b/roles/kubespray-defaults/tasks/main.yaml
index fe268e9533c4b990b252015a23771e713ebf85f1..7c0c5d240a6e4fe0047d69b928587a0e4fdc85f9 100644
--- a/roles/kubespray-defaults/tasks/main.yaml
+++ b/roles/kubespray-defaults/tasks/main.yaml
@@ -5,6 +5,19 @@
tags:
- always
+- name: "Set up proxy environment"
+ set_fact:
+ proxy_env:
+ http_proxy: "{{ http_proxy | default ('') }}"
+ HTTP_PROXY: "{{ http_proxy | default ('') }}"
+ https_proxy: "{{ https_proxy | default ('') }}"
+ HTTPS_PROXY: "{{ https_proxy | default ('') }}"
+ no_proxy: "{{ no_proxy | default ('') }}"
+ NO_PROXY: "{{ no_proxy | default ('') }}"
+ no_log: true
+ tags:
+ - always
+
# do not run gather facts when bootstrap-os in roles
- name: set fallback_ips
import_tasks: fallback_ips.yml
diff --git a/scale.yml b/scale.yml
index ab1522145567b431f2e2e7dcae12b3ea9cd81f7e..52f59d22c4dd8bc0b511ec9a008bddb83592cfcc 100644
--- a/scale.yml
+++ b/scale.yml
@@ -2,21 +2,6 @@
- name: Check ansible version
import_playbook: ansible_version.yml
-- hosts: all
- gather_facts: false
- tags: always
- tasks:
- - name: "Set up proxy environment"
- set_fact:
- proxy_env:
- http_proxy: "{{ http_proxy | default ('') }}"
- HTTP_PROXY: "{{ http_proxy | default ('') }}"
- https_proxy: "{{ https_proxy | default ('') }}"
- HTTPS_PROXY: "{{ https_proxy | default ('') }}"
- no_proxy: "{{ no_proxy | default ('') }}"
- NO_PROXY: "{{ no_proxy | default ('') }}"
- no_log: true
-
- hosts: bastion[0]
gather_facts: False
roles:
@@ -63,7 +48,6 @@
- { role: container-engine, tags: "container-engine", when: deploy_container_engine|default(true) }
- { role: download, tags: download, when: "not skip_downloads" }
- { role: etcd, tags: etcd, etcd_cluster_setup: false, when: "not etcd_kubeadm_enabled|default(false)" }
- environment: "{{ proxy_env }}"
- name: Target only workers to get kubelet installed and checking in on any new nodes(node)
hosts: kube-node
@@ -72,7 +56,6 @@
roles:
- { role: kubespray-defaults }
- { role: kubernetes/node, tags: node }
- environment: "{{ proxy_env }}"
- name: Upload control plane certs and retrieve encryption key
hosts: kube-master | first
@@ -102,4 +85,3 @@
- { role: kubernetes/kubeadm, tags: kubeadm }
- { role: network_plugin, tags: network }
- { role: kubernetes/node-label, tags: node-label }
- environment: "{{ proxy_env }}"
diff --git a/upgrade-cluster.yml b/upgrade-cluster.yml
index 6ac8160ac262ef452bbdbe2af1b63089e0107c7e..38d2d7444a93ec99d982031fa7ded4875a93bd58 100644
--- a/upgrade-cluster.yml
+++ b/upgrade-cluster.yml
@@ -2,21 +2,6 @@
- name: Check ansible version
import_playbook: ansible_version.yml
-- hosts: all
- gather_facts: false
- tags: always
- tasks:
- - name: "Set up proxy environment"
- set_fact:
- proxy_env:
- http_proxy: "{{ http_proxy | default ('') }}"
- HTTP_PROXY: "{{ http_proxy | default ('') }}"
- https_proxy: "{{ https_proxy | default ('') }}"
- HTTPS_PROXY: "{{ https_proxy | default ('') }}"
- no_proxy: "{{ no_proxy | default ('') }}"
- NO_PROXY: "{{ no_proxy | default ('') }}"
- no_log: true
-
- hosts: bastion[0]
gather_facts: False
roles:
@@ -47,7 +32,6 @@
- { role: kubespray-defaults, when: "not skip_downloads and download_run_once and not download_localhost"}
- { role: kubernetes/preinstall, tags: preinstall, when: "not skip_downloads and download_run_once and not download_localhost" }
- { role: download, tags: download, when: "not skip_downloads and download_run_once and not download_localhost" }
- environment: "{{ proxy_env }}"
- name: Prepare nodes for upgrade
hosts: k8s-cluster:etcd:calico-rr
@@ -57,7 +41,6 @@
- { role: kubespray-defaults }
- { role: kubernetes/preinstall, tags: preinstall }
- { role: download, tags: download, when: "not skip_downloads" }
- environment: "{{ proxy_env }}"
- name: Upgrade container engine on non-cluster nodes
hosts: etcd:calico-rr:!k8s-cluster
@@ -67,7 +50,6 @@
roles:
- { role: kubespray-defaults }
- { role: container-engine, tags: "container-engine", when: deploy_container_engine|default(true) }
- environment: "{{ proxy_env }}"
- hosts: etcd
gather_facts: False
@@ -109,7 +91,6 @@
- { role: kubernetes-apps/cluster_roles, tags: cluster-roles }
- { role: kubernetes-apps, tags: csi-driver }
- { role: upgrade/post-upgrade, tags: post-upgrade }
- environment: "{{ proxy_env }}"
- name: Upgrade calico and external cloud provider on all masters, calico-rrs, and nodes
hosts: kube-master:calico-rr:kube-node
@@ -136,7 +117,6 @@
- { role: kubernetes/kubeadm, tags: kubeadm }
- { role: kubernetes/node-label, tags: node-label }
- { role: upgrade/post-upgrade, tags: post-upgrade }
- environment: "{{ proxy_env }}"
- hosts: kube-master[0]
gather_facts: False
@@ -152,7 +132,6 @@
roles:
- { role: kubespray-defaults }
- { role: network_plugin/calico/rr, tags: network }
- environment: "{{ proxy_env }}"
- hosts: kube-master
gather_facts: False
@@ -160,7 +139,6 @@
roles:
- { role: kubespray-defaults }
- { role: kubernetes-apps, tags: apps }
- environment: "{{ proxy_env }}"
- hosts: k8s-cluster
gather_facts: False