From ab2bfd7f8ce45e24855f0bb7533a245481922b6e Mon Sep 17 00:00:00 2001
From: Etienne Champetier <champetier.etienne@gmail.com>
Date: Thu, 7 Jan 2021 13:50:53 -0500
Subject: [PATCH] Proxy small fixes (#7102)

* Improve how we set 'proxy=' in yum.conf or dnf.conf

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Fixup spaces in no_proxy

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

* Add svc,svc.{{ dns_domain }} to no_proxy

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
---
 docs/proxy.md                                 |  2 +-
 roles/bootstrap-os/tasks/bootstrap-centos.yml | 22 +++++++--------
 roles/bootstrap-os/tasks/bootstrap-fedora.yml | 28 ++++++-------------
 roles/bootstrap-os/tasks/bootstrap-redhat.yml | 21 +++++++-------
 roles/kubespray-defaults/tasks/no_proxy.yml   |  8 +++---
 5 files changed, 36 insertions(+), 45 deletions(-)

diff --git a/docs/proxy.md b/docs/proxy.md
index cb8472d76..cc5398637 100644
--- a/docs/proxy.md
+++ b/docs/proxy.md
@@ -13,7 +13,7 @@ If you set http and https proxy, all nodes and loadbalancer will be excluded fro
 
 ## Set additional addresses to default no_proxy (all cluster nodes and loadbalancer)
 
-`additional_no_proxy: "aditional_host,"`
+`additional_no_proxy: "aditional_host1,aditional_host2"`
 
 ## Exclude workers from no_proxy
 
diff --git a/roles/bootstrap-os/tasks/bootstrap-centos.yml b/roles/bootstrap-os/tasks/bootstrap-centos.yml
index 538b66028..d32efe54b 100644
--- a/roles/bootstrap-os/tasks/bootstrap-centos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-centos.yml
@@ -4,6 +4,17 @@
     gather_subset: '!all'
     filter: ansible_distribution_*version
 
+- name: Add proxy to yum.conf or dnf.conf if http_proxy is defined
+  ini_file:
+    path: "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('/etc/yum.conf','/etc/dnf/dnf.conf') }}"
+    section: main
+    option: proxy
+    value: "{{ http_proxy | default(omit) }}"
+    state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
+    no_extra_spaces: true
+  become: true
+  when: not skip_http_proxy_on_os_packages
+
 # For Oracle Linux install public repo
 - name: Download Oracle Linux public yum repo
   get_url:
@@ -69,17 +80,6 @@
     - fastestmirror.stat.exists
     - not centos_fastestmirror_enabled
 
-- name: Add proxy to /etc/yum.conf if http_proxy is defined
-  ini_file:
-    path: "/etc/yum.conf"
-    section: main
-    option: proxy
-    value: "{{ http_proxy | default(omit) }}"
-    state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
-    no_extra_spaces: true
-  become: true
-  when: not skip_http_proxy_on_os_packages
-
 # libselinux-python is required on SELinux enabled hosts
 # See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements
 - name: Install libselinux python package
diff --git a/roles/bootstrap-os/tasks/bootstrap-fedora.yml b/roles/bootstrap-os/tasks/bootstrap-fedora.yml
index 67bf35a77..e766948a1 100644
--- a/roles/bootstrap-os/tasks/bootstrap-fedora.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-fedora.yml
@@ -10,26 +10,16 @@
   tags:
     - facts
 
-- name: Check if a proxy is set in /etc/dnf/dnf.conf
-  raw: grep -qs 'proxy=' /etc/dnf/dnf.conf
-  register: need_http_proxy
-  failed_when: false
-  changed_when: false
-  # This command should always run, even in check mode
-  check_mode: false
-  environment: {}
-  when:
-    - http_proxy is defined
-    - not skip_http_proxy_on_os_packages
-
-- name: Add http_proxy to /etc/dnf/dnf.conf if http_proxy is defined
-  raw: echo 'proxy={{ http_proxy }}' >> /etc/dnf/dnf.conf
+- name: Add proxy to dnf.conf if http_proxy is defined
+  ini_file:
+    path: "/etc/dnf/dnf.conf"
+    section: main
+    option: proxy
+    value: "{{ http_proxy | default(omit) }}"
+    state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
+    no_extra_spaces: true
   become: true
-  environment: {}
-  when:
-    - http_proxy is defined
-    - need_http_proxy.rc != 0
-    - not skip_http_proxy_on_os_packages
+  when: not skip_http_proxy_on_os_packages
 
 - name: Install python3 on fedora
   raw: "dnf install --assumeyes --quiet python3"
diff --git a/roles/bootstrap-os/tasks/bootstrap-redhat.yml b/roles/bootstrap-os/tasks/bootstrap-redhat.yml
index f2518557b..9170635d4 100644
--- a/roles/bootstrap-os/tasks/bootstrap-redhat.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-redhat.yml
@@ -4,6 +4,17 @@
     gather_subset: '!all'
     filter: ansible_distribution_*version
 
+- name: Add proxy to yum.conf or dnf.conf if http_proxy is defined
+  ini_file:
+    path: "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('/etc/yum.conf','/etc/dnf/dnf.conf') }}"
+    section: main
+    option: proxy
+    value: "{{ http_proxy | default(omit) }}"
+    state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
+    no_extra_spaces: true
+  become: true
+  when: not skip_http_proxy_on_os_packages
+
 - name: Check RHEL subscription-manager status
   command: /sbin/subscription-manager status
   register: rh_subscription_status
@@ -66,16 +77,6 @@
     - fastestmirror.stat.exists
     - not centos_fastestmirror_enabled
 
-- name: Add proxy to /etc/yum.conf if http_proxy is defined
-  ini_file:
-    path: "/etc/yum.conf"
-    section: main
-    option: proxy
-    value: "{{ http_proxy | default(omit) }}"
-    state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
-    no_extra_spaces: true
-  become: true
-
 # libselinux-python is required on SELinux enabled hosts
 # See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements
 - name: Install libselinux python package
diff --git a/roles/kubespray-defaults/tasks/no_proxy.yml b/roles/kubespray-defaults/tasks/no_proxy.yml
index a0de178f7..954418537 100644
--- a/roles/kubespray-defaults/tasks/no_proxy.yml
+++ b/roles/kubespray-defaults/tasks/no_proxy.yml
@@ -6,11 +6,11 @@
       {{ apiserver_loadbalancer_domain_name| default('') }},
       {{ loadbalancer_apiserver.address | default('') }},
       {%- endif -%}
-      {%- if ( (no_proxy_exclude_workers is defined) and (no_proxy_exclude_workers) ) -%}
+      {%- if no_proxy_exclude_workers | default(false) -%}
       {% set cluster_or_master = 'kube-master' %}
-      {% else %}
+      {%- else -%}
       {% set cluster_or_master = 'k8s-cluster' %}
-      {% endif %}
+      {%- endif -%}
       {%- for item in (groups[cluster_or_master] + groups['etcd']|default([]) + groups['calico-rr']|default([]))|unique -%}
       {{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }},
       {%-   if item != hostvars[item].get('ansible_hostname', '') -%}
@@ -22,7 +22,7 @@
       {%- if additional_no_proxy is defined -%}
       {{ additional_no_proxy }},
       {%- endif -%}
-      127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }}
+      127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }},svc,svc.{{ dns_domain }}
   delegate_to: localhost
   connection: local
   delegate_facts: yes
-- 
GitLab