Proxy small fixes (#7102)

* Improve how we set 'proxy=' in yum.conf or dnf.conf Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> * Fixup spaces in no_proxy Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> * Add svc,svc.{{ dns_domain }} to no_proxy Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>

Proxy small fixes (#7102)
ab2bfd7f · Etienne Champetier · GitHub · 29f1c405 · ab2bfd7f · ab2bfd7f
Unverified Commit ab2bfd7f authored 4 years ago by Etienne Champetier Committed by GitHub 4 years ago
--- a/docs/proxy.md
+++ b/docs/proxy.md
@@ -13,7 +13,7 @@ If you set http and https proxy, all nodes and loadbalancer will be excluded fro
 ## Set additional addresses to default no_proxy (all cluster nodes and loadbalancer)
-`additional_no_proxy: "aditional_host,"`
+`additional_no_proxy: "aditional_host1,aditional_host2"`
 ## Exclude workers from no_proxy

--- a/roles/bootstrap-os/tasks/bootstrap-centos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-centos.yml
@@ -4,6 +4,17 @@
    gather_subset: '!all'
    filter: ansible_distribution_*version
+- name: Add proxy to yum.conf or dnf.conf if http_proxy is defined
+  ini_file:
+    path: "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('/etc/yum.conf','/etc/dnf/dnf.conf') }}"
+    section: main
+    option: proxy
+    value: "{{ http_proxy | default(omit) }}"
+    state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
+    no_extra_spaces: true
+  become: true
+  when: not skip_http_proxy_on_os_packages
 # For Oracle Linux install public repo
 - name: Download Oracle Linux public yum repo
  get_url:
@@ -69,17 +80,6 @@
    - fastestmirror.stat.exists
    - not centos_fastestmirror_enabled
- name: Add proxy to /etc/yum.conf if http_proxy is defined
-  ini_file:
-    path: "/etc/yum.conf"
-    section: main
-    option: proxy
-    value: "{{ http_proxy | default(omit) }}"
-    state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
-    no_extra_spaces: true
-  become: true
-  when: not skip_http_proxy_on_os_packages
 # libselinux-python is required on SELinux enabled hosts
 # See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements
 - name: Install libselinux python package

--- a/roles/bootstrap-os/tasks/bootstrap-fedora.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-fedora.yml
@@ -10,26 +10,16 @@
  tags:
    - facts
- name: Check if a proxy is set in /etc/dnf/dnf.conf
+- name: Add proxy to dnf.conf if http_proxy is defined
-  raw: grep -qs 'proxy=' /etc/dnf/dnf.conf
+  ini_file:
-  register: need_http_proxy
+    path: "/etc/dnf/dnf.conf"
-  failed_when: false
+    section: main
-  changed_when: false
+    option: proxy
-  # This command should always run, even in check mode
+    value: "{{ http_proxy | default(omit) }}"
-  check_mode: false
+    state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
-  environment: {}
+    no_extra_spaces: true
-  when:
-    - http_proxy is defined
-    - not skip_http_proxy_on_os_packages
- name: Add http_proxy to /etc/dnf/dnf.conf if http_proxy is defined
-  raw: echo 'proxy={{ http_proxy }}' >> /etc/dnf/dnf.conf
  become: true
-  environment: {}
+  when: not skip_http_proxy_on_os_packages
-  when:
-    - http_proxy is defined
-    - need_http_proxy.rc != 0
-    - not skip_http_proxy_on_os_packages
 - name: Install python3 on fedora
  raw: "dnf install --assumeyes --quiet python3"

--- a/roles/bootstrap-os/tasks/bootstrap-redhat.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-redhat.yml
@@ -4,6 +4,17 @@
    gather_subset: '!all'
    filter: ansible_distribution_*version
+- name: Add proxy to yum.conf or dnf.conf if http_proxy is defined
+  ini_file:
+    path: "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('/etc/yum.conf','/etc/dnf/dnf.conf') }}"
+    section: main
+    option: proxy
+    value: "{{ http_proxy | default(omit) }}"
+    state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
+    no_extra_spaces: true
+  become: true
+  when: not skip_http_proxy_on_os_packages
 - name: Check RHEL subscription-manager status
  command: /sbin/subscription-manager status
  register: rh_subscription_status
@@ -66,16 +77,6 @@
    - fastestmirror.stat.exists
    - not centos_fastestmirror_enabled
- name: Add proxy to /etc/yum.conf if http_proxy is defined
-  ini_file:
-    path: "/etc/yum.conf"
-    section: main
-    option: proxy
-    value: "{{ http_proxy | default(omit) }}"
-    state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
-    no_extra_spaces: true
-  become: true
 # libselinux-python is required on SELinux enabled hosts
 # See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements
 - name: Install libselinux python package

--- a/roles/kubespray-defaults/tasks/no_proxy.yml
+++ b/roles/kubespray-defaults/tasks/no_proxy.yml
@@ -6,11 +6,11 @@
      {{ apiserver_loadbalancer_domain_name| default('') }},
      {{ loadbalancer_apiserver.address | default('') }},
      {%- endif -%}
-      {%- if ( (no_proxy_exclude_workers is defined) and (no_proxy_exclude_workers) ) -%}
+      {%- if no_proxy_exclude_workers | default(false) -%}
      {% set cluster_or_master = 'kube-master' %}
-      {% else %}
+      {%- else -%}
      {% set cluster_or_master = 'k8s-cluster' %}
-      {% endif %}
+      {%- endif -%}
      {%- for item in (groups[cluster_or_master] + groups['etcd']|default([]) + groups['calico-rr']|default([]))|unique -%}
      {{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }},
      {%-   if item != hostvars[item].get('ansible_hostname', '') -%}
@@ -22,7 +22,7 @@
      {%- if additional_no_proxy is defined -%}
      {{ additional_no_proxy }},
      {%- endif -%}
-      127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }}
+      127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }},svc,svc.{{ dns_domain }}
  delegate_to: localhost
  connection: local
  delegate_facts: yes