diff --git a/inventory/sample/group_vars/all/all.yml b/inventory/sample/group_vars/all/all.yml
index aa517a903c94271b595e99cca3a997d71e430f9a..4ddc54ab3fedc2a57014851fac2048e30ead2c4e 100644
--- a/inventory/sample/group_vars/all/all.yml
+++ b/inventory/sample/group_vars/all/all.yml
@@ -68,6 +68,11 @@ loadbalancer_apiserver_healthcheck_port: 8081
## If you need exclude all cluster nodes from proxy and other resources, add other resources here.
# additional_no_proxy: ""
+## If you need to disable proxying of os package repositories but are still behind an http_proxy set
+## skip_http_proxy_on_os_packages to true
+## This will cause kubespray not to set proxy environment in /etc/yum.conf for centos
+# skip_http_proxy_on_os_packages: false
+
## Since workers are included in the no_proxy variable by default, docker engine will be restarted on all nodes (all
## pods will restart) when adding or removing workers. To override this behaviour by only including master nodes in the
## no_proxy variable, set below to true:
diff --git a/roles/bootstrap-os/defaults/main.yml b/roles/bootstrap-os/defaults/main.yml
index b9aee516a9ddbb7789b68abfdbdfebab6a7c225b..649919b3a42e7345fb300f437749b06dc4da1acb 100644
--- a/roles/bootstrap-os/defaults/main.yml
+++ b/roles/bootstrap-os/defaults/main.yml
@@ -23,3 +23,5 @@ fedora_coreos_packages:
override_system_hostname: true
is_fedora_coreos: false
+
+skip_http_proxy_on_os_packages: false
diff --git a/roles/bootstrap-os/tasks/bootstrap-centos.yml b/roles/bootstrap-os/tasks/bootstrap-centos.yml
index 1e7ca3653cbea4373d6e274bf9e65b2c7a749da0..538b660287769505048c14f26acd7a71ef54f17d 100644
--- a/roles/bootstrap-os/tasks/bootstrap-centos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-centos.yml
@@ -78,6 +78,7 @@
state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
no_extra_spaces: true
become: true
+ when: not skip_http_proxy_on_os_packages
# libselinux-python is required on SELinux enabled hosts
# See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements
diff --git a/roles/bootstrap-os/tasks/bootstrap-debian.yml b/roles/bootstrap-os/tasks/bootstrap-debian.yml
index ca9d28c659991253e3ea70d4eb75e1073d2d8fe7..484b9a67e912b754609b00fa9b1dfe5eed6aa654 100644
--- a/roles/bootstrap-os/tasks/bootstrap-debian.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-debian.yml
@@ -22,6 +22,7 @@
environment: {}
when:
- http_proxy is defined
+ - not skip_http_proxy_on_os_packages
- name: Add http_proxy to /etc/apt/apt.conf if http_proxy is defined
raw: echo 'Acquire::http::proxy "{{ http_proxy }}";' >> /etc/apt/apt.conf
@@ -30,6 +31,7 @@
when:
- http_proxy is defined
- need_http_proxy.rc != 0
+ - not skip_http_proxy_on_os_packages
- name: Check https::proxy in apt configuration files
raw: apt-config dump | grep -qsi 'Acquire::https::proxy'
@@ -41,6 +43,7 @@
environment: {}
when:
- https_proxy is defined
+ - not skip_http_proxy_on_os_packages
- name: Add https_proxy to /etc/apt/apt.conf if https_proxy is defined
raw: echo 'Acquire::https::proxy "{{ https_proxy }}";' >> /etc/apt/apt.conf
@@ -49,6 +52,7 @@
when:
- https_proxy is defined
- need_https_proxy.rc != 0
+ - not skip_http_proxy_on_os_packages
- name: Check Network Name Resolution configuration
raw: grep '^DNSSEC=allow-downgrade' /etc/systemd/resolved.conf
diff --git a/roles/bootstrap-os/tasks/bootstrap-fedora.yml b/roles/bootstrap-os/tasks/bootstrap-fedora.yml
index 5c22289d27f1df16e4445e8af2a3e31fd0cbbf1a..67bf35a774bfb8e4f1bdf9024d27133a1332ee72 100644
--- a/roles/bootstrap-os/tasks/bootstrap-fedora.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-fedora.yml
@@ -20,6 +20,7 @@
environment: {}
when:
- http_proxy is defined
+ - not skip_http_proxy_on_os_packages
- name: Add http_proxy to /etc/dnf/dnf.conf if http_proxy is defined
raw: echo 'proxy={{ http_proxy }}' >> /etc/dnf/dnf.conf
@@ -28,6 +29,7 @@
when:
- http_proxy is defined
- need_http_proxy.rc != 0
+ - not skip_http_proxy_on_os_packages
- name: Install python3 on fedora
raw: "dnf install --assumeyes --quiet python3"