From f323d70c0fec716d1a7b614dca1746f7042e4244 Mon Sep 17 00:00:00 2001
From: wand3r3r <wand3r3r@gmail.com>
Date: Wed, 21 Oct 2020 02:22:19 -0400
Subject: [PATCH] Adding option to disable globally applying a proxy to
 etc/yum.conf (#6828)

* Adding option to disable gloablly applying a proxy to etc/yum.conf

* Change made to proxy_yum_globaly basedon reviewer feedback

* fix trailing spaces in ymllint
---
 inventory/sample/group_vars/all/all.yml       | 5 +++++
 roles/bootstrap-os/defaults/main.yml          | 2 ++
 roles/bootstrap-os/tasks/bootstrap-centos.yml | 1 +
 roles/bootstrap-os/tasks/bootstrap-debian.yml | 4 ++++
 roles/bootstrap-os/tasks/bootstrap-fedora.yml | 2 ++
 5 files changed, 14 insertions(+)

diff --git a/inventory/sample/group_vars/all/all.yml b/inventory/sample/group_vars/all/all.yml
index aa517a903..4ddc54ab3 100644
--- a/inventory/sample/group_vars/all/all.yml
+++ b/inventory/sample/group_vars/all/all.yml
@@ -68,6 +68,11 @@ loadbalancer_apiserver_healthcheck_port: 8081
 ## If you need exclude all cluster nodes from proxy and other resources, add other resources here.
 # additional_no_proxy: ""
 
+## If you need to disable proxying of os package repositories but are still behind an http_proxy set
+## skip_http_proxy_on_os_packages to true
+## This will cause kubespray not to set proxy environment in /etc/yum.conf for centos
+# skip_http_proxy_on_os_packages: false
+
 ## Since workers are included in the no_proxy variable by default, docker engine will be restarted on all nodes (all
 ## pods will restart) when adding or removing workers.  To override this behaviour by only including master nodes in the
 ## no_proxy variable, set below to true:
diff --git a/roles/bootstrap-os/defaults/main.yml b/roles/bootstrap-os/defaults/main.yml
index b9aee516a..649919b3a 100644
--- a/roles/bootstrap-os/defaults/main.yml
+++ b/roles/bootstrap-os/defaults/main.yml
@@ -23,3 +23,5 @@ fedora_coreos_packages:
 override_system_hostname: true
 
 is_fedora_coreos: false
+
+skip_http_proxy_on_os_packages: false
diff --git a/roles/bootstrap-os/tasks/bootstrap-centos.yml b/roles/bootstrap-os/tasks/bootstrap-centos.yml
index 1e7ca3653..538b66028 100644
--- a/roles/bootstrap-os/tasks/bootstrap-centos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-centos.yml
@@ -78,6 +78,7 @@
     state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
     no_extra_spaces: true
   become: true
+  when: not skip_http_proxy_on_os_packages
 
 # libselinux-python is required on SELinux enabled hosts
 # See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements
diff --git a/roles/bootstrap-os/tasks/bootstrap-debian.yml b/roles/bootstrap-os/tasks/bootstrap-debian.yml
index ca9d28c65..484b9a67e 100644
--- a/roles/bootstrap-os/tasks/bootstrap-debian.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-debian.yml
@@ -22,6 +22,7 @@
   environment: {}
   when:
     - http_proxy is defined
+    - not skip_http_proxy_on_os_packages
 
 - name: Add http_proxy to /etc/apt/apt.conf if http_proxy is defined
   raw: echo 'Acquire::http::proxy "{{ http_proxy }}";' >> /etc/apt/apt.conf
@@ -30,6 +31,7 @@
   when:
     - http_proxy is defined
     - need_http_proxy.rc != 0
+    - not skip_http_proxy_on_os_packages
 
 - name: Check https::proxy in apt configuration files
   raw: apt-config dump | grep -qsi 'Acquire::https::proxy'
@@ -41,6 +43,7 @@
   environment: {}
   when:
     - https_proxy is defined
+    - not skip_http_proxy_on_os_packages
 
 - name: Add https_proxy to /etc/apt/apt.conf if https_proxy is defined
   raw: echo 'Acquire::https::proxy "{{ https_proxy }}";' >> /etc/apt/apt.conf
@@ -49,6 +52,7 @@
   when:
     - https_proxy is defined
     - need_https_proxy.rc != 0
+    - not skip_http_proxy_on_os_packages
 
 - name: Check Network Name Resolution configuration
   raw: grep '^DNSSEC=allow-downgrade' /etc/systemd/resolved.conf
diff --git a/roles/bootstrap-os/tasks/bootstrap-fedora.yml b/roles/bootstrap-os/tasks/bootstrap-fedora.yml
index 5c22289d2..67bf35a77 100644
--- a/roles/bootstrap-os/tasks/bootstrap-fedora.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-fedora.yml
@@ -20,6 +20,7 @@
   environment: {}
   when:
     - http_proxy is defined
+    - not skip_http_proxy_on_os_packages
 
 - name: Add http_proxy to /etc/dnf/dnf.conf if http_proxy is defined
   raw: echo 'proxy={{ http_proxy }}' >> /etc/dnf/dnf.conf
@@ -28,6 +29,7 @@
   when:
     - http_proxy is defined
     - need_http_proxy.rc != 0
+    - not skip_http_proxy_on_os_packages
 
 - name: Install python3 on fedora
   raw: "dnf install --assumeyes --quiet python3"
-- 
GitLab