From 35f248dff0ddb430e2293af98ba73aa5062c89c1 Mon Sep 17 00:00:00 2001 From: Sergey Date: Thu, 16 Apr 2020 17:22:47 +0300 Subject: [PATCH] =?UTF-8?q?assembly=20fallback=5Fips=20and=20no=5Fproxy=20?= =?UTF-8?q?var=20only=20one=20time=20on=20localhost=20and=E2=80=A6=20(#595?= =?UTF-8?q?7)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * assembly fallback_ips and no_proxy var only one time on localhost and populate result on all hosts * add tag always, fix ansible lint errors * workaround to mitogen issue dw/mitogen#663 * do not gather fact before install python on coreos like distros * try to pass docker molecule test --- docs/proxy.md | 2 +- roles/kubespray-defaults/defaults/main.yaml | 32 ------------------- .../kubespray-defaults/tasks/fallback_ips.yml | 29 +++++++++++++++++ .../tasks/fallback_ips_gather.yml | 10 ++++++ roles/kubespray-defaults/tasks/main.yaml | 18 +++++++++++ roles/kubespray-defaults/tasks/no_proxy.yml | 28 ++++++++++++++++ 6 files changed, 86 insertions(+), 33 deletions(-) create mode 100644 roles/kubespray-defaults/tasks/fallback_ips.yml create mode 100644 roles/kubespray-defaults/tasks/fallback_ips_gather.yml create mode 100644 roles/kubespray-defaults/tasks/no_proxy.yml diff --git a/docs/proxy.md b/docs/proxy.md index ec473324f..867b90f4d 100644 --- a/docs/proxy.md +++ b/docs/proxy.md @@ -1,6 +1,6 @@ # Setting up Environment Proxy -If you set http and https proxy, all nodes and loadbalancer will be excluded from proxy with generating no_proxy variable in `roles/kubespray-defaults/defaults/main.yml`, if you have additional resources for exclude add them to `additional_no_proxy` variable. If you want fully override your `no_proxy` setting, then fill in just `no_proxy` and no nodes or loadbalancer addresses will be added to no_proxy. +If you set http and https proxy, all nodes and loadbalancer will be excluded from proxy with generating no_proxy variable in `roles/kubespray-defaults/tasks/no_proxy.yml`, if you have additional resources for exclude add them to `additional_no_proxy` variable. If you want fully override your `no_proxy` setting, then fill in just `no_proxy` and no nodes or loadbalancer addresses will be added to no_proxy. ## Set proxy for http and https diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index 5b8b2f0f7..266dc5159 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -405,38 +405,6 @@ contiv_peer_with_uplink_leaf: false contiv_global_as: "65002" contiv_global_neighbor_as: "500" -# Set 127.0.0.1 as fallback IP if we do not have host facts for host -# ansible_default_ipv4 isn't what you think. -# Thanks https://medium.com/opsops/ansible-default-ipv4-is-not-what-you-think-edb8ab154b10 -fallback_ips_base: | - --- - {% for item in groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([])|unique %} - {% set found = hostvars[item].get('ansible_default_ipv4') %} - {{ item }}: "{{ found.get('address', '127.0.0.1') }}" - {% endfor %} -fallback_ips: "{{ fallback_ips_base | from_yaml }}" - -## Set no_proxy to all assigned cluster IPs and hostnames -no_proxy: >- - {%- if http_proxy is defined or https_proxy is defined %} - {%- if loadbalancer_apiserver is defined -%} - {{ apiserver_loadbalancer_domain_name| default('') }}, - {{ loadbalancer_apiserver.address | default('') }}, - {%- endif -%} - {%- for item in (groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]))|unique -%} - {{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }}, - {%- if item != hostvars[item].get('ansible_hostname', '') -%} - {{ hostvars[item]['ansible_hostname'] }}, - {{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }}, - {%- endif -%} - {{ item }},{{ item }}.{{ dns_domain }}, - {%- endfor -%} - {%- if additional_no_proxy is defined -%} - {{ additional_no_proxy }}, - {%- endif -%} - 127.0.0.1,localhost,{{kube_service_addresses}},{{kube_pods_subnet}} - {%- endif %} - ssl_ca_dirs: >- [ {% if ansible_os_family in ['CoreOS', 'Container Linux by CoreOS', 'Flatcar', 'Flatcar Container Linux by Kinvolk'] -%} diff --git a/roles/kubespray-defaults/tasks/fallback_ips.yml b/roles/kubespray-defaults/tasks/fallback_ips.yml new file mode 100644 index 000000000..546ac1e2b --- /dev/null +++ b/roles/kubespray-defaults/tasks/fallback_ips.yml @@ -0,0 +1,29 @@ +--- +# Set 127.0.0.1 as fallback IP if we do not have host facts for host +# ansible_default_ipv4 isn't what you think. +# Thanks https://medium.com/opsops/ansible-default-ipv4-is-not-what-you-think-edb8ab154b10 + +- name: Gather ansible_default_ipv4 from all hosts + include_tasks: fallback_ips_gather.yml + when: hostvars[delegate_host_to_gather_facts].ansible_default_ipv4 is not defined + loop: "{{ groups['all'] }}" + loop_control: + loop_var: delegate_host_to_gather_facts + run_once: yes + +- name: create fallback_ips_base + set_fact: + fallback_ips_base: | + --- + {% for item in (groups['k8s-cluster']|default([]) + groups['etcd']|default([]) + groups['calico-rr']|default([]))|unique %} + {% set found = hostvars[item].get('ansible_default_ipv4') %} + {{ item }}: "{{ found.get('address', '127.0.0.1') }}" + {% endfor %} + delegate_to: localhost + delegate_facts: yes + become: no + run_once: yes + +- name: set fallback_ips + set_fact: + fallback_ips: "{{ hostvars.localhost.fallback_ips_base | from_yaml }}" diff --git a/roles/kubespray-defaults/tasks/fallback_ips_gather.yml b/roles/kubespray-defaults/tasks/fallback_ips_gather.yml new file mode 100644 index 000000000..c5f5b7427 --- /dev/null +++ b/roles/kubespray-defaults/tasks/fallback_ips_gather.yml @@ -0,0 +1,10 @@ +--- +# include to workaround mitogen issue +# https://github.com/dw/mitogen/issues/663 + +- name: "Gather ansible_default_ipv4 from {{ delegate_host_to_gather_facts }}" + setup: + gather_subset: '!all,network' + filter: "ansible_default_ipv4" + delegate_to: "{{ delegate_host_to_gather_facts }}" + delegate_facts: yes diff --git a/roles/kubespray-defaults/tasks/main.yaml b/roles/kubespray-defaults/tasks/main.yaml index 11b9e3653..b27cafc15 100644 --- a/roles/kubespray-defaults/tasks/main.yaml +++ b/roles/kubespray-defaults/tasks/main.yaml @@ -4,3 +4,21 @@ msg: "Check roles/kubespray-defaults/defaults/main.yml" tags: - always + +# do not run gather facts when bootstrap-os in roles +- name: set fallback_ips + include_tasks: fallback_ips.yml + when: + - "'bootstrap-os' not in ansible_play_role_names" + - fallback_ips is not defined + tags: + - always + +- name: set no_proxy + include_tasks: no_proxy.yml + when: + - "'bootstrap-os' not in ansible_play_role_names" + - http_proxy is defined or https_proxy is defined + - no_proxy is not defined + tags: + - always diff --git a/roles/kubespray-defaults/tasks/no_proxy.yml b/roles/kubespray-defaults/tasks/no_proxy.yml new file mode 100644 index 000000000..efff7d398 --- /dev/null +++ b/roles/kubespray-defaults/tasks/no_proxy.yml @@ -0,0 +1,28 @@ +--- +- name: Set no_proxy to all assigned cluster IPs and hostnames + set_fact: + no_proxy_prepare: >- + {%- if loadbalancer_apiserver is defined -%} + {{ apiserver_loadbalancer_domain_name| default('') }}, + {{ loadbalancer_apiserver.address | default('') }}, + {%- endif -%} + {%- for item in (groups['k8s-cluster'] + groups['etcd'] + groups['calico-rr']|default([]))|unique -%} + {{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }}, + {%- if item != hostvars[item].get('ansible_hostname', '') -%} + {{ hostvars[item]['ansible_hostname'] }}, + {{ hostvars[item]['ansible_hostname'] }}.{{ dns_domain }}, + {%- endif -%} + {{ item }},{{ item }}.{{ dns_domain }}, + {%- endfor -%} + {%- if additional_no_proxy is defined -%} + {{ additional_no_proxy }}, + {%- endif -%} + 127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }} + delegate_to: localhost + delegate_facts: yes + become: no + run_once: yes + +- name: Populates no_proxy to all hosts + set_fact: + no_proxy: "{{ hostvars.localhost.no_proxy_prepare }}"