Offline deployment: PyPi repo (#3542)

6 years ago · 79bf74e90f
7 changed files with 19 additions and 0 deletions
--- a/docs/downloads.md
+++ b/docs/downloads.md
@ -47,6 +47,7 @@ In case your servers don't have access to internet (for example when deploying o

 * At least `foo_image_repo` and `foo_download_url` as described before (i.e. in case of use of proxies to registries and binaries repositories, checksums and versions do not necessarily need to be changed).
  NB: Regarding `foo_image_repo`, when using insecure registries/proxies, you will certainly have to append them to the `docker_insecure_registries` variable in group_vars/all/docker.yml
+* `pyrepo_index` (and optionally `pyrepo_cert`)
 * Depending on the `container_manager`
  * When `container_manager=docker`, `docker_foo_repo_base_url`, `docker_foo_repo_gpgkey`, `dockerproject_bar_repo_base_url` and `dockerproject_bar_repo_gpgkey` (where `foo` is the distribution and `bar` is system package manager)
  * When `container_manager=crio`, `crio_rhel_repo_base_url` 
--- a/extra_playbooks/build-cephfs-provisioner.yml
+++ b/extra_playbooks/build-cephfs-provisioner.yml
@ -7,6 +7,7 @@
        name: "{{ item.name }}"
        version: "{{ item.version }}"
        state: "{{ item.state }}"
+        extra_args: "{{ pip_extra_args | default(omit) }}"
      with_items:
        - { state: "present", name: "docker", version: "3.4.1" }
        - { state: "present", name: "docker-compose", version: "1.21.2" }
--- a/inventory/sample/group_vars/all/all.yml
+++ b/inventory/sample/group_vars/all/all.yml
@ -77,3 +77,7 @@ bin_dir: /usr/local/bin

 ## Set true to download and cache container
 #download_container: true
+
+## Set Pypi repo and cert accordingly
+#pyrepo_index: https://pypi.example.com/simple
+#pyrepo_cert: /etc/ssl/certs/ca-certificates.crt
--- a/roles/bootstrap-os/tasks/bootstrap-coreos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-coreos.yml
@ -60,6 +60,7 @@
 - name: Install required python modules
  pip:
    name: "{{ item }}"
+    extra_args: "{{ pip_extra_args | default(omit) }}"
  with_items: "{{pip_python_coreos_modules}}"
  environment:
    PATH: "{{ ansible_env.PATH }}:{{ bin_dir }}"
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@ -454,3 +454,13 @@ etcd_snapshot_count: "10000"

 certificates_key_size: 2048
 certificates_duration: 36500
+
+pip_extra_args: |-
+  {%- set pip_extra_args_list = [] -%}
+  {%- if pyrepo_index is defined -%}
+  {%- set DO = pip_extra_args_list.append('--index-url %s' | format(pyrepo_index)) -%}
+  {%- if pyrepo_cert is defined -%}
+  {%- set DO = pip_extra_args_list.append('--cert %s' | format(pyrepo_cert)) -%}
+  {%- endif -%}
+  {%- endif -%}
+  {{ pip_extra_args_list|join(' ') }}
--- a/roles/vault/tasks/main.yml
+++ b/roles/vault/tasks/main.yml
@ -14,6 +14,7 @@
  pip:
    name: "hvac"
    state: "present"
+    extra_args: "{{ pip_extra_args | default(omit) }}"

 ## Bootstrap
 - include_tasks: bootstrap/main.yml
--- a/roles/vault/tasks/shared/issue_cert.yml
+++ b/roles/vault/tasks/shared/issue_cert.yml
@ -52,6 +52,7 @@
  pip:
    name: "hvac"
    state: "present"
+    extra_args: "{{ pip_extra_args | default(omit) }}"

 - name: gen_certs_vault | Pull vault CA
  get_url: