Proxy small fixes (#7102)

* Improve how we set 'proxy=' in yum.conf or dnf.conf Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> * Fixup spaces in no_proxy Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> * Add svc,svc.{{ dns_domain }} to no_proxy Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
3 years ago · ab2bfd7f8c
5 changed files with 36 additions and 45 deletions
--- a/docs/proxy.md
+++ b/docs/proxy.md
@ -13,7 +13,7 @@ If you set http and https proxy, all nodes and loadbalancer will be excluded fro

 ## Set additional addresses to default no_proxy (all cluster nodes and loadbalancer)

-`additional_no_proxy: "aditional_host,"`
+`additional_no_proxy: "aditional_host1,aditional_host2"`

 ## Exclude workers from no_proxy

--- a/roles/bootstrap-os/tasks/bootstrap-centos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-centos.yml
@ -4,6 +4,17 @@
    gather_subset: '!all'
    filter: ansible_distribution_*version

+- name: Add proxy to yum.conf or dnf.conf if http_proxy is defined
+  ini_file:
+    path: "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('/etc/yum.conf','/etc/dnf/dnf.conf') }}"
+    section: main
+    option: proxy
+    value: "{{ http_proxy | default(omit) }}"
+    state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
+    no_extra_spaces: true
+  become: true
+  when: not skip_http_proxy_on_os_packages
+
 # For Oracle Linux install public repo
 - name: Download Oracle Linux public yum repo
  get_url:
@ -69,17 +80,6 @@
    - fastestmirror.stat.exists
    - not centos_fastestmirror_enabled

- name: Add proxy to /etc/yum.conf if http_proxy is defined
-  ini_file:
-    path: "/etc/yum.conf"
-    section: main
-    option: proxy
-    value: "{{ http_proxy | default(omit) }}"
-    state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
-    no_extra_spaces: true
-  become: true
-  when: not skip_http_proxy_on_os_packages
-
 # libselinux-python is required on SELinux enabled hosts
 # See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements
 - name: Install libselinux python package
--- a/roles/bootstrap-os/tasks/bootstrap-fedora.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-fedora.yml
@ -10,26 +10,16 @@
  tags:
    - facts

- name: Check if a proxy is set in /etc/dnf/dnf.conf
-  raw: grep -qs 'proxy=' /etc/dnf/dnf.conf
-  register: need_http_proxy
-  failed_when: false
-  changed_when: false
-  # This command should always run, even in check mode
-  check_mode: false
-  environment: {}
-  when:
-    - http_proxy is defined
-    - not skip_http_proxy_on_os_packages
-
- name: Add http_proxy to /etc/dnf/dnf.conf if http_proxy is defined
-  raw: echo 'proxy={{ http_proxy }}' >> /etc/dnf/dnf.conf
+- name: Add proxy to dnf.conf if http_proxy is defined
+  ini_file:
+    path: "/etc/dnf/dnf.conf"
+    section: main
+    option: proxy
+    value: "{{ http_proxy | default(omit) }}"
+    state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
+    no_extra_spaces: true
  become: true
-  environment: {}
-  when:
-    - http_proxy is defined
-    - need_http_proxy.rc != 0
-    - not skip_http_proxy_on_os_packages
+  when: not skip_http_proxy_on_os_packages

 - name: Install python3 on fedora
  raw: "dnf install --assumeyes --quiet python3"
--- a/roles/bootstrap-os/tasks/bootstrap-redhat.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-redhat.yml
@ -4,6 +4,17 @@
    gather_subset: '!all'
    filter: ansible_distribution_*version

+- name: Add proxy to yum.conf or dnf.conf if http_proxy is defined
+  ini_file:
+    path: "{{ ( (ansible_distribution_major_version | int) < 8) | ternary('/etc/yum.conf','/etc/dnf/dnf.conf') }}"
+    section: main
+    option: proxy
+    value: "{{ http_proxy | default(omit) }}"
+    state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
+    no_extra_spaces: true
+  become: true
+  when: not skip_http_proxy_on_os_packages
+
 - name: Check RHEL subscription-manager status
  command: /sbin/subscription-manager status
  register: rh_subscription_status
@ -66,16 +77,6 @@
    - fastestmirror.stat.exists
    - not centos_fastestmirror_enabled

- name: Add proxy to /etc/yum.conf if http_proxy is defined
-  ini_file:
-    path: "/etc/yum.conf"
-    section: main
-    option: proxy
-    value: "{{ http_proxy | default(omit) }}"
-    state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
-    no_extra_spaces: true
-  become: true
-
 # libselinux-python is required on SELinux enabled hosts
 # See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements
 - name: Install libselinux python package
--- a/roles/kubespray-defaults/tasks/no_proxy.yml
+++ b/roles/kubespray-defaults/tasks/no_proxy.yml
@ -6,11 +6,11 @@
      {{ apiserver_loadbalancer_domain_name| default('') }},
      {{ loadbalancer_apiserver.address | default('') }},
      {%- endif -%}
-      {%- if ( (no_proxy_exclude_workers is defined) and (no_proxy_exclude_workers) ) -%}
+      {%- if no_proxy_exclude_workers | default(false) -%}
      {% set cluster_or_master = 'kube-master' %}
-      {% else %}
+      {%- else -%}
      {% set cluster_or_master = 'k8s-cluster' %}
-      {% endif %}
+      {%- endif -%}
      {%- for item in (groups[cluster_or_master] + groups['etcd']|default([]) + groups['calico-rr']|default([]))|unique -%}
      {{ hostvars[item]['access_ip'] | default(hostvars[item]['ip'] | default(fallback_ips[item])) }},
      {%-   if item != hostvars[item].get('ansible_hostname', '') -%}
@ -22,7 +22,7 @@
      {%- if additional_no_proxy is defined -%}
      {{ additional_no_proxy }},
      {%- endif -%}
-      127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }}
+      127.0.0.1,localhost,{{ kube_service_addresses }},{{ kube_pods_subnet }},svc,svc.{{ dns_domain }}
  delegate_to: localhost
  connection: local
  delegate_facts: yes