Ansible-galaxy with http/s proxy
14,982 views
Skip to first unread message
Emilio Del Plato
Aug 27, 2015, 6:17:44 PM8/27/15
to Ansible Project
Apologies if this has been covered somewhere and I missed it.
Is it possible to have ansible-galaxy (CLI) connect using a proxy? we have our primary ansible box walled off and it needs to use a proxy to connect to the web (galaxy.ansible.com, github.com....)
I have tried using tsocks as well as setting environment variables but none of these options seem to be honored by galaxy cli.
Is anyone aware of anyother method to use ansible-galaxy with a proxy?
Greg DeKoenigsberg
Aug 28, 2015, 10:57:37 AM8/28/15
to Ansible Project
A quote from someone smarter than me:
"It's using urllib/httplib so setting the http{s}_proxy environment
variable should have it use the proxy."
(Hint: the person is jimi-c.)
--g
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/53effa7d-bd7b-4cc4-9eb7-8d2ed12ad839%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Greg DeKoenigsberg
Ansible Community Guy
Find out why SD Times named Ansible
their #1 Company to Watch in 2015:
http://sdtimes.com/companies-watch-2015/
"It's using urllib/httplib so setting the http{s}_proxy environment
variable should have it use the proxy."
(Hint: the person is jimi-c.)
--g
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/53effa7d-bd7b-4cc4-9eb7-8d2ed12ad839%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Greg DeKoenigsberg
Ansible Community Guy
Find out why SD Times named Ansible
their #1 Company to Watch in 2015:
http://sdtimes.com/companies-watch-2015/
Emilio Del Plato
Aug 28, 2015, 11:36:52 AM8/28/15
to Ansible Project
when we tried that it did not appear to work. Ill give it another try.
Thanks for the reply.
~Emilio
Greg DeKoenigsberg
Aug 28, 2015, 12:34:53 PM8/28/15
to Ansible Project
If it fails for you again, give us some more specific info and we'll dig in.
--g
> https://groups.google.com/d/msgid/ansible-project/88c45261-ac74-4283-a65d-26f64389c802%40googlegroups.com.
--g
Александр Костырев
Jan 10, 2016, 2:15:37 AM1/10/16
to Ansible Project
I've got the same problem.
I've got a bash script that suppose to install all my roles:
but if fails:
I've set up cntlm. It listens
$ sudo netstat -nlp --inet | grep 3128tcp 0 0 127.0.0.1:3128 0.0.0.0:* LISTEN 13673/cntlm I've got a bash script that suppose to install all my roles:
#!/bin/bash
https_proxy="http://127.0.0.1:3128"http_proxy="http://127.0.0.1:3128"
cat Ansiblefile_external_roles.yml > Ansiblefile.ymlansible-galaxy install -r Ansiblefile.yml
but if fails:
bash -x ansible_install_roles.sh+ https_proxy=http://127.0.0.1:3128+ http_proxy=http://127.0.0.1:3128+ cat Ansiblefile_external_roles.yml+ ansible-galaxy install -r Ansiblefile.yml --force- the API server (galaxy.ansible.com) is not responding, please try again later.
Александр Костырев
Jan 10, 2016, 2:34:00 AM1/10/16
to Ansible Project
forgot to mention!
if Ansiblefile.yml contains
ansible-1.9.4-1.fc23.noarch
cat Ansiblefile.yml- src: jtyr.environment path: rolesif Ansiblefile.yml contains
Jameson Pugh
Jan 11, 2016, 11:00:57 AM1/11/16
to Ansible Project
On Sunday, January 10, 2016 at 2:15:37 AM UTC-5, Александр Костырев wrote:
I've got the same problem.
I'm also running into this issue. I have http_proxy and https_proxy variables pointing to our proxy server, and I'm able to wget and curl from galaxy.ansible.com, but if I run ansible-galaxy init, I get "- the API server (galaxy.ansible.com) is not responding, please try again later." Is the only way I'll be able to use it at this point manually downloading? Thanks.
=-Jameson
Chris Houseknecht
Jan 11, 2016, 4:40:03 PM1/11/16
to Ansible Project
This works in ansible 2.0. It requires using the --ignore-certs flag.
I simulated a proxy server using Charles Proxy. In the Charles proxy settings I enabled SSL Proxying for galaxy.ansible.com:443. Then I did the following:
$ export https_proxy=http://localhost:8888
$ ansible-galaxy --ignore-certs init my-role-foo
- my-role-foo was created successfully
From the above I can see the request route through Charles and return a valid response from the API. Without --ignore-certs the init command fails. I think the issue is that the proxy is not forwarding the root certificate from galaxy.ansible.com down to the client.
Prior to 2.0 the --ignore-certs flag is not available on the init command. I'm looking into the code now and will submit a PR to add it.
--Chris
Chris Houseknecht
Jan 11, 2016, 6:27:03 PM1/11/16
to Ansible Project
Submitted PR https://github.com/ansible/ansible/pull/13808 to add --ignore-certs option to init, install and info commands in ansible-galaxy 1.9.4.
--Chris
Bill WANG
Jan 18, 2016, 9:19:00 PM1/18/16
to Ansible Project
Thanks, the way to install via https works for me.
Andrew Cheruiyot
Jul 16, 2019, 4:28:55 AM7/16/19
to Ansible Project
Regards,
Andrew
Reply all
Reply to author
Forward
0 new messages