Global HTTP proxy setting for all roles/tasks?

[Timo Ahokas]

Hi,

We're working in an environment where all access outside needs to go through HTTP/HTTPS proxies. We have previously solved this by defining a global environment variable with the necessary proxy definitions (http_proxy, https_proxy, no_proxy) and then have passed that down to each task with "environment". But this means we need to patch most public/external playbooks for the tasks that require external access (e.g. package installs, resource download etc).

Is there any way to make the proxy environment automatically available for all tasks without adding the "environment: proxy_env" for all individual tasks?

Thanks,

Timo

[Serge van Ginderachter]

AFAIK, that is not possible, but it would be an important feature. Proxy support is too often forgotten in a lot of applications.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/88506b6a-47b0-42ad-8960-e6e9eb35a2eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Timo Ahokas]

This is a real pain for us when setting up environments with multiple components & the need to add the proxy settings for each role/task. E.g. setting up something like Maven/Mesos/Chronos/Marathon + Docker requires numerous patches (adding the environments for individual tasks) for each role.

Is there some technical constraint that makes this difficult to implement?

[Jon Soul]

I recently came up against the same problem.  There was a pull request to support play level environment keyword and it was merged not too long ago.

https://github.com/ansible/ansible/pull/8651

I'm setting an environment variable in a group_vars file that filters down to all tasks run against that group.

environment:
  http_proxy: http://proxy.com:8080
  https_proxy: http://proxy.com:8080

[Brian Coca]

so is play level environment support enough?




--
Brian Coca

[Timo Ahokas]

This is excellent, thanks a lot for the pointer. We'll give this a try with a newer Ansible version...

[Timo Ahokas]

Hi Brian,

Play level helps (compared to task level configuration), but ideally it would be possible to set this for the whole playbook.

[Barry Flanagan]

I do the following, which will install /etc/profile.d/proxy.sh  and /etc/apt/apt.conf.d/02-apt-cacher if the host does not have a valid default route, and ensures it is not present if it does. You could do something similar and then have a further task at the end of your playbook to remove them again if you don't want them always present.

- name: make sure proxy is not used on hosts with a default route.
  file:
    dest: /etc/profile.d/proxy.sh
    state: absent
  when:  ansible_default_ipv4.gateway is defined and ansible_default_ipv4.gateway | match("^87\.232")

- name: install http proxy env profile
  template:
    dest: /etc/profile.d/proxy.sh
    mode: 0755
    src: profile-proxy.sh
  when:  ansible_default_ipv4.gateway is not defined or ansible_default_ipv4.gateway | match("^10\.5")

- name: Remove /etc/apt/apt.conf.d/02-apt-cacher on hosts with a default route.
  file:
    dest: /etc/apt/apt.conf.d/02-apt-cacher
    state: absent
  when:  ansible_default_ipv4.gateway is defined and ansible_default_ipv4.gateway | match("^87\.232")

- name: install /etc/apt/apt.conf.d/02-apt-cacher
  template:
    dest: /etc/apt/apt.conf.d/02-apt-cacher
    mode: 0755
    src: apt-cacher.conf
  when:  ansible_default_ipv4.gateway is not defined or ansible_default_ipv4.gateway | match("^10\.5")

Hope this helps.

-Barry Flanagan