From f24b3176ebb80d77b1a954a828100a2eded2e7ae Mon Sep 17 00:00:00 2001 From: Skylar Kelty Date: Tue, 6 Jul 2021 11:32:46 +0100 Subject: [PATCH] Add support for apt proxy setting Add support for configuring apt's proxy setting on Ubuntu hosts. Change-Id: Iea1daff70fca5cf49f4e7f44af71a900678bb5c9 Story: 2009035 Task: 42782 --- ansible/apt.yml | 12 ++++++++++++ ansible/group_vars/all/apt | 6 ++++++ ansible/roles/apt/defaults/main.yml | 12 ++++++++++++ ansible/roles/apt/tasks/main.yml | 17 +++++++++++++++++ ansible/roles/apt/templates/01proxy.j2 | 8 ++++++++ doc/source/configuration/reference/hosts.rst | 4 ++++ etc/kayobe/apt.yml | 6 ++++++ kayobe/cli/commands.py | 6 +++--- kayobe/tests/unit/cli/test_commands.py | 3 +++ .../add-apt-proxy-support-f688702868095ed0.yaml | 6 ++++++ 10 files changed, 77 insertions(+), 3 deletions(-) create mode 100644 ansible/apt.yml create mode 100644 ansible/roles/apt/defaults/main.yml create mode 100644 ansible/roles/apt/tasks/main.yml create mode 100644 ansible/roles/apt/templates/01proxy.j2 create mode 100644 releasenotes/notes/add-apt-proxy-support-f688702868095ed0.yaml diff --git a/ansible/apt.yml b/ansible/apt.yml new file mode 100644 index 000000000..907e7ec62 --- /dev/null +++ b/ansible/apt.yml @@ -0,0 +1,12 @@ +--- +- name: Ensure APT is configured + hosts: seed-hypervisor:seed:overcloud + vars: + ansible_python_interpreter: /usr/bin/python3 + tags: + - apt + tasks: + - name: include apt role + include_role: + name: apt + when: ansible_facts.os_family == 'Debian' diff --git a/ansible/group_vars/all/apt b/ansible/group_vars/all/apt index 93e472604..fad722dcd 100644 --- a/ansible/group_vars/all/apt +++ b/ansible/group_vars/all/apt @@ -4,3 +4,9 @@ # Apt cache TTL in seconds. Default is 3600. apt_cache_valid_time: 3600 + +# Apt proxy URL for HTTP. Default is empty (no proxy). +apt_proxy_http: + +# Apt proxy URL for HTTPS. Default is {{ apt_proxy_http }}. +apt_proxy_https: "{{ apt_proxy_http }}" diff --git a/ansible/roles/apt/defaults/main.yml b/ansible/roles/apt/defaults/main.yml new file mode 100644 index 000000000..fad722dcd --- /dev/null +++ b/ansible/roles/apt/defaults/main.yml @@ -0,0 +1,12 @@ +--- +############################################################################### +# Apt package manager configuration. + +# Apt cache TTL in seconds. Default is 3600. +apt_cache_valid_time: 3600 + +# Apt proxy URL for HTTP. Default is empty (no proxy). +apt_proxy_http: + +# Apt proxy URL for HTTPS. Default is {{ apt_proxy_http }}. +apt_proxy_https: "{{ apt_proxy_http }}" diff --git a/ansible/roles/apt/tasks/main.yml b/ansible/roles/apt/tasks/main.yml new file mode 100644 index 000000000..16205b6be --- /dev/null +++ b/ansible/roles/apt/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- name: Configure apt proxy + template: + src: "01proxy.j2" + dest: /etc/apt/apt.conf.d/01proxy + owner: root + group: root + mode: 0664 + become: true + when: apt_proxy_http | default('', true) | length > 0 or apt_proxy_https | default('', true) | length > 0 + +- name: Remove old apt proxy config + file: + path: /etc/apt/apt.conf.d/01proxy + state: absent + become: true + when: apt_proxy_http | default('', true) | length == 0 and apt_proxy_https | default('', true) | length == 0 diff --git a/ansible/roles/apt/templates/01proxy.j2 b/ansible/roles/apt/templates/01proxy.j2 new file mode 100644 index 000000000..b76a9e3b0 --- /dev/null +++ b/ansible/roles/apt/templates/01proxy.j2 @@ -0,0 +1,8 @@ +Acquire { +{% if apt_proxy_http | default('', true) | length > 0 -%} + HTTP::proxy "{{ apt_proxy_http }}"; +{% endif -%} +{% if apt_proxy_https | default('', true) | length > 0 -%} + HTTPS::proxy "{{ apt_proxy_https }}"; +{% endif -%} +} diff --git a/doc/source/configuration/reference/hosts.rst b/doc/source/configuration/reference/hosts.rst index 86c3c2652..c8f99d6a7 100644 --- a/doc/source/configuration/reference/hosts.rst +++ b/doc/source/configuration/reference/hosts.rst @@ -307,6 +307,10 @@ Apt cache The Apt cache timeout may be configured via ``apt_cache_valid_time`` (in seconds) in ``etc/kayobe/apt.yml``, and defaults to 3600. +Apt can be configured to use a proxy via ``apt_proxy_http`` and +``apt_proxy_https`` in ``etc/kayobe/apt.yml``. These should be set to the full +URL of the relevant proxy (e.g. ``http://squid.example.com:3128``). + SELinux ======= *tags:* diff --git a/etc/kayobe/apt.yml b/etc/kayobe/apt.yml index 552a116cf..5f278e322 100644 --- a/etc/kayobe/apt.yml +++ b/etc/kayobe/apt.yml @@ -5,6 +5,12 @@ # Apt cache TTL in seconds. Default is 3600. #apt_cache_valid_time: +# Apt proxy URL for HTTP. Default is empty (no proxy). +#apt_proxy_http: + +# Apt proxy URL for HTTPS. Default is {{ apt_proxy_http }}. +#apt_proxy_https: + ############################################################################### # Dummy variable to allow Ansible to accept this file. workaround_ansible_issue_8743: yes diff --git a/kayobe/cli/commands.py b/kayobe/cli/commands.py index 38afdc6fe..1a99a3e00 100644 --- a/kayobe/cli/commands.py +++ b/kayobe/cli/commands.py @@ -449,7 +449,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, playbooks = _build_playbook_list( "ssh-known-host", "kayobe-ansible-user", - "dnf", "pip", "kayobe-target-venv") + "apt", "dnf", "pip", "kayobe-target-venv") if parsed_args.wipe_disks: playbooks += _build_playbook_list("wipe-disks") playbooks += _build_playbook_list( @@ -603,7 +603,7 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, # Run kayobe playbooks. playbooks = _build_playbook_list( "ssh-known-host", "kayobe-ansible-user", - "dnf", "pip", "kayobe-target-venv") + "apt", "dnf", "pip", "kayobe-target-venv") if parsed_args.wipe_disks: playbooks += _build_playbook_list("wipe-disks") playbooks += _build_playbook_list( @@ -976,7 +976,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin, # Kayobe playbooks. playbooks = _build_playbook_list( "ssh-known-host", "kayobe-ansible-user", - "dnf", "pip", "kayobe-target-venv") + "apt", "dnf", "pip", "kayobe-target-venv") if parsed_args.wipe_disks: playbooks += _build_playbook_list("wipe-disks") playbooks += _build_playbook_list( diff --git a/kayobe/tests/unit/cli/test_commands.py b/kayobe/tests/unit/cli/test_commands.py index 4e2a0f55b..57c97430f 100644 --- a/kayobe/tests/unit/cli/test_commands.py +++ b/kayobe/tests/unit/cli/test_commands.py @@ -317,6 +317,7 @@ class TestCase(unittest.TestCase): utils.get_data_files_path("ansible", "ssh-known-host.yml"), utils.get_data_files_path( "ansible", "kayobe-ansible-user.yml"), + utils.get_data_files_path("ansible", "apt.yml"), utils.get_data_files_path("ansible", "dnf.yml"), utils.get_data_files_path("ansible", "pip.yml"), utils.get_data_files_path( @@ -487,6 +488,7 @@ class TestCase(unittest.TestCase): utils.get_data_files_path("ansible", "ssh-known-host.yml"), utils.get_data_files_path( "ansible", "kayobe-ansible-user.yml"), + utils.get_data_files_path("ansible", "apt.yml"), utils.get_data_files_path("ansible", "dnf.yml"), utils.get_data_files_path("ansible", "pip.yml"), utils.get_data_files_path( @@ -1032,6 +1034,7 @@ class TestCase(unittest.TestCase): utils.get_data_files_path("ansible", "ssh-known-host.yml"), utils.get_data_files_path( "ansible", "kayobe-ansible-user.yml"), + utils.get_data_files_path("ansible", "apt.yml"), utils.get_data_files_path("ansible", "dnf.yml"), utils.get_data_files_path("ansible", "pip.yml"), utils.get_data_files_path( diff --git a/releasenotes/notes/add-apt-proxy-support-f688702868095ed0.yaml b/releasenotes/notes/add-apt-proxy-support-f688702868095ed0.yaml new file mode 100644 index 000000000..a6bbba405 --- /dev/null +++ b/releasenotes/notes/add-apt-proxy-support-f688702868095ed0.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + Adds support for configuring apt's proxy setting for Ubuntu hosts. + See `story 2009035 + `_ for details.