From 71eb21a3ddab249fe733b56c5f9b70d2947308a5 Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Tue, 19 Apr 2022 08:58:22 +0200 Subject: [PATCH] Fix no_proxy configuration The no_proxy list should only contain domains, hostnames, IP addresses and networks, but docker_registry is often in the form ip_address:port. Use urlsplit to extract the hostname from the docker_registry variable after prepending http:// to turn it into a valid URL. Also add missing infra-vms to hosts in proxy.yml. Change-Id: I6424fc405894514a63fb2b641637bbb9d5c070c0 --- ansible/group_vars/all/proxy | 8 +++++--- ansible/proxy.yml | 8 ++++---- etc/kayobe/proxy.yml | 6 ++++-- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/ansible/group_vars/all/proxy b/ansible/group_vars/all/proxy index ef1f89635..eb791bbef 100644 --- a/ansible/group_vars/all/proxy +++ b/ansible/group_vars/all/proxy @@ -11,9 +11,11 @@ http_proxy: "" https_proxy: "" # List of domains, hostnames, IP addresses and networks for which no proxy is -# used. Defaults to ["127.0.0.1", "localhost", "{{ docker_registry }}"]. This -# is configured only if either http_proxy or https_proxy is set. +# used. Defaults to ["127.0.0.1", "localhost", "{{ ('http://' ~ +# docker_registry) | urlsplit('hostname') }}"] if docker_registry is set, or +# ["127.0.0.1", "localhost"] otherwise. This is configured only if either +# http_proxy or https_proxy is set. no_proxy: - "127.0.0.1" - "localhost" - - "{{ docker_registry }}" + - "{{ ('http://' ~ docker_registry) | urlsplit('hostname') if docker_registry else '' }}" diff --git a/ansible/proxy.yml b/ansible/proxy.yml index 14c7b72c2..e618b9c0d 100644 --- a/ansible/proxy.yml +++ b/ansible/proxy.yml @@ -1,5 +1,5 @@ - name: Configure HTTP(S) proxy settings - hosts: seed-hypervisor:seed:overcloud + hosts: seed-hypervisor:seed:overcloud:infra-vms vars: ansible_python_interpreter: /usr/bin/python3 tags: @@ -14,7 +14,7 @@ regexp: "^http_proxy=.*" line: "http_proxy={{ http_proxy }}" become: True - when: http_proxy is defined and http_proxy | length > 0 + when: http_proxy | length > 0 - name: Add HTTPS proxy configuration to /etc/environment lineinfile: @@ -25,7 +25,7 @@ regexp: "^https_proxy=.*" line: "https_proxy={{ https_proxy }}" become: True - when: https_proxy is defined and https_proxy | length > 0 + when: https_proxy | length > 0 - name: Add no_proxy configuration to /etc/environment lineinfile: @@ -38,4 +38,4 @@ become: True when: - no_proxy | length > 0 - - http_proxy is defined and http_proxy | length > 0 or https_proxy is defined and https_proxy | length > 0 + - http_proxy | length > 0 or https_proxy | length > 0 diff --git a/etc/kayobe/proxy.yml b/etc/kayobe/proxy.yml index 7d63017d6..714b9dae5 100644 --- a/etc/kayobe/proxy.yml +++ b/etc/kayobe/proxy.yml @@ -11,8 +11,10 @@ #https_proxy: # List of domains, hostnames, IP addresses and networks for which no proxy is -# used. Defaults to ["127.0.0.1", "localhost", "{{ docker_registry }}"]. This -# is configured only if either http_proxy or https_proxy is set. +# used. Defaults to ["127.0.0.1", "localhost", "{{ ('http://' ~ +# docker_registry) | urlsplit('hostname') }}"] if docker_registry is set, or +# ["127.0.0.1", "localhost"] otherwise. This is configured only if either +# http_proxy or https_proxy is set. #no_proxy: ###############################################################################