Ansible-galaxy with http/s proxy

Apologies if this has been covered somewhere and I missed it.

Is it possible to have ansible-galaxy (CLI) connect using a proxy? we have our primary ansible box walled off and it needs to use a proxy to connect to the web (galaxy.ansible.com, github.com…)
I have tried using tsocks as well as setting environment variables but none of these options seem to be honored by galaxy cli.

Is anyone aware of anyother method to use ansible-galaxy with a proxy?

A quote from someone smarter than me:

"It's using urllib/httplib so setting the http{s}_proxy environment
variable should have it use the proxy."

(Hint: the person is jimi-c.)

--g

when we tried that it did not appear to work. Ill give it another try.

Thanks for the reply.
~Emilio

If it fails for you again, give us some more specific info and we'll dig in.

--g

I’ve got the same problem.
I’ve set up cntlm. It listens

`

$ sudo netstat -nlp --inet | grep 3128
tcp 0 0 127.0.0.1:3128 0.0.0.0:* LISTEN 13673/cntlm

`

I’ve got a bash script that suppose to install all my roles:

`

#!/bin/bash

https_proxy=“http://127.0.0.1:3128”
http_proxy=“http://127.0.0.1:3128”

cat Ansiblefile_external_roles.yml > Ansiblefile.yml
ansible-galaxy install -r Ansiblefile.yml

`

but if fails:

`

bash -x ansible_install_roles.sh

• https_proxy=http://127.0.0.1:3128
• http_proxy=http://127.0.0.1:3128
• cat Ansiblefile_external_roles.yml
• ansible-galaxy install -r Ansiblefile.yml --force

• the API server (galaxy.ansible.com) is not responding, please try again later.

`

forgot to mention!

`
ansible-1.9.4-1.fc23.noarch

`

`

cat Ansiblefile.yml

• src: jtyr.environment
  path: roles

`

if Ansiblefile.yml contains

`

• src: https://github.com/picotrading/ansible-sudo.git
  name: jtyr.sudo
  path: roles

`

script succeeds

I’m also running into this issue. I have http_proxy and https_proxy variables pointing to our proxy server, and I’m able to wget and curl from galaxy.ansible.com, but if I run ansible-galaxy init, I get “- the API server (galaxy.ansible.com) is not responding, please try again later.” Is the only way I’ll be able to use it at this point manually downloading? Thanks.

=-Jameson

This works in ansible 2.0. It requires using the --ignore-certs flag.

I simulated a proxy server using Charles Proxy. In the Charles proxy settings I enabled SSL Proxying for galaxy.ansible.com:443. Then I did the following:

$ export https_proxy=http://localhost:8888

$ ansible-galaxy --ignore-certs init my-role-foo

• my-role-foo was created successfully

From the above I can see the request route through Charles and return a valid response from the API. Without --ignore-certs the init command fails. I think the issue is that the proxy is not forwarding the root certificate from galaxy.ansible.com down to the client.

Prior to 2.0 the --ignore-certs flag is not available on the init command. I’m looking into the code now and will submit a PR to add it.

–Chris

Submitted PR https://github.com/ansible/ansible/pull/13808 to add --ignore-certs option to init, install and info commands in ansible-galaxy 1.9.4.

–Chris

Thanks, the way to install via https works for me.

Thank you --ignore-certs worked for me.

Regards,
Andrew