Global HTTP proxy setting for all roles/tasks?

Archives Ansible Project
1

Hi,

We’re working in an environment where all access outside needs to go through HTTP/HTTPS proxies. We have previously solved this by defining a global environment variable with the necessary proxy definitions (http_proxy, https_proxy, no_proxy) and then have passed that down to each task with “environment”. But this means we need to patch most public/external playbooks for the tasks that require external access (e.g. package installs, resource download etc).

Is there any way to make the proxy environment automatically available for all tasks without adding the “environment: proxy_env” for all individual tasks?

Thanks,
Timo

2

AFAIK, that is not possible, but it would be an important feature. Proxy support is too often forgotten in a lot of applications.

3

This is a real pain for us when setting up environments with multiple components & the need to add the proxy settings for each role/task. E.g. setting up something like Maven/Mesos/Chronos/Marathon + Docker requires numerous patches (adding the environments for individual tasks) for each role.

Is there some technical constraint that makes this difficult to implement?

4

I recently came up against the same problem. There was a pull request to support play level environment keyword and it was merged not too long ago.

https://github.com/ansible/ansible/pull/8651

I’m setting an environment variable in a group_vars file that filters down to all tasks run against that group.

environment: http_proxy: http://proxy.com:8080 https_proxy: http://proxy.com:8080

5

so is play level environment support enough?

6

This is excellent, thanks a lot for the pointer. We’ll give this a try with a newer Ansible version…

7

Hi Brian,

Play level helps (compared to task level configuration), but ideally it would be possible to set this for the whole playbook.

8

I do the following, which will install /etc/profile.d/proxy.sh and /etc/apt/apt.conf.d/02-apt-cacher if the host does not have a valid default route, and ensures it is not present if it does. You could do something similar and then have a further task at the end of your playbook to remove them again if you don’t want them always present.

  • name: make sure proxy is not used on hosts with a default route.
    file:
    dest: /etc/profile.d/proxy.sh
    state: absent
    when: ansible_default_ipv4.gateway is defined and ansible_default_ipv4.gateway | match(“^87.232”)

  • name: install http proxy env profile
    template:
    dest: /etc/profile.d/proxy.sh
    mode: 0755
    src: profile-proxy.sh
    when: ansible_default_ipv4.gateway is not defined or ansible_default_ipv4.gateway | match(“^10.5”)

  • name: Remove /etc/apt/apt.conf.d/02-apt-cacher on hosts with a default route.
    file:
    dest: /etc/apt/apt.conf.d/02-apt-cacher
    state: absent
    when: ansible_default_ipv4.gateway is defined and ansible_default_ipv4.gateway | match(“^87.232”)

  • name: install /etc/apt/apt.conf.d/02-apt-cacher
    template:
    dest: /etc/apt/apt.conf.d/02-apt-cacher
    mode: 0755
    src: apt-cacher.conf
    when: ansible_default_ipv4.gateway is not defined or ansible_default_ipv4.gateway | match(“^10.5”)

Hope this helps.

-Barry Flanagan