On Windows, how can we configure Ansible's modules to go through an HTTP Proxy?

Archives Ansible Project
1

As per this post on the Ansible Github, how can Ansible be configured to run through an HTTP proxy?

Ultimately it is ideal to use the win_chocolatey module through the proxy, but I’m unable to just run a simple curl (i.e curl http://www.google.com) through win_shell.

2

From Github:

SUMMARY

Ansible modules executed on a Windows host are unable to access the internet via an HTTP Proxy. Ideally modules would function similarly to setting the environment on Linux hosts, i.e


environment:
   http_proxy: http://gateway:port
   https_proxy: http://gateway:port

The following workarounds have been attempted:

  • Making changes to the Registry (i.e HKCU:Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer)
  • Using netsh (i.e netsh winhttp set proxy proxy-server="http://gateway:port")
  • Setting the environment variable in cmd.exe, then running Curl as suggested here. For example:

- name: Fire and forget iexplore.exe 
  win_shell: set HTTP_PROXY=http://management-gateway.c.ansible-proj.internal:3128 & powershell.exe curl http://www.google.com
  args:
    executable: cmd
  • Simulating a new session on the Windows host by starting notepad.exe, setting the registry, then attempting Curl (see below playbook)

NOTE: The local administrator account is being used and a formal session via RDP is never initiated.

STEPS TO REPRODUCE

Attempt to curl an external website via win_shell. Some examples:

``

ansible windows-host -i inventory-file -m win_shell -a "curl http://www.google.com"

``

  • name: run
    hosts: windows-host
    tasks:
  • name: Fire and forget notepad.exe
    win_shell: notepad.exe
    args:
    exectable: cmd
    async: 60
    poll: 0
  • name: Set registry
    win_shell: “{{ item }}”
    with_items: - set-itemproperty -path “hkcu:Software\Microsoft\Windows\CurrentVersion\Internet Settings” -name ProxyServer -value "http=gateway:port;https=gateway:port; -type string
  • set-itemproperty -path “hkcu:Software\Microsoft\Windows\CurrentVersion\Internet Settings” -name ProxyEnable -value “1”
  • name: Run curl
    win_shell: curl http://www.google.com
    register: result

`

`
``

3

There is some discussion here on this issue that might relevant to the issue you are having:
https://github.com/diyan/pywinrm/issues/110

Hope this helps,

Jon

4

I’ve just been through this exact thing for 2 annoying days. You’re not going to like the answer.

Despite setting the proxy through the registry - and I could see it in there using ansible debug tasks - it didn’t actually apply the proxy setting until I logged in through interactive RDP, using the same account.

No idea how to do this automatically - and I now face having to set the proxy and then log into every windows system we own. :frowning:

Any ideas on automating this would be helpful.