Only setup *_PROXY env variables where needed (#7095)

no_proxy is a pain to get right, and having proxy variables present causes issues (k8s components get proxy configuration after upgrade, see #7100) It's better to only configure what require proxy: - the runtime (containerd/docker/crio) - the package manager + apt_key - the download tasks Tested with the following clusters - 4 CentOS 8 nodes - 1 Ubuntu 20.04 node Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
2026-02-01 09:38:12 -03:30 · 2021-01-11 10:21:08 -05:00
parent 1fcbbd3b9d
commit a790935d02
16 changed files with 22 additions and 108 deletions
--- a/roles/bootstrap-os/tasks/bootstrap-centos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-centos.yml
@@ -24,6 +24,7 @@
    - use_oracle_public_repo|default(true)
    - '"Oracle" in os_release.stdout'
    - (ansible_distribution_version | float) < 7.6
+  environment: "{{ proxy_env }}"

 - name: Enable Oracle Linux repo
  ini_file:
--- a/roles/bootstrap-os/tasks/bootstrap-coreos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-coreos.yml
@@ -4,7 +4,6 @@
 - name: Check if bootstrap is needed
  raw: stat /opt/bin/.bootstrapped
  register: need_bootstrap
-  environment: {}
  failed_when: false
  changed_when: false
  tags:
@@ -19,9 +18,7 @@
 - name: Run bootstrap.sh
  script: bootstrap.sh
  become: true
-  environment:
-    http_proxy: "{{ http_proxy | default('') }}"
-    https_proxy: "{{ https_proxy | default('') }}"
+  environment: "{{ proxy_env }}"
  when:
    - need_bootstrap.rc != 0

--- a/roles/bootstrap-os/tasks/bootstrap-debian.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-debian.yml
@@ -8,7 +8,6 @@
  changed_when: false
  # This command should always run, even in check mode
  check_mode: false
-  environment: {}
  tags:
    - facts

@@ -19,12 +18,10 @@
  changed_when: false
  # This command should always run, even in check mode
  check_mode: false
-  environment: {}

 - name: Add http_proxy to /etc/apt/apt.conf if http_proxy is defined
  raw: echo 'Acquire::http::proxy "{{ http_proxy }}";' >> /etc/apt/apt.conf
  become: true
-  environment: {}
  when:
    - http_proxy is defined
    - need_http_proxy.rc != 0
@@ -37,12 +34,10 @@
  changed_when: false
  # This command should always run, even in check mode
  check_mode: false
-  environment: {}

 - name: Add https_proxy to /etc/apt/apt.conf if https_proxy is defined
  raw: echo 'Acquire::https::proxy "{{ https_proxy }}";' >> /etc/apt/apt.conf
  become: true
-  environment: {}
  when:
    - https_proxy is defined
    - need_https_proxy.rc != 0
@@ -55,14 +50,12 @@
  changed_when: false
  # This command should always run, even in check mode
  check_mode: false
-  environment: {}
  when:
    - '"bionic" in os_release.stdout'

 - name: Change Network Name Resolution configuration
  raw: sed -i 's/^DNSSEC=yes/DNSSEC=allow-downgrade/g' /etc/systemd/resolved.conf
  become: true
-  environment: {}
  when:
    - '"bionic" in os_release.stdout'
    - need_dnssec_allow_downgrade.rc
@@ -70,7 +63,6 @@
 - name: Restart systemd-resolved service
  raw: systemctl restart systemd-resolved
  become: true
-  environment: {}
  when:
    - '"bionic" in os_release.stdout'
    - need_dnssec_allow_downgrade.rc
@@ -80,7 +72,6 @@
    apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y python3-minimal
  become: true
-  environment: {}
  when:
    - need_bootstrap.rc != 0

--- a/roles/bootstrap-os/tasks/bootstrap-fedora.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-fedora.yml
@@ -6,7 +6,6 @@
  register: need_bootstrap
  failed_when: false
  changed_when: false
-  environment: {}
  tags:
    - facts

@@ -24,7 +23,6 @@
 - name: Install python3 on fedora
  raw: "dnf install --assumeyes --quiet python3"
  become: true
-  environment: {}
  when:
    - need_bootstrap.rc != 0

--- a/roles/bootstrap-os/tasks/bootstrap-flatcar.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-flatcar.yml
@@ -4,7 +4,6 @@
 - name: Check if bootstrap is needed
  raw: stat /opt/bin/.bootstrapped
  register: need_bootstrap
-  environment: {}
  failed_when: false
  changed_when: false
  tags:
@@ -19,9 +18,7 @@
 - name: Run bootstrap.sh
  script: bootstrap.sh
  become: true
-  environment:
-    http_proxy: "{{ http_proxy | default('') }}"
-    https_proxy: "{{ https_proxy | default('') }}"
+  environment: "{{ proxy_env }}"
  when:
    - need_bootstrap.rc != 0

--- a/roles/bootstrap-os/tasks/main.yml
+++ b/roles/bootstrap-os/tasks/main.yml
@@ -5,7 +5,6 @@
  changed_when: false
  # This command should always run, even in check mode
  check_mode: false
-  environment: {}

 - include_tasks: bootstrap-centos.yml
  when: '"CentOS" in os_release.stdout or "Oracle" in os_release.stdout'