Merge "Add support for apt proxy setting"

ansible/apt.yml

@@ -0,0 +1,12 @@
+---
+- name: Ensure APT is configured
+  hosts: seed-hypervisor:seed:overcloud
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+  tags:
+    - apt
+  tasks:
+    - name: include apt role
+      include_role:
+        name: apt
+      when: ansible_facts.os_family == 'Debian'

ansible/group_vars/all/apt

@@ -4,3 +4,9 @@
 
 # Apt cache TTL in seconds. Default is 3600.
 apt_cache_valid_time: 3600
+
+# Apt proxy URL for HTTP. Default is empty (no proxy).
+apt_proxy_http:
+
+# Apt proxy URL for HTTPS. Default is {{ apt_proxy_http }}.
+apt_proxy_https: "{{ apt_proxy_http }}"

ansible/roles/apt/defaults/main.yml

@@ -0,0 +1,12 @@
+---
+###############################################################################
+# Apt package manager configuration.
+
+# Apt cache TTL in seconds. Default is 3600.
+apt_cache_valid_time: 3600
+
+# Apt proxy URL for HTTP. Default is empty (no proxy).
+apt_proxy_http:
+
+# Apt proxy URL for HTTPS. Default is {{ apt_proxy_http }}.
+apt_proxy_https: "{{ apt_proxy_http }}"

ansible/roles/apt/tasks/main.yml

@@ -0,0 +1,17 @@
+---
+- name: Configure apt proxy
+  template:
+    src: "01proxy.j2"
+    dest: /etc/apt/apt.conf.d/01proxy
+    owner: root
+    group: root
+    mode: 0664
+  become: true
+  when: apt_proxy_http | default('', true) | length > 0 or apt_proxy_https | default('', true) | length > 0
+
+- name: Remove old apt proxy config
+  file:
+    path: /etc/apt/apt.conf.d/01proxy
+    state: absent
+  become: true
+  when: apt_proxy_http | default('', true) | length == 0 and apt_proxy_https | default('', true) | length == 0

ansible/roles/apt/templates/01proxy.j2

@@ -0,0 +1,8 @@
+Acquire {
+{% if apt_proxy_http | default('', true) | length > 0 -%}
+  HTTP::proxy "{{ apt_proxy_http }}";
+{% endif -%}
+{% if apt_proxy_https | default('', true) | length > 0 -%}
+  HTTPS::proxy "{{ apt_proxy_https }}";
+{% endif -%}
+}

doc/source/configuration/reference/hosts.rst

@@ -307,6 +307,10 @@ Apt cache
 The Apt cache timeout may be configured via ``apt_cache_valid_time`` (in
 seconds) in ``etc/kayobe/apt.yml``, and defaults to 3600.
 
+Apt can be configured to use a proxy via ``apt_proxy_http`` and
+``apt_proxy_https`` in ``etc/kayobe/apt.yml``. These should be set to the full
+URL of the relevant proxy (e.g. ``http://squid.example.com:3128``).
+
 SELinux
 =======
 *tags:*

etc/kayobe/apt.yml

@@ -5,6 +5,12 @@
 # Apt cache TTL in seconds. Default is 3600.
 #apt_cache_valid_time:
 
+# Apt proxy URL for HTTP. Default is empty (no proxy).
+#apt_proxy_http:
+
+# Apt proxy URL for HTTPS. Default is {{ apt_proxy_http }}.
+#apt_proxy_https:
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes

kayobe/cli/commands.py

@@ -451,7 +451,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
 
         playbooks = _build_playbook_list(
             "ssh-known-host", "kayobe-ansible-user",
-            "dnf", "pip", "kayobe-target-venv")
+            "apt", "dnf", "pip", "kayobe-target-venv")
         if parsed_args.wipe_disks:
             playbooks += _build_playbook_list("wipe-disks")
         playbooks += _build_playbook_list(
@@ -605,7 +605,7 @@ class SeedHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
         # Run kayobe playbooks.
         playbooks = _build_playbook_list(
             "ssh-known-host", "kayobe-ansible-user",
-            "dnf", "pip", "kayobe-target-venv")
+            "apt", "dnf", "pip", "kayobe-target-venv")
         if parsed_args.wipe_disks:
             playbooks += _build_playbook_list("wipe-disks")
         playbooks += _build_playbook_list(
@@ -994,7 +994,7 @@ class OvercloudHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin, VaultMixin,
         # Kayobe playbooks.
         playbooks = _build_playbook_list(
             "ssh-known-host", "kayobe-ansible-user",
-            "dnf", "pip", "kayobe-target-venv")
+            "apt", "dnf", "pip", "kayobe-target-venv")
         if parsed_args.wipe_disks:
             playbooks += _build_playbook_list("wipe-disks")
         playbooks += _build_playbook_list(

kayobe/tests/unit/cli/test_commands.py

@@ -328,6 +328,7 @@ class TestCase(unittest.TestCase):
                     utils.get_data_files_path("ansible", "ssh-known-host.yml"),
                     utils.get_data_files_path(
                         "ansible", "kayobe-ansible-user.yml"),
+                    utils.get_data_files_path("ansible", "apt.yml"),
                     utils.get_data_files_path("ansible", "dnf.yml"),
                     utils.get_data_files_path("ansible", "pip.yml"),
                     utils.get_data_files_path(
@@ -498,6 +499,7 @@ class TestCase(unittest.TestCase):
                     utils.get_data_files_path("ansible", "ssh-known-host.yml"),
                     utils.get_data_files_path(
                         "ansible", "kayobe-ansible-user.yml"),
+                    utils.get_data_files_path("ansible", "apt.yml"),
                     utils.get_data_files_path("ansible", "dnf.yml"),
                     utils.get_data_files_path("ansible", "pip.yml"),
                     utils.get_data_files_path(
@@ -1080,6 +1082,7 @@ class TestCase(unittest.TestCase):
                     utils.get_data_files_path("ansible", "ssh-known-host.yml"),
                     utils.get_data_files_path(
                         "ansible", "kayobe-ansible-user.yml"),
+                    utils.get_data_files_path("ansible", "apt.yml"),
                     utils.get_data_files_path("ansible", "dnf.yml"),
                     utils.get_data_files_path("ansible", "pip.yml"),
                     utils.get_data_files_path(

releasenotes/notes/add-apt-proxy-support-f688702868095ed0.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Adds support for configuring apt's proxy setting for Ubuntu hosts.
+    See `story 2009035
+    <https://storyboard.openstack.org/#!/story/2009035>`_ for details.