From 2e8d7efc95c2fd5abff4a9ed30e04dab29b3f0ce Mon Sep 17 00:00:00 2001 From: David Hill Date: Wed, 6 Jul 2022 10:16:27 -0400 Subject: [PATCH] Add proxy validation for undercloud deployment. New validation for proxy configuration as users will sometimes add a proxy configuraiton which doesn't contain a no_proxy. In FFU and other operations, we try to connect to 127.0.0.1 (see heat helper) or another IP which should also be in no_proxy. Change-Id: Icd1c4b20cc14dc3ba68e896c94d12a198b115379 --- .../role-undercloud_proxy_validation.rst | 6 +++++ playbooks/undercloud-proxy-validation.yaml | 22 +++++++++++++++++++ .../defaults/main.yml | 1 + .../tasks/main.yml | 11 ++++++++++ .../vars/main.yaml | 15 +++++++++++++ 5 files changed, 55 insertions(+) create mode 100644 doc/source/roles/role-undercloud_proxy_validation.rst create mode 100644 playbooks/undercloud-proxy-validation.yaml create mode 100644 roles/undercloud_proxy_validation/defaults/main.yml create mode 100644 roles/undercloud_proxy_validation/tasks/main.yml create mode 100644 roles/undercloud_proxy_validation/vars/main.yaml diff --git a/doc/source/roles/role-undercloud_proxy_validation.rst b/doc/source/roles/role-undercloud_proxy_validation.rst new file mode 100644 index 000000000..961dbc771 --- /dev/null +++ b/doc/source/roles/role-undercloud_proxy_validation.rst @@ -0,0 +1,6 @@ +=========================== +undercloud_proxy_validation +=========================== + +.. ansibleautoplugin:: + :role: roles/undercloud_proxy_validation diff --git a/playbooks/undercloud-proxy-validation.yaml b/playbooks/undercloud-proxy-validation.yaml new file mode 100644 index 000000000..c20d85207 --- /dev/null +++ b/playbooks/undercloud-proxy-validation.yaml @@ -0,0 +1,22 @@ +--- +- hosts: undercloud + vars: + metadata: + name: Verify proxy variables are properly set + description: | + Check proxy configuration before running a stack update - especially minor update and major upgrade. + groups: + - backup-and-restore + - post-upgrade + - pre-upgrade + - post-update + - pre-update + categories: + - os + - system + - systemd + - services + products: + - tripleo + roles: + - undercloud_proxy_validation diff --git a/roles/undercloud_proxy_validation/defaults/main.yml b/roles/undercloud_proxy_validation/defaults/main.yml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/roles/undercloud_proxy_validation/defaults/main.yml @@ -0,0 +1 @@ +--- diff --git a/roles/undercloud_proxy_validation/tasks/main.yml b/roles/undercloud_proxy_validation/tasks/main.yml new file mode 100644 index 000000000..822080714 --- /dev/null +++ b/roles/undercloud_proxy_validation/tasks/main.yml @@ -0,0 +1,11 @@ +--- + +- name: Fail if no_proxy is not set + fail: + msg: >- + http_proxy and/or https_proxy are set but no_proxy is not set. + no_proxy needs to contain 127.0.0.1 or any of the undercloud + public/private IPs otherwise deployment and/or upgrade will fail. + failed_when: "item.stdout == 'ActiveState=active'" + when: (http_proxy|length > 0 or https_proxy|length > 0 is defined) and no_proxy|length == 0 or + (HTTP_PROXY|length > 0 or HTTPS_PROXY|length > 0 is defined) and NO_PROXY|length == 0 or diff --git a/roles/undercloud_proxy_validation/vars/main.yaml b/roles/undercloud_proxy_validation/vars/main.yaml new file mode 100644 index 000000000..8c4df6ab7 --- /dev/null +++ b/roles/undercloud_proxy_validation/vars/main.yaml @@ -0,0 +1,15 @@ +--- +metadata: + name: Verify undercloud proxy configuration + description: > + Check undercloud proxy configuration before a stack update - especially minor update and major upgrade. + groups: + - post-upgrade + - pre-upgrade + vars: + HTTP_PROXY: "{{ lookup('ansible.builtin.env', 'HTTP_PROXY', default=undef()) }}" + HTTPS_PROXY: "{{ lookup('ansible.builtin.env', 'HTTPS_PROXY', default=undef()) }}" + NO_PROXY: "{{ lookup('ansible.builtin.env', 'NO_PROXY', default=undef()) }}" + http_proxy: "{{ lookup('ansible.builtin.env', 'http_proxy', default=undef()) }}" + https_proxy: "{{ lookup('ansible.builtin.env', 'https_proxy', default=undef()) }}" + no_proxy: "{{ lookup('ansible.builtin.env', 'no_proxy', default=undef()) }}"