From 78c024f58a51bfd542e7fcb3fedca8552486af26 Mon Sep 17 00:00:00 2001 From: Jens Heinitz Date: Fri, 27 May 2022 08:50:14 +0200 Subject: [PATCH 1/5] added Tips for adding proxy settings to AWX --- tips/README.md | 1 + tips/add-http-proxy.md | 52 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 tips/add-http-proxy.md diff --git a/tips/README.md b/tips/README.md index a9c3888..5c1cbc4 100644 --- a/tips/README.md +++ b/tips/README.md @@ -4,6 +4,7 @@ - [📝Trust custom Certificate Authority](trust-custom-ca.md) - [📝Expose `/etc/hosts` to Pods on K3s](expose-hosts.md) - [📝Redirect HTTP to HTTPS](https-redirection.md) +- [📝Add HTTP Proxy](add-http-proxy.md) - [📝Uninstall deployed resouces](uninstall.md) - [📝Deploy older version of AWX Operator](deploy-older-operator.md) - [📝Upgrade AWX Operator and AWX](upgrade-operator.md) diff --git a/tips/add-http-proxy.md b/tips/add-http-proxy.md new file mode 100644 index 0000000..44a111a --- /dev/null +++ b/tips/add-http-proxy.md @@ -0,0 +1,52 @@ +# Add Proxy Settings for AWX containers + +If you are deploying AWX in a corporate environment, you may have no direct access to the internet, but need to go through a proxy. to achieve this, you can add extra environment variables to the awx-web, awx-task and awx-ee containers. +You also need to specify the `no_proxy` variable to avoid that internal calls to the K3S cluster are routed to the proxy. + +## Obtain the ClusterUP +Therefore you need to obtain the `ClusterIP` by running `kubectl get all` in the default namespace: +``` +[awx@ansible03 base]$ kubectl get all +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/kubernetes ClusterIP 10.43.0.1 443/TCP 26h +[awx@ansible03 base]$ +``` + +In my case the IP to use is `10.43.0.1`. + +## Add Proxy Settings to base/awx.yaml +Now you need to specify your proxy settings in the stanza `task_extra_env`, `web_extra_env` and `ee_extra_env` in `base/awx.yaml` like this: +``` +task_extra_env: | + - name: HTTP_PROXY + value: http://proxy.example.com:3128 + - name: HTTPS_PROXY + value: http://proxy.example.com:3128 + - name: NO_PROXY + value: 10.43.0.1,ansible03,localhost,.example.com,127.0.0.1 +web_extra_env: | + - name: HTTP_PROXY + value: http://proxy.example.com:3128 + - name: HTTPS_PROXY + value: http://proxy.example.com:3128 + - name: NO_PROXY + value: 10.43.0.1,ansible03,localhost,.example.com,127.0.0.1 +ee_extra_env: | + - name: HTTP_PROXY + value: http://proxy.example.com:3128 + - name: HTTPS_PROXY + value: http://proxy.example.com:3128 + - name: NO_PROXY + value: 10.43.0.1,ansible03,localhost,.example.com,127.0.0.1 +``` + +You may have to adjust your settings to match your environment. + +## Deploy your changes +To activate your proxy settings you need to deploy your changes using `kubectl` like this: +``` +kubectl apply -k base +``` + +Now you need to wait some time until K3S has restarted all your pods. + From 6b254b42a7c675f57efea2e95e6d30fc31b60d8f Mon Sep 17 00:00:00 2001 From: Jens Heinitz Date: Fri, 27 May 2022 08:53:29 +0200 Subject: [PATCH 2/5] Reference Add Proxya in README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7014b81..3de1e1a 100644 --- a/README.md +++ b/README.md @@ -277,6 +277,7 @@ Refer [📁 **Back up AWX using AWX Operator**](backup) and [📁 **Restore AWX - [📝Trust custom Certificate Authority](tips/trust-custom-ca.md) - [📝Expose `/etc/hosts` to Pods on K3s](tips/expose-hosts.md) - [📝Redirect HTTP to HTTPS](tips/https-redirection.md) + - [📝Add HTTP Proxy](add-http-proxy.md) - [📝Uninstall deployed resouces](tips/uninstall.md) - [📝Deploy older version of AWX Operator](tips/deploy-older-operator.md) - [📝Upgrade AWX Operator and AWX](tips/upgrade-operator.md) From 2c2325b5c6abde984a580f5ecba6c3890db67b7f Mon Sep 17 00:00:00 2001 From: Jens Heinitz Date: Fri, 27 May 2022 08:54:39 +0200 Subject: [PATCH 3/5] correct link for proxy in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3de1e1a..049744a 100644 --- a/README.md +++ b/README.md @@ -277,7 +277,7 @@ Refer [📁 **Back up AWX using AWX Operator**](backup) and [📁 **Restore AWX - [📝Trust custom Certificate Authority](tips/trust-custom-ca.md) - [📝Expose `/etc/hosts` to Pods on K3s](tips/expose-hosts.md) - [📝Redirect HTTP to HTTPS](tips/https-redirection.md) - - [📝Add HTTP Proxy](add-http-proxy.md) + - [📝Add HTTP Proxy](tips/add-http-proxy.md) - [📝Uninstall deployed resouces](tips/uninstall.md) - [📝Deploy older version of AWX Operator](tips/deploy-older-operator.md) - [📝Upgrade AWX Operator and AWX](tips/upgrade-operator.md) From 6edb8a4e175f0347bc9666fc9abfc12f024a252d Mon Sep 17 00:00:00 2001 From: Jens Heinitz Date: Mon, 30 May 2022 14:49:02 +0200 Subject: [PATCH 4/5] rewrite tips for adding proxy --- tips/add-http-proxy.md | 47 +++++++++++------------------------------- 1 file changed, 12 insertions(+), 35 deletions(-) diff --git a/tips/add-http-proxy.md b/tips/add-http-proxy.md index 44a111a..353bbe7 100644 --- a/tips/add-http-proxy.md +++ b/tips/add-http-proxy.md @@ -1,43 +1,18 @@ # Add Proxy Settings for AWX containers -If you are deploying AWX in a corporate environment, you may have no direct access to the internet, but need to go through a proxy. to achieve this, you can add extra environment variables to the awx-web, awx-task and awx-ee containers. -You also need to specify the `no_proxy` variable to avoid that internal calls to the K3S cluster are routed to the proxy. - -## Obtain the ClusterUP -Therefore you need to obtain the `ClusterIP` by running `kubectl get all` in the default namespace: -``` -[awx@ansible03 base]$ kubectl get all -NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE -service/kubernetes ClusterIP 10.43.0.1 443/TCP 26h -[awx@ansible03 base]$ -``` - -In my case the IP to use is `10.43.0.1`. +If you are deploying AWX in a corporate environment, you may have no direct access to the internet, but need to go through a proxy way to achieve this is to add a section `extra_settings:` to awx.yaml. These settings will be available in the `Settings` -> `Jobs Settings` -> `Extra Environment Variables` block in the AWX UI. ## Add Proxy Settings to base/awx.yaml -Now you need to specify your proxy settings in the stanza `task_extra_env`, `web_extra_env` and `ee_extra_env` in `base/awx.yaml` like this: +You need to specify your proxy settings in the section `extra_settings:` in `base/awx.yaml` like this: + ``` -task_extra_env: | - - name: HTTP_PROXY - value: http://proxy.example.com:3128 - - name: HTTPS_PROXY - value: http://proxy.example.com:3128 - - name: NO_PROXY - value: 10.43.0.1,ansible03,localhost,.example.com,127.0.0.1 -web_extra_env: | - - name: HTTP_PROXY - value: http://proxy.example.com:3128 - - name: HTTPS_PROXY - value: http://proxy.example.com:3128 - - name: NO_PROXY - value: 10.43.0.1,ansible03,localhost,.example.com,127.0.0.1 -ee_extra_env: | - - name: HTTP_PROXY - value: http://proxy.example.com:3128 - - name: HTTPS_PROXY - value: http://proxy.example.com:3128 - - name: NO_PROXY - value: 10.43.0.1,ansible03,localhost,.example.com,127.0.0.1 +extra_settings: | + - setting: AWX_TASK_ENV['HTTP_PROXY'] + value: "'http://proxy.example.com:3128'" + - setting: AWX_TASK_ENV['HTTPS_PROXY'] + value: "'http://proxy.example.com:3128'" + - setting: AWX_TASK_ENV['NO_PROXY'] + value: "'10.43.0.1,ansible03,localhost,.example.com,127.0.0.1'" ``` You may have to adjust your settings to match your environment. @@ -50,3 +25,5 @@ kubectl apply -k base Now you need to wait some time until K3S has restarted all your pods. +After logging in you can navigate to `Settings` -> `Jobs Settings` and find your proxy settings in the `Extra Environment Variables` block: + From 36841e9ecdeb3cd429ce85f86b4e9839bf1d2bc4 Mon Sep 17 00:00:00 2001 From: Jens Heinitz Date: Mon, 30 May 2022 14:53:36 +0200 Subject: [PATCH 5/5] remove cluster IP from no_proxy --- tips/add-http-proxy.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tips/add-http-proxy.md b/tips/add-http-proxy.md index 353bbe7..1014971 100644 --- a/tips/add-http-proxy.md +++ b/tips/add-http-proxy.md @@ -12,7 +12,7 @@ extra_settings: | - setting: AWX_TASK_ENV['HTTPS_PROXY'] value: "'http://proxy.example.com:3128'" - setting: AWX_TASK_ENV['NO_PROXY'] - value: "'10.43.0.1,ansible03,localhost,.example.com,127.0.0.1'" + value: "'localhost,.example.com,127.0.0.1'" ``` You may have to adjust your settings to match your environment. @@ -25,5 +25,5 @@ kubectl apply -k base Now you need to wait some time until K3S has restarted all your pods. -After logging in you can navigate to `Settings` -> `Jobs Settings` and find your proxy settings in the `Extra Environment Variables` block: +After logging in you can navigate to `Settings` -> `Jobs Settings` and find your proxy settings in the `Extra Environment Variables` block.