1

I try to run some ansible tasks with the k8s module. Locally this works perfect, but on my Jenkins instance, it fails with the following error message:

...

MaxRetryError(_pool, url, error or ResponseError(cause))\nurllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='xxxxxxxxxxxxxx', port=443): Max retries exceeded with url: /version (Caused by NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known',))\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1 }

I am quite sure this is because the Jenkins requires a proxy to communicate to the outside world. I´ve seen how to set up ansible for using a proxy, but that does not seem to work with the k8s module. Any ideas? Here´s what I´ve tried so far:

 - hosts: ansible_server
   connection: local
   gather_facts: no
   environment:
    https_proxy: "xxx"
    http_proxy: "xxx"
   tasks:
    - name: Gather facts to check connectivity
      k8s_facts:
       api_key: "{{api_key}}"
       host: "{{cluster_url}}"
       kind: Project
      register: listed_projects

PS: I added the -vvv flag and can see that it tries to use the proxy somehow:

EXEC /bin/sh -c '/usr/bin/python && sleep 0' Using module file /usr/lib/python2.7/site-packages/ansible/modules/clustering/k8s/k8s_facts.py PUT /root/.ansible/tmp/ansible-local-1fHx5f6/tmpDUhlNa TO /root/.ansible/tmp/ansible-tmp-1570565569.96-190678136757098/AnsiballZ_k8s_facts.py EXEC /bin/sh -c 'chmod u+x /root/.ansible/tmp/ansible-tmp-1570565569.96-190678136757098/ /root/.ansible/tmp/ansible-tmp-1570565569.96-190678136757098/AnsiballZ_k8s_facts.py && sleep 0' EXEC /bin/sh -c 'https_proxy=xxx http_proxy=xxx /usr/bin/python /root/.ansible/tmp/ansible-tmp-1570565569.96-190678136757098/AnsiballZ_k8s_facts.py && sleep 0' EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1570565569.96-190678136757098/ > /dev/null 2>&1 && sleep 0'

Improve this question
1
  • 2
    i would focus on the Name or service not known error. seems some of the hosts involved cant resolve the mentioned host? Commented Oct 8, 2019 at 22:33

1 Answer 1

Reset to default
2

I agree with @ilias-sp but it also appears that k8s/common.py does not support the configuration.proxy attribute, , and as best I can tell urllib3 does not honor those proxy environment variables the way "normal" urllib does, opting instead to use its own ProxyManager that is driven by an explicit constructor kwarg

However, thanks to the "override" mechanism of ansible, I believe you can test this theory:

  1. Copy k8s_facts.py into the library folder of your playbook
  2. Modify it to expose proxy in the AUTH_ARG_MAP, which I believe the patch below will do (the patch is against v2.8.5 so you may need to fiddle with it if your version is different)

  3. Explicitly set your proxy: attribute on your new k8s_facts module and see if it works

    - k8s_facts:
    host: api-server-whatever
    kind: Project
    proxy: http://my-proxy:3128
  4. Assuming it does, open an issue in ansible to let them know
--- a/library/k8s_facts.py  2019-10-08 22:23:24.000000000 -0700
+++ b/library/k8s_facts.py  2019-10-08 22:24:50.000000000 -0700
@@ -130,13 +130,14 @@
 '''


-from ansible.module_utils.k8s.common import KubernetesAnsibleModule, AUTH_ARG_SPEC
+from ansible.module_utils.k8s.common import KubernetesAnsibleModule, AUTH_ARG_SPEC, AUTH_ARG_MAP
 import copy


 class KubernetesFactsModule(KubernetesAnsibleModule):

     def __init__(self, *args, **kwargs):
+        AUTH_ARG_MAP['proxy'] = 'proxy'
         KubernetesAnsibleModule.__init__(self, *args,
                                          supports_check_mode=True,
                                          **kwargs)
@@ -163,6 +164,7 @@
                 namespace=dict(),
                 label_selectors=dict(type='list', default=[]),
                 field_selectors=dict(type='list', default=[]),
+                proxy=dict(type='str', required=False),
             )
         )
         return args
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Wow, many thanks for that elaborate answer. I applied the patch as suggested and it works now. I will create the issue as suggested by you. Thank you very much.
One more thing, can you please help me to achieve the same for the "normal" k8s module? I tried that, but my python skills are too limited to do this in an adequate amount of time
Sorry, you'll have to take it up with the ansible folks, or get one of the "coder for hire" services to straighten that Python problem out for you

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.