Using Ansible Git Repos via Proxy

introduction

With the new Ansible Inside feature of CloudForms 4.5, it is necessary to sync with Git repositories in order to import playbooks for use with automation. This post will describe how to configure that to run over a http(s)_proxy.

what we're after

CloudForms supports http_proxy and https_proxy; these are configurable under the Advanced tab in the configuration menu. Unfortunately, due to a current bug, adding a Git repository under the automation menu does not use this proxy information. In the interim, we want to find a way to sync the Git repos using a proxy.

the code

CloudForms actually syncs the Git repos in Automation/Ansible/Repositories using a playbook. That playbook is located here:
/var/lib/awx/venv/tower/lib/python2.7/site-packages/awx/playbooks/project_update.yml

In the playbook, starting around line 14, you'll see this:


- hosts: all
  connection: local
  gather_facts: false
  tasks:

Right after line 16 (gather_facts) add the following:

- hosts: all
  connection: local
  gather_facts: false
  environment:
    http_proxy: http://your.special.proxy:PORT
    https_proxy: https://your.special.proxy:PORT

After saving the changes, try to add (or sync) the repository again and it should work.

If you have a password for the proxy you can use the following syntax:
http_proxy: http://username:pass@proxy.com:8080

some other things

If you happened to have set a proxy in the advanced settings while testing this and now you don't need it, there is unfortunately another bug that might cause you some issues. The full bug is here, but the main point is that currently, blank values for http_proxy are not saved. Changing the proxy is not an issue, but if you want to remove it entirely, it's currently necessary to remove it directly from the DB. Engineering is working hard on a fix so this might not be an issue at the time of reading, keep an eye on the bug for updates.