Adding option to disable globally applying a proxy to etc/yum.conf

inventory/sample/group_vars/all/all.yml

@@ -68,6 +68,11 @@ loadbalancer_apiserver_healthcheck_port: 8081
 ## If you need exclude all cluster nodes from proxy and other resources, add other resources here.
 # additional_no_proxy: ""
 
+## If you need to disable proxying of os package repositories but are still behind an http_proxy set
+## skip_http_proxy_on_os_packages to true
+## This will cause kubespray not to set proxy environment in /etc/yum.conf for centos
+# skip_http_proxy_on_os_packages: false
+
 ## Since workers are included in the no_proxy variable by default, docker engine will be restarted on all nodes (all
 ## pods will restart) when adding or removing workers.  To override this behaviour by only including master nodes in the
 ## no_proxy variable, set below to true:

roles/bootstrap-os/defaults/main.yml

@@ -23,3 +23,5 @@ fedora_coreos_packages:
 override_system_hostname: true
 
 is_fedora_coreos: false
+
+skip_http_proxy_on_os_packages: false

roles/bootstrap-os/tasks/bootstrap-centos.yml

@@ -78,6 +78,7 @@
     state: "{{ http_proxy | default(False) | ternary('present', 'absent') }}"
     no_extra_spaces: true
   become: true
+  when: not skip_http_proxy_on_os_packages
 
 # libselinux-python is required on SELinux enabled hosts
 # See https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements

roles/bootstrap-os/tasks/bootstrap-debian.yml

@@ -22,6 +22,7 @@
   environment: {}
   when:
     - http_proxy is defined
+    - not skip_http_proxy_on_os_packages
 
 - name: Add http_proxy to /etc/apt/apt.conf if http_proxy is defined
   raw: echo 'Acquire::http::proxy "{{ http_proxy }}";' >> /etc/apt/apt.conf
@@ -30,6 +31,7 @@
   when:
     - http_proxy is defined
     - need_http_proxy.rc != 0
+    - not skip_http_proxy_on_os_packages
 
 - name: Check https::proxy in apt configuration files
   raw: apt-config dump | grep -qsi 'Acquire::https::proxy'
@@ -41,6 +43,7 @@
   environment: {}
   when:
     - https_proxy is defined
+    - not skip_http_proxy_on_os_packages
 
 - name: Add https_proxy to /etc/apt/apt.conf if https_proxy is defined
   raw: echo 'Acquire::https::proxy "{{ https_proxy }}";' >> /etc/apt/apt.conf
@@ -49,6 +52,7 @@
   when:
     - https_proxy is defined
     - need_https_proxy.rc != 0
+    - not skip_http_proxy_on_os_packages
 
 - name: Check Network Name Resolution configuration
   raw: grep '^DNSSEC=allow-downgrade' /etc/systemd/resolved.conf

roles/bootstrap-os/tasks/bootstrap-fedora.yml

@@ -20,6 +20,7 @@
   environment: {}
   when:
     - http_proxy is defined
+    - not skip_http_proxy_on_os_packages
 
 - name: Add http_proxy to /etc/dnf/dnf.conf if http_proxy is defined
   raw: echo 'proxy={{ http_proxy }}' >> /etc/dnf/dnf.conf
@@ -28,6 +29,7 @@
   when:
     - http_proxy is defined
     - need_http_proxy.rc != 0
+    - not skip_http_proxy_on_os_packages
 
 - name: Install python3 on fedora
   raw: "dnf install --assumeyes --quiet python3"