Remove usage of proxy on local connections

[matskiv]

I don't think we are supposed to use proxy for tasks with local connection.

I think it even causes errors like this:

TASK [digger-installer/configure-buildfarm : Fetch required plugin] failed: [osm4-oscp-5node-master1.skunkhenry.com] (item={u'version': u'2.15.4', u'name': u'config-file-provider', u'archive': u'https://updates.jenkins-ci.org/download/plugins/config-file-provider/2.15.4/config-file-provider.hpi'}) => {"failed": true, "item": {"archive": "https://updates.jenkins-ci.org/download/plugins/config-file-provider/2.15.4/config-file-provider.hpi", "name": "config-file-provider", "version": "2.15.4"}, "msg": "Failed to connect to updates.jenkins-ci.org at port 443: [Errno 110] Connection timed out"}

[laurafitzgerald]

In the case of running the playbook on the master node which would be behind the proxy then the proxy values would be required for the environment in these tasks. I think we should leave the values in as they can be allowed to default to empty values in the case of playbooks being running from a node outside of the proxied network. I think the error you've described there is created by trying to run the playbook locally with the proxy_url specified. Perhaps it would be better to remove the connection: local from this task. @PhilipGough wdyt?

[odra]

I think the best way to deal with this is to add some additional logic for a "local_proxy" since digger-installer could be run from a server that is behind a proxy (which includes nightly tests on a jenkins instance that can use a proxy as well).

[matskiv]

@laurafitzgerald Good point. I agree with removing connection: local for "Fetch required plugin" task. But in second case, in configure_buildfarm_node.yml, there is no need for proxy - even if it is executed on master.

@odra Maybe there are some setting in Ansible for local proxies. Or just setting a proxy on system level could be sufficient.

[laurafitzgerald]

@matskiv yes agreed on configure_buildfarm_node.yml. The proxy is outbound. In this case the executing node (whether master/admin server or external host) will be making an inbound request to the jenkins url.

[matskiv]

Updated as per comments.

[matskiv]

If we want to remove connection: local from "Fetch required plugin" task, we need to make more changes. We would have to execute next task ("Install plugins and restart Jenkins server") remotely as well + fetch jenkins-cli.jar on remote machine, etc.

[philipgough]

@matskiv Sorry, getting to this late but yes your last comment is the reason for the current implementation

[laurafitzgerald]

Verification Steps Run:

ansible-playbook -i <osm4-inventory> sample-build-playbook.yml -e "project_name=proxy-digger-test" --skip-tags=configure-millicore,preflight-checks,deploy-jenkins,gluster-fs,android-sdk --ask-vault-pass

@PhilipGough @wei-lee could you guys take a look at this one.

[wei-lee]

@matskiv @laurafitzgerald Bit confused about this. What is the problem here? From my understanding, if we remove the local part, Ansible will use ssh connection (not sure to where).

Given that we do want to run the jenkins tasks on the control machine, I don't see a problem with using the local connection?

[matskiv]

@wei-lee Problem with "Fetch required plugin" task is this: Besides local there also is proxy configuration on this command. If we run it locally it will fail because it can't use proxy. If we remove proxy config from this command it will fail if installation is started from machine behind outbound proxy.

[laurafitzgerald]

@matskiv @wei-lee added commit to remove the connection: local tags and add the required files to the remote node

[wei-lee]

@matskiv yes, I understand now. I had a discussion with @laurafitzgerald and @PhilipGough and we have agreed to remove the local connection, and keep the proxy.