Open sugitk opened 5 years ago
This is unlikely to happen in the near future. Global proxy settings are done via AWX_TASK_ENV.
Why would you need separate settings only for notifications?
The customer said;
I would like to submit a feature request/suggestion to Redhat, for adding an option for specifying proxy
details under Tower notification tab. We cannot set proxy environment variables globally just for
notification purpose and it's not practical to add all the network information under no_proxy variable to
bypass the proxy.
I agree with Bill, but AWX_TASK_ENV
is for jobs. I think this setting should be separated from JOBS
screen to SYSTEM
. The proxy settings may be used not only jobs but also notifications and external logging.
(I'm a colleague of the customer requesting this RFE via Support.) The problem with setting a proxy globally is that it can change the behavior of modules or Python packages that honor proxy-related environment variables.
For example, WinRM. If a proxy is set, we can't connect to any Windows hosts. WinRM fails since it attempts to go through the proxy, which refuses the connection. Even if the proxy accepted WinRM traffic, it would put unnecessary load on the proxy.
Hello,
Our team also has a use case for this feature, as we're experiencing some issues with hitting Slacks webhooks URL from behind a firewall as part of the Slack notification feature within Tower. At a high level, Slack does a fair bit of load balancing and their IP range is non-static, making it difficult to configure firewall rules to allow for outside communication to their hooks URL. Setting a proxy for notifications would solve this in our case, but we don't currently have that ability within the UI.
Thanks
The another customer desired this feature. Their network is very huge and the no_proxy
cannot accept subnet notation, hence they need to specify all of their internal nodes into no_proxy
individually however it is not realistic solution.
If AWX/Tower can specify a proxy setting for notifications, it may be easier to solve this situation. And the customer kindly investigated the source codes, they are planning to modify these codes.
https://github.com/ansible/awx/blob/13.0.0/awx/main/notifications/slack_backend.py https://github.com/slackapi/python-slackclient/blob/v1.1.1/slackclient/client.py
I'm working with @sugitk to solve this problem for our environment. As he mentioned, I'm planning on modifying the slack_backend.py
to pass our proxy server to the SlackClient
in the proxies
option. I know it's not a very good solution, but until there is a separate method to define proxy servers for the notification backends, it seems like the only option...
+1 for this feature. We have experienced similar WINRM problems to above. This has been open for 2 years, is this still unlikely to happen?
@rmauc We're stil on Ansible Tower 3.6 so I can't speak for the later versions, but I "solved" the issue by creating my own proxy server in Node.js, using pac-resolver, to load a PAC file that allows me to control what to proxy. All of Tower's http/https traffic goes through the simple proxy server which runs on the same node as Tower itself. In the PAC file, I have simple rules that allow traffic to Google and Slack to go out via our corporate proxy, while all other requests are handled directly. This allows Google OAuth and Slack notifications to work as well as WinRM connections to internal servers.
It's not ideal, but since editing slack_backend.py
could cause us to lose support for Ansible Tower, I decided to go with the external proxy.
We have received another support case regarding the configuration of proxy settings for notifications.
Sometimes we ask customers to modify the /etc/supervisord.conf
as per this KCS article though, I believe more easier way should be provided.
https://access.redhat.com/solutions/3023641
And also, I guess that the implementation of the notifications (awx/main/notifications/*.py) refers to the environment settings for connecting to a proxy. It is hard for us to diagnose the issue. So I will request again:
/etc/supervisord.conf
. The AWX_TASK_ENV
is not effective.proxy
parameter.
ISSUE TYPE
COMPONENT NAME
SUMMARY
NOTIFICATIONS
needs HTTP/HTTPS proxy settings for each notification typeADDITIONAL INFORMATION
From support team. Customer wants to specify
http_proxy
,https_proxy
andno_proxy
settings fromNOTIFICATIONS > CREATE NOTIFICATION TEMPLATE
UI. They use the proxy settings only for notification.