From a0ab81d7527585937a4b3035ace78d3be0e7f4d6 Mon Sep 17 00:00:00 2001
From: Michal Nasiadka <mnasiadka@gmail.com>
Date: Mon, 24 Feb 2020 19:24:50 +0100
Subject: [PATCH] Allow setting pip_proxy

Change-Id: I2547ef2556ca96b614854515069aaca3349cd692
---
 ansible/roles/pip/defaults/main.yml           |  2 ++
 ansible/roles/pip/tasks/main.yml              |  4 +--
 .../{pip_local_mirror.yml => pip_conf.yml}    |  3 ++
 doc/source/configuration/hosts.rst            | 36 +++++++++++++------
 etc/kayobe/pip.yml                            |  3 ++
 .../notes/pip_proxy-6c6022b6566dae69.yaml     |  7 ++++
 6 files changed, 42 insertions(+), 13 deletions(-)
 rename ansible/roles/pip/tasks/{pip_local_mirror.yml => pip_conf.yml} (89%)
 create mode 100644 releasenotes/notes/pip_proxy-6c6022b6566dae69.yaml

diff --git a/ansible/roles/pip/defaults/main.yml b/ansible/roles/pip/defaults/main.yml
index 4377c819..eb3ec24d 100644
--- a/ansible/roles/pip/defaults/main.yml
+++ b/ansible/roles/pip/defaults/main.yml
@@ -16,3 +16,5 @@ pip_index_url: ""
 # disabled
 pip_trusted_hosts: []
 
+# Optional: proxy configuration
+pip_proxy: ""
diff --git a/ansible/roles/pip/tasks/main.yml b/ansible/roles/pip/tasks/main.yml
index e85eb4b8..3bf421d0 100644
--- a/ansible/roles/pip/tasks/main.yml
+++ b/ansible/roles/pip/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
-- include_tasks: pip_local_mirror.yml
+- include_tasks: pip_conf.yml
   loop: "{{ pip_applicable_users }}"
   loop_control:
     loop_var: user
-  when: pip_local_mirror | bool
+  when: (pip_local_mirror | bool) or (pip_proxy | length > 0)
diff --git a/ansible/roles/pip/tasks/pip_local_mirror.yml b/ansible/roles/pip/tasks/pip_conf.yml
similarity index 89%
rename from ansible/roles/pip/tasks/pip_local_mirror.yml
rename to ansible/roles/pip/tasks/pip_conf.yml
index f11c7006..2fef94f6 100644
--- a/ansible/roles/pip/tasks/pip_local_mirror.yml
+++ b/ansible/roles/pip/tasks/pip_conf.yml
@@ -17,6 +17,9 @@
         {{ host }}
         {% endfor -%}
       {% endif -%}
+      {% if pip_proxy | length > 0 -%}
+      proxy = {{ pip_proxy }}
+      {% endif -%}
     dest: "~{{ user}}/.pip/pip.conf"
   become: True
   become_user: "{{ user }}"
diff --git a/doc/source/configuration/hosts.rst b/doc/source/configuration/hosts.rst
index d2b45dff..38658c3c 100644
--- a/doc/source/configuration/hosts.rst
+++ b/doc/source/configuration/hosts.rst
@@ -94,21 +94,27 @@ For example, to set the bootstrap user for controllers to ``centos``:
 
    controller_bootstrap_user: centos
 
-PyPI Mirror
-===========
+PyPI Mirror and proxy
+=====================
 *tags:*
   | ``pip``
 
-Kayobe supports configuration of a PyPI mirror, via variables in
-``${KAYOBE_CONFIG_PATH}/pip.yml``. This functionality is enabled by setting the
-``pip_local_mirror`` variable to ``true``.
+Kayobe supports configuration of a PyPI mirror and/or proxy, via variables in
+``${KAYOBE_CONFIG_PATH}/pip.yml``.
+Mirror functionality is enabled by setting the ``pip_local_mirror`` variable to
+``true`` and proxy functionality is enabled by setting ``pip_proxy`` variable
+to a proxy URL.
+
+Kayobe will generate configuration for:
 
-Kayobe will generate configuration for
-``pip`` and ``easy_install`` to use the mirror, for the list of users defined
-by ``pip_applicable_users`` (default ``kayobe_ansible_user`` and ``root``), in
-addition to the user used for Kolla Ansible (``kolla_ansible_user``). The
-mirror URL is configured via ``pip_index_url``, and ``pip_trusted_hosts`` is a
-list of 'trusted' hosts, for which SSL verification will be disabled.
+* ``pip`` to use the mirror and proxy
+* ``easy_install`` to use the mirror
+
+for the list of users defined by ``pip_applicable_users`` (default
+``kayobe_ansible_user`` and ``root``), in addition to the user used for Kolla
+Ansible (``kolla_ansible_user``). The mirror URL is configured via
+``pip_index_url``, and ``pip_trusted_hosts`` is a list of 'trusted' hosts, for
+which SSL verification will be disabled.
 
 For example, to configure use of the test PyPI mirror at
 https://test.pypi.org/simple/:
@@ -119,6 +125,14 @@ https://test.pypi.org/simple/:
    pip_local_mirror: true
    pip_index_url: https://test.pypi.org/simple/
 
+To configure use of the PyPI proxy:
+
+.. code-block:: yaml
+   :caption: ``pip.yml``
+
+   pip_proxy: http://your_proxy_server:3128
+
+
 Kayobe Remote Virtual Environment
 =================================
 *tags:*
diff --git a/etc/kayobe/pip.yml b/etc/kayobe/pip.yml
index e684bd81..563c3ce0 100644
--- a/etc/kayobe/pip.yml
+++ b/etc/kayobe/pip.yml
@@ -23,6 +23,9 @@
 # disabled
 #pip_trusted_hosts: []
 
+# PyPI proxy URL (format: http(s)://[user:password@]proxy_name:port)
+#pip_proxy: ""
+
 ###############################################################################
 # Dummy variable to allow Ansible to accept this file.
 workaround_ansible_issue_8743: yes
diff --git a/releasenotes/notes/pip_proxy-6c6022b6566dae69.yaml b/releasenotes/notes/pip_proxy-6c6022b6566dae69.yaml
new file mode 100644
index 00000000..301093f2
--- /dev/null
+++ b/releasenotes/notes/pip_proxy-6c6022b6566dae69.yaml
@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Introduces a new option - ``pip_proxy`` - to configure Pip package
+    installation via a user-defined http(s) proxy. This is set on a per-user
+    basis, and by default this is for the same users as pip_local_mirror
+    feature.
-- 
GitLab