From dc3b7aebd619b9f3add6ceff79e65bc623f5c711 Mon Sep 17 00:00:00 2001 From: "T. Ichikawa" <47208255+1kaw@users.noreply.github.com> Date: Fri, 15 Feb 2019 05:45:31 +0900 Subject: [PATCH] Backport/2.7/51548 - Properly handle unauthenticated yum proxy config (#52245) * Properly handle unauthenticated yum proxy config (#51915) Fixes #51548 Signed-off-by: Adam Miller (cherry picked from commit 2721ed260e57fddd0af373c9401d01763614465d) * Fix: Yum module does not use proxy when username is not set #51548 (#51994) * add test of yum with proxy * Properly handle unauthenticated yum proxy config Fixes #51548 * shell executable is bash (cherry picked from commit c2a409a9e0325f9e46c6bba2294a33b392f44f98) --- .../fragments/yum-unauthenticated-proxy.yaml | 2 + lib/ansible/modules/packaging/os/yum.py | 4 +- test/integration/targets/yum/tasks/proxy.yml | 124 +++++++++++++++--- 3 files changed, 112 insertions(+), 18 deletions(-) create mode 100644 changelogs/fragments/yum-unauthenticated-proxy.yaml diff --git a/changelogs/fragments/yum-unauthenticated-proxy.yaml b/changelogs/fragments/yum-unauthenticated-proxy.yaml new file mode 100644 index 00000000000..4a0544c934e --- /dev/null +++ b/changelogs/fragments/yum-unauthenticated-proxy.yaml @@ -0,0 +1,2 @@ +bugfixes: + - yum - properly handle a proxy config in yum.conf for an unauthenticated proxy diff --git a/lib/ansible/modules/packaging/os/yum.py b/lib/ansible/modules/packaging/os/yum.py index ae94308a351..e844e57f221 100644 --- a/lib/ansible/modules/packaging/os/yum.py +++ b/lib/ansible/modules/packaging/os/yum.py @@ -715,7 +715,6 @@ class YumModule(YumDnf): # setting system proxy environment and saving old, if exists my = self.yum_base() namepass = "" - proxy_url = "" scheme = ["http", "https"] old_proxy_env = [os.getenv("http_proxy"), os.getenv("https_proxy")] try: @@ -736,6 +735,9 @@ class YumModule(YumDnf): r"(http://)", r"\1" + namepass, proxy_url ) + else: + for item in scheme: + os.environ[item + "_proxy"] = my.conf.proxy yield except yum.Errors.YumBaseError: raise diff --git a/test/integration/targets/yum/tasks/proxy.yml b/test/integration/targets/yum/tasks/proxy.yml index c506c5e563e..5c5f860e759 100644 --- a/test/integration/targets/yum/tasks/proxy.yml +++ b/test/integration/targets/yum/tasks/proxy.yml @@ -1,24 +1,89 @@ - name: test yum proxy settings block: - - yum: + - name: install tinyproxy + yum: name: 'https://s3.amazonaws.com/ansible-ci-files/test/integration/targets/yum/tinyproxy-1.10.0-3.el7.x86_64.rpm' state: installed - - lineinfile: + # systemd doesn't play nice with this in a container for some reason + - name: start tinyproxy (systemd with tiny proxy does not work in container) + shell: tinyproxy + changed_when: false + + # test proxy without auth + - name: set unauthenticated proxy in yum.conf + lineinfile: + path: /etc/yum.conf + line: "proxy=http://127.0.0.1:8888" + state: present + + - name: clear proxy logs + shell: ': > /var/log/tinyproxy/tinyproxy.log' + changed_when: false + args: + executable: /usr/bin/bash + + - name: install ninvaders with unauthenticated proxy + yum: + name: 'https://s3.amazonaws.com/ansible-ci-files/test/integration/targets/yum/ninvaders-0.1.1-18.el7.x86_64.rpm' + state: installed + register: yum_proxy_result + + - assert: + that: + - "yum_proxy_result.changed" + - "'msg' in yum_proxy_result" + - "'rc' in yum_proxy_result" + + - name: check that it install via unauthenticated proxy + command: grep -q Request /var/log/tinyproxy/tinyproxy.log + + - name: uninstall ninvaders with unauthenticated proxy + yum: + name: ninvaders + state: absent + register: yum_proxy_result + + - assert: + that: + - "yum_proxy_result.changed" + - "'msg' in yum_proxy_result" + - "'rc' in yum_proxy_result" + + - name: unset unauthenticated proxy in yum.conf + lineinfile: + path: /etc/yum.conf + line: "proxy=http://127.0.0.1:8888" + state: absent + + # test proxy with auth + - name: set authenticated proxy config in tinyproxy.conf + lineinfile: path: /etc/tinyproxy/tinyproxy.conf line: "BasicAuth testuser testpassword" state: present # systemd doesn't play nice with this in a container for some reason - - shell: tinyproxy + - name: SIGHUP tinyproxy to reload config (workaround because of systemd+tinyproxy in container) + shell: kill -HUP $(ps -ef | grep tinyproxy | grep -v grep | awk '{print $2}') changed_when: false + args: + executable: /usr/bin/bash - - lineinfile: + - name: set authenticated proxy config in yum.conf + lineinfile: path: /etc/yum.conf line: "proxy=http://testuser:testpassword@127.0.0.1:8888" state: present - - yum: + - name: clear proxy logs + shell: ': > /var/log/tinyproxy/tinyproxy.log' + changed_when: false + args: + executable: /usr/bin/bash + + - name: install ninvaders with authenticated proxy + yum: name: 'https://s3.amazonaws.com/ansible-ci-files/test/integration/targets/yum/ninvaders-0.1.1-18.el7.x86_64.rpm' state: installed register: yum_proxy_result @@ -29,31 +94,46 @@ - "'msg' in yum_proxy_result" - "'rc' in yum_proxy_result" - - yum: + - name: check that it install via authenticated proxy + command: grep -q Request /var/log/tinyproxy/tinyproxy.log + + - name: uninstall ninvaders with authenticated proxy + yum: name: ninvaders state: absent - - lineinfile: + - name: unset authenticated proxy config in yum.conf + lineinfile: path: /etc/yum.conf line: "proxy=http://testuser:testpassword@127.0.0.1:8888" state: absent - - lineinfile: + - name: set proxy config in yum.conf + lineinfile: path: /etc/yum.conf line: "proxy=http://127.0.0.1:8888" state: present - - lineinfile: + - name: set proxy_username config in yum.conf + lineinfile: path: /etc/yum.conf line: "proxy_username=testuser" state: present - - lineinfile: + - name: set proxy_password config in yum.conf + lineinfile: path: /etc/yum.conf line: "proxy_password=testpassword" state: present - - yum: + - name: clear proxy logs + shell: ': > /var/log/tinyproxy/tinyproxy.log' + changed_when: false + args: + executable: /usr/bin/bash + + - name: install ninvaders with proxy, proxy_username, and proxy_password config in yum.conf + yum: name: 'https://s3.amazonaws.com/ansible-ci-files/test/integration/targets/yum/ninvaders-0.1.1-18.el7.x86_64.rpm' state: installed register: yum_proxy_result @@ -64,31 +144,41 @@ - "'msg' in yum_proxy_result" - "'rc' in yum_proxy_result" + - name: check that it install via proxy with proxy_username, proxy_password config in yum.conf + command: grep -q Request /var/log/tinyproxy/tinyproxy.log + always: - - yum: + #cleanup + - name: uninstall tinyproxy + yum: name: tinyproxy state: absent - - yum: + - name: uninstall ninvaders + yum: name: ninvaders state: absent - - lineinfile: + - name: ensure unset authenticated proxy + lineinfile: path: /etc/yum.conf line: "proxy=http://testuser:testpassword@127.0.0.1:8888" state: absent - - lineinfile: + - name: ensure unset proxy + lineinfile: path: /etc/yum.conf line: "proxy=http://127.0.0.1:8888" state: absent - - lineinfile: + - name: ensure unset proxy_username + lineinfile: path: /etc/yum.conf line: "proxy_username=testuser" state: absent - - lineinfile: + - name: ensure unset proxy_password + lineinfile: path: /etc/yum.conf line: "proxy_password=testpassword" state: absent