Merge branch 'drybjed-raw-etc-hosts'

debops · Oct 5, 2023 · a4aa669 · a4aa669
2 parents 49c6898 + 1492d24
commit a4aa669
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 0 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -199,6 +199,13 @@ General
 
 - Support to host the application on a subpath for security reasons.
 
+:ref:`debops.python` role
+'''''''''''''''''''''''''
+
+- The :file:`service/python_raw` playbook used during early bootstrap process
+  can now inject host entries into the :file:`/etc/hosts` configuration file to
+  permit DNS name resolution early during bootstrapping.
+
 :ref:`debops.resources` role
 ''''''''''''''''''''''''''''
 

diff --git a/ansible/roles/python/defaults/main.yml b/ansible/roles/python/defaults/main.yml
@@ -32,6 +32,21 @@ python__enabled: True
 # than the specified time in minutes, the role will automatically refresh it.
 # Set to ``0`` to refresh the APT cache on each Ansible run.
 python__raw_apt_cache_valid_time: '-{{ 60 * 60 * 12 }}'
+
+                                                                   # ]]]
+# .. envvar:: python__raw_etc_hosts [[[
+#
+# String or YAML text block with "<ip> <host>" data, injected into the
+# :file:`/etc/hosts` configuration file as-is. This is done only at bootstrap
+# time, the :ref:`debops.netbase` role then takes ownership of the
+# :file:`/etc/hosts` file.
+#
+# Some installations do not have proper DNS services available and rely on
+# :file:`/etc/hosts` for name resolution. This presents a problem during early
+# bootstrap steps, for example if access to the APT repositories is done via
+# a proxy. This variable can be used to add entries in :file:`/etc/hosts` as
+# early as possible, to allow for proper name resolution.
+python__raw_etc_hosts: ''
                                                                    # ]]]
                                                                    # ]]]
 # Python 3 management [[[

diff --git a/ansible/roles/python/tasks/main_raw.yml b/ansible/roles/python/tasks/main_raw.yml
@@ -3,6 +3,15 @@
 # Copyright (C) 2018 DebOps <https://debops.org/>
 # SPDX-License-Identifier: GPL-3.0-only
 
+- name: Inject host entries into /etc/hosts
+  ansible.builtin.raw: |
+    if ! grep "{{ python__raw_etc_hosts.split() | first }}" /etc/hosts ; then
+      printf "%s\n" "{{ python__raw_etc_hosts | regex_replace('\n$', '') }}" >> /etc/hosts
+    fi
+  register: python__register_etc_hosts
+  changed_when: python__register_etc_hosts.stdout == ''
+  when: python__enabled | bool and python__raw_etc_hosts | d()
+
 - name: Detect the OS release manually, no Ansible facts available
   ansible.builtin.raw: grep -E '^VERSION=' /etc/os-release | tr -d '(")' | cut -d" " -f2
   register: python__register_raw_release

diff --git a/docs/ansible/roles/python/getting-started.rst b/docs/ansible/roles/python/getting-started.rst
@@ -35,6 +35,13 @@ a host. Role will automatically purge an existing Python 2.x packages if Python
 2.x operation is disabled; this can be leveraged to maintain Python 3.x-only
 setup, depending on the OS release used on the host.
 
+To support environments without proper DNS service, the bootstrap playbook can
+inject host entries into the :file:`/etc/hosts` configuration file, using the
+:envvar:`python__raw_etc_hosts` variable. This can be used to configure access
+to APT repositories via a HTTP proxy, for example. After bootstrapping, the
+:ref:`debops.netbase` Ansible role takes over the :file:`/etc/hosts` config
+file management.
+
 
 Example inventory
 -----------------