Ansible provisioning without internet access

Question

I know that you can setup proxy in Ansible to provision behind corporate network: https://docs.ansible.com/ansible/latest/user_guide/playbooks_environment.html

like this:

environment:
    http_proxy: http://proxy.example.com:8080

Unfortunately in my case there is no access to internet from the server at all. Downloading roles locally and putting them under /roles folder seems solve the role issue, but roles still download packages from the internet when using:

package:
   name: package-name
   state: present

I guess there is no way to make dry/pre run so Ansible downloads all the packages, then push that into repo and run Ansible provision using locally downloaded packages?

score 2 · Accepted Answer · answered Jan 14 '19 at 16:02

This isn't really a question about Ansible, as all Ansible is doing is running the relevant package management system on the target host (i.e. yum, dnf or apt or whatever). So it is a question of what solution the specific package management tool provides, for this case.

There are a variety of solutions and for example in the Centos/RHEL world you can:

There is another class of tool generally called an artefact repository. These started out life as tools to store binaries built from code, but have added a bunch of features to act as a proxy and cache packages from a wide variety of sources (OS Packages, PIP, NodeJS, Docker, etc). Two examples that have limited free offerings:

They of course still need to collect those packages from a source, so at some point those are going to have to be downloaded to placed within these systems.

thanks clockworknet, you are right, that it is probably more related to the package management tools — Maksim Luzik, Jan 14 '19 at 20:01

score 1 · Answer 2 · answered Jan 15 '19 at 12:47

Like clockworknet pointed out this is more related to the RHEL package handling. Setting up local mirror somewhere inside the closed network can provide a solution in this situation. More info on "How to create a local mirror of the latest update for Red Hat Enterprise Linux 5, 6, 7 without using Satellite server?": https://access.redhat.com/solutions/23016

score 0 · Answer 3 · answered Oct 18 '19 at 10:34

My solution:

Install Sonatype Nexus 3
create one or more yum proxy repositories https://help.sonatype.com/repomanager3/formats/yum-repositories

use Ansible to add these proxies via yum_repository https://docs.ansible.com/ansible/latest/modules/yum_repository_module.html

     yum_repository:
       name: proxy-repo
       description: internal proxy repo
       baseurl: https://your-nexus.server/url-to-repo```

note: did that for APT and works fine, would expect the same for yum

Ansible provisioning without internet access

3 Answers3