FreeBSD pkg proxy

I've had a lot of trouble conditionally setting no or different proxies via ENV when using Ansible.

It was just *impossible* to do this on the playbook level as I was originally recommended. The same incomplete advice went to the documentation, and I'll probably never find out if they wanted to cover up a restriction or just didn't get me. Since there's no Rudder support of FreeBSD yet, I am still using Ansible for this env.

I'd been trying to find a good way around this since like 2013 but always looked at it from the angle that doesn't work, trying to do this via different groups dynamically gathered from the domain and with a proper "proxies" data structure, while still making sure it'd not have the proxy var set where you don't need it...

A few weeks ago I finally figured out my workaround!

Here's what I did in the end - just kept it as trivial as possible.

I adjusted pkg.conf using a template that may or may not render a proxy setting plus the curly braces it so much loves.

  1. Nothing is defined in group_vars/all
  2. But something could be defined in there too!
  3. A proxy is defined in group_vars/domain1
  4. A different proxy can be defined in group_vars/domain2
  5. The proxy can be overriden in host_vars/hostname1 (even if the host is in domain2)
  6. The templated file does not render the section unless the variable was defined

 

Example proxy definition

[me@server ~/playbooks]$ less host_vars/hostname1.domain_name_tld
---
http_proxy: http://proxy.domain-name.tld:8080/
https_proxy: http://proxy.domain-name.tld:8080/

You can do the same in host_vars/hostname to override that. I think the underscore bit in group_vars/domaion_name_tld was just for needed for group names built from domains? Maybe I have a gathered group for them? I honestly do not remember at all.

 

/usr/local/etc/pkg.conf
CONSERVATIVE_UPGRADE = true;
WORKERS_COUNT = 2;
HANDLE_RC_SCRIPTS = false;
#ASSUME_ALWAYS_YES = false;
SYSLOG = true;
# HEADS UP, https is not default. see https://github.com/freebsd/pkg/pull/1265
VULNXML_SITE = "https://www.vuxml.org/freebsd/vuln.xml.bz2";
FETCH_RETRY = 3;
#FETCH_TIMEOUT = 30;
#DEBUG_LEVEL = 0;

# Sample alias settings
ALIAS              : {
  all-depends: query %dn-%dv,
  annotations: info -A,
  build-depends: info -qd,
  download: fetch,
  iinfo: info -ix,
  cinfo: info -Cx,
  isearch: search -ix,
  csearch: search -Cx,
  leaf: query -e "%a == 0" "%n-%v",
  list: info -ql,
  li: info -ql,
  origin: info -qo,
  provided-depends: info -qb,
  raw: info -R,
  required-depends: info -qr,
  shared-depends: info -qB,
  show: info -f -k,
  size: info -sq,
  }

{% if http_proxy is defined %}
# this is defined from roles/pkgng
pkg_env : {
    http_proxy: "{{ http_proxy }}"
    https_proxy: "{{ https_proxy }}"
}
{% endif %}