cisco.radkit.http_proxy module – Starts a local HTTP (and SOCKS) proxy through RADKIT for use with modules that can utilize a proxy

Note

This module is part of the cisco.radkit collection (version 2.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install git+https://wwwin-github.cisco.com/scdozier/cisco.radkit-ansible.git. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: cisco.radkit.http_proxy.

New in cisco.radkit 0.3.0

Synopsis

  • This modules starts a local HTTP (and SOCKS) proxy through RADKIT for use with modules that can utilize a proxy.

  • RADKIT can natively create a SOCKS proxy, but most Ansible modules only support HTTP proxy if at all, so this module starts both.

  • Note that the proxy will ONLY forward connections to devices that have a forwarded port in RADKIT AND to hosts in format of <hostname>.<serial>.proxy.

Requirements

The below requirements are needed on the host that executes this module.

  • radkit

  • python-proxy

Parameters

Parameter

Comments

client_ca_path

string

Alternate path to client ca cert for RADKIT If the value is not specified in the task, the value of environment variable RADKIT_ANSIBLE_CLIENT_CA_PATH will be used instead.

client_cert_path

string

Alternate path to client cert for RADKIT If the value is not specified in the task, the value of environment variable RADKIT_ANSIBLE_CLIENT_CERT_PATH will be used instead.

client_key_password_b64

aliases: radkit_client_private_key_password_base64

string / required

Client certificate password in base64 If the value is not specified in the task, the value of environment variable RADKIT_ANSIBLE_CLIENT_PRIVATE_KEY_PASSWORD_BASE64 will be used instead.

client_key_path

string

Alternate path to client key for RADKIT If the value is not specified in the task, the value of environment variable RADKIT_ANSIBLE_CLIENT_KEY_PATH will be used instead.

http_proxy_port

string

HTTP proxy port opened by module

Default: "4001"

identity

aliases: radkit_identity

string / required

Identity to authentiate with RADKit (xxxx@cisco.com). If the value is not specified in the task, the value of environment variable RADKIT_ANSIBLE_IDENTITY will be used instead.

proxy_password

string / required

Password for use with both http and socks proxy

If the value is not specified in the task, the value of environment variable RADKIT_ANSIBLE_PROXY_PASSWORD will be used instead.

proxy_username

string / required

Username for use with both http and socks proxy.

If the value is not specified in the task, the value of environment variable RADKIT_ANSIBLE_PROXY_USERNAME will be used instead.

service_serial

aliases: radkit_serial, radkit_service_serial

string / required

Radkit service serial If the value is not specified in the task, the value of environment variable RADKIT_ANSIBLE_SERVICE_SERIAL will be used instead.

socks_proxy_port

string

SOCKS proxy port opened by RADKIT client

Default: "4000"

test

boolean

Tests your proxy configuration before trying to run in async

Choices:

  • false ← (default)

  • true

Examples

# The idea of this module is to start the module once and run on localhost for duration of the play.
# Any other module running on the localhost can utilize it to connect to devices over HTTPS.
#
# Note that connecting through the proxy in radkit is of format <device name>.<serial>.proxy
---
- hosts: all
  gather_facts: no
  vars:
    radkit_service_serial: xxxx-xxxx-xxxx
    http_proxy_username: radkit
    http_proxy_password: Radkit999
    http_proxy_port: 4001
    socks_proxy_port: 4000
  environment:
    http_proxy: "http://{{ http_proxy_username }}:{{ http_proxy_password }}@127.0.0.1:{{ http_proxy_port }}"
    https_proxy: "http://{{ http_proxy_username }}:{{ http_proxy_password }}@127.0.0.1:{{ http_proxy_port }}"
  pre_tasks:

    - name: Test HTTP Proxy RADKIT To Find Potential Config Errors (optional)
      cisco.radkit.http_proxy:
        http_proxy_port: "{{ http_proxy_port }}"
        socks_proxy_port: "{{ socks_proxy_port }}"
        proxy_username: "{{ http_proxy_username }}"
        proxy_password: "{{ http_proxy_password }}"
        test: True
      delegate_to: localhost
      run_once: true

    - name: Start HTTP Proxy Through RADKIT And Leave Running for 300 Seconds (adjust time based on playbook exec time)
      cisco.radkit.http_proxy:
        http_proxy_port: "{{ http_proxy_port }}"
        socks_proxy_port: "{{ socks_proxy_port }}"
        proxy_username: "{{ http_proxy_username }}"
        proxy_password: "{{ http_proxy_password }}"
      async: 300
      poll: 0
      delegate_to: localhost
      run_once: true

    - name: Wait for http proxy port to become open (it takes a little bit for proxy to start)
      ansible.builtin.wait_for:
        port: "{{ http_proxy_port }}"
        delay: 1
      delegate_to: localhost
      run_once: true

  tasks:

    - name: Example ACI Task that goes through http proxy
      cisco.aci.aci_system:
        hostname:  "{{ inventory_hostname }}.{{ radkit_service_serial }}.proxy"
        username: admin
        password: "password"
        state: query
        use_proxy: yes
        validate_certs: no
      delegate_to: localhost
      failed_when: False

Authors

  • Scott Dozier (@scdozier)