Cause:
Due to recent simplification and refactoring there was a possibility of /etc/atomic.conf not being updated with proxy values before the first atomic command was executed.
Consequence:
Proxy use with the atomic command did not work during the install.
Fix:
A new openshift_atomic role has been created for atomic specific tasks. The first task added is proxy which handles updating /etc/atomic.conf to ensure the proper proxy configuration is configured. This task file is then included (via include_role) in system container related task files.
Result:
The atomic command always is able to use the properly defined proxy settings.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2017:3188
Description of problem: Install with system container & docker rpm & behind proxy failed cause proxy setting didn't add to /etc/atomic.conf. Version-Release number of the following components: openshift-ansible-3.7.0-0.161.0.git.0.2ca2c69.el7 ansible-2.4.0.0-5.el7 atomic-1.19.1-4.gitb39a783.el7 docker-1.12.6-61.git85d7426.el7 How reproducible: 100% Steps to Reproduce: 1. Install with system container & docker rpm & behind proxy # cat hosts ... [OSEv3:vars] ... openshift_image_tag=v3.7.0-0.158.0 openshift_release=v3.7.0 openshift_use_system_containers=true system_images_registry=... openshift_http_proxy=... openshift_https_proxy=... openshift_no_proxy=... ... 2. 3. Actual results: # ansible-playbook -i hosts -v /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml ... TASK [etcd : Pull etcd system container] *************************************** Thursday 19 October 2017 02:37:57 +0000 (0:00:00.055) 0:02:32.575 ****** fatal: [master.example.com]: FAILED! => {"changed": false, "cmd": ["atomic", "pull", "--storage=ostree", "registry.access.redhat.com/rhel7/etcd"], "delta": "0:00:31.336918", "end": "2017-10-19 02:38:28.265350", "failed": true, "msg": "non-zero return code", "rc": 1, "start": "2017-10-19 02:37:56.928432", "stderr": "time=\"2017-10-19T02:38:28Z\" level=fatal msg=\"Error initializing image from source docker://registry.access.redhat.com/rhel7/etcd:latest: Get https://access.redhat.com/webassets/docker/content/dist/rhel/server/7/7Server/x86_64/containers/registry/rhel7/etcd/manifests/latest: dial tcp 23.40.29.142:443: i/o timeout\" ", "stderr_lines": ["time=\"2017-10-19T02:38:28Z\" level=fatal msg=\"Error initializing image from source docker://registry.access.redhat.com/rhel7/etcd:latest: Get https://access.redhat.com/webassets/docker/content/dist/rhel/server/7/7Server/x86_64/containers/registry/rhel7/etcd/manifests/latest: dial tcp 23.40.29.142:443: i/o timeout\" "], "stdout": "", "stdout_lines": []} ... Expected results: Proxy setting should add to /etc/atomic.conf then atomic pull could succeed. Additional info: # cat /etc/atomic.conf ... # To always use a proxy with atomic, you can uncomment and fill out # below. # #http_proxy: #https_proxy: #no_proxy: