Bug 1535323

Summary: Unable to pull etcd system container behind proxy while using package docker
Product: OpenShift Container Platform Reporter: Gan Huang <ghuang>
Component: InstallerAssignee: Michael Gugino <mgugino>
Status: CLOSED ERRATA QA Contact: Gan Huang <ghuang>
Severity: medium Docs Contact:
Priority: high    
Version: 3.9.0CC: aos-bugs, jokerman, mmccomas, wmeng
Target Milestone: ---   
Target Release: 3.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-28 14:20:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gan Huang 2018-01-17 06:33:44 UTC 
Description of problem:
Unable to pull etcd system container behind proxy while using package docker

Version-Release number of the following components:
openshift-ansible-3.9.0-0.20.0.git.0.dce44f0.el7.noarch.rpm
ansible-2.4.2.0-2.el7.noarch

How reproducible:
always

Steps to Reproduce:
1. Trigger installation with etcd system container enabled + package docker
# cat inventory_host
<--snip-->
containerized=true
openshift_http_proxy=http://xxx.redhat.com:3128
openshift_https_proxy=http://xxx.redhat.com:3128
openshift_use_system_containers=true
system_images_registry=http:brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888
<--snip-->

2. Run following playbooks:

openshift-ansible/playbooks/prerequisites.yml
openshift-ansible/playbooks/deploy_cluster.yml

Actual results:

TASK [etcd : Pull etcd system container] ***************************************

fatal: [aos-127.lab.sjc.redhat.com]: FAILED! => {"changed": false, "cmd": ["atomic", "pull", "--storage=ostree", "registry.access.redhat.com/rhel7/etcd"], "delta": "0:00:31.143550", "end": "2018-01-17 00:46:26.435008", "msg": "non-zero return code", "rc": 1, "start": "2018-01-17 00:45:55.291458", "stderr": "time=\"2018-01-17T00:46:26-05:00\" level=fatal msg=\"Error initializing image from source docker://registry.access.redhat.com/rhel7/etcd:latest: Get https://access.redhat.com/webassets/docker/content/dist/rhel/server/7/7Server/x86_64/containers/registry/rhel7/etcd/manifests/latest: dial tcp 23.40.29.142:443: i/o timeout\" ", "stderr_lines": ["time=\"2018-01-17T00:46:26-05:00\" level=fatal msg=\"Error initializing image from source docker://registry.access.redhat.com/rhel7/etcd:latest: Get https://access.redhat.com/webassets/docker/content/dist/rhel/server/7/7Server/x86_64/containers/registry/rhel7/etcd/manifests/latest: dial tcp 23.40.29.142:443: i/o timeout\" "], "stdout": "", "stdout_lines": []}

Proxy variables didn't configure in /etc/atomic.conf
# grep -i proxy /etc/atomic.conf 
# To always use a proxy with atomic, you can uncomment and fill out
#http_proxy:
#https_proxy:
#no_proxy:

Expected results:

Additional info:
Please attach logs from ansible-playbook with the -vvv flag
Comment 1 Scott Dodson 2018-01-17 16:24:11 UTC 
Need to make sure that proxies are configured in /etc/atomic.conf during prerequisites playbook.
Comment 2 Michael Gugino 2018-01-17 19:09:35 UTC 
PR submitted: https://github.com/openshift/openshift-ansible/pull/6760
Comment 4 Gan Huang 2018-01-30 08:42:24 UTC 
Verified in openshift-ansible-3.9.0-0.31.0.git.0.e0a0ad8.el7.noarch.rpm
Comment 7 errata-xmlrpc 2018-03-28 14:20:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0489