Bug 1545907

Summary: SDN traffic being forced through the proxy
Product: OpenShift Container Platform Reporter: Nicholas Schuetz <nick>
Component: InstallerAssignee: Vadim Rutkovsky <vrutkovs>
Status: CLOSED ERRATA QA Contact: Gan Huang <ghuang>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.6.1CC: aos-bugs, ccustine, jialiu, joarcher, jokerman, mmccomas, nschuetz, shchan, vrutkovs
Target Milestone: ---Keywords: NeedsTestCase
Target Release: 3.6.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-12 06:03:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nicholas Schuetz 2018-02-15 19:51:42 UTC 
Installed a stand-alone cluster (everything on one box) using the openshift-ansible installer (3.6.173.0.96-1).  openshift_http(s)_proxy variables were set properly during the install (in the /etc/ansible/hosts file).

Everything installs correctly.  However, after the install we were unable to 'docker login' to the registry via the route either from a desktop OR on the openshift box itself.  The error was "TLS Handshake Timeout" or something like that.

We were able to fix this by adding '172.30.0.1' (kube SVC address) to the NO_PROXY environment variable in the docker-registry's deployment config.

It looks like traffic destined for the SDN IP space was being sent out through the proxy.
Comment 1 Vadim Rutkovsky 2018-02-16 13:25:32 UTC 
Sounds like https://github.com/openshift/openshift-ansible/pull/6215 should be cherry-picked on 3.6.

Nicholas, would you be able to test the fix as I'm afraid I don't have a proxy configured for this
Comment 2 Vadim Rutkovsky 2018-02-16 13:33:48 UTC 
Created https://github.com/openshift/openshift-ansible/pull/7180
Comment 3 Vadim Rutkovsky 2018-02-27 14:53:21 UTC 
Fix is available in openshift-ansible-3.6.173.0.103-1-2-gdafe5d979
Comment 4 Gan Huang 2018-02-28 09:04:46 UTC 
The latest rpm package of the 3.6 builds is openshift-ansible-3.6.173.0.104-1.git.0.ee43cc5.el7.noarch.rpm that the fix is not in.

Moving to MODIFIED to wait the next rpm build having the fix.

And I can't find openshift-ansible-3.6.173.0.103-1-2-gdafe5d979.

Vadim, please kindly correct me if I'm missing something.
Comment 5 Vadim Rutkovsky 2018-02-28 09:40:14 UTC 
Correct, the fix is not yet released in 3.6, sorry for the noise
Comment 7 Gan Huang 2018-03-01 03:16:22 UTC 
Fix not in yet, moving back temporarily.
Comment 10 Gan Huang 2018-03-06 01:59:51 UTC 
Still no new rpm packages built yet.
Comment 11 Scott Dodson 2018-03-12 17:24:05 UTC 
in openshift-ansible-3.6.173.0.105-1
Comment 12 Gan Huang 2018-03-13 02:04:06 UTC 
Verified in openshift-ansible-3.6.173.0.105-1.git.0.406806c.el7.noarch.rpm
Comment 18 errata-xmlrpc 2018-04-12 06:03:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1106