Bug 1578993

Summary: jenkins slave does not respect no_proxy 3.10
Product: OpenShift Container Platform Reporter: Gabe Montero <gmontero>
Component: BuildAssignee: Gabe Montero <gmontero>
Status: CLOSED ERRATA QA Contact: Wenjing Zheng <wzheng>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.10.0CC: aos-bugs, bparees, gmontero, stwalter, wzheng
Target Milestone: ---   
Target Release: 3.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: jenkins no_proxy processing could not handle suffixes like ".svc" Consequence: communication between a jenkins k8s agent pod and the jenkins master would attempt to go through a configured http_proxy and fail Fix: the openshift jenkins agent images are updated to automatically include the jenkins master and jnlp hosts in the no_proxy list Result: the jenkins limitation for no_proxy processing is circumvented
 Story Points: ---
Clone Of: 1578989 Environment:
Last Closed: 2018-07-30 19:15:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 1 Gabe Montero 2018-05-16 18:48:44 UTC 
The fix for this merged last week, and the images are on brew-pulp.

For example, brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/jenkins-slave-maven-rhel7:v3.10.0.20180515.215815 has the fix.

To test:
- you use a pipeline with agents like https://raw.githubusercontent.com/openshift/origin/master/examples/jenkins/pipeline/maven-pipeline.yaml

- log into the jenkins console, go to manage jenkins -> configure system, and update the maven pod template towards the bottom on the page by
   
   -- add the env var http_proxy to the pod template, setting it to a http proxy
   -- either a) change the image ref to brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/jenkins-slave-maven-rhel7:v3.10.0.20180515.215815, pull that image to the node, and uncheck pull always, so it uses the local image, or b) retag brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/jenkins-slave-maven-rhel7:v3.10.0.20180515.215815 to an image repository you can push, and then push it to an accessible repository

- save the changes,
- then start the build 

without the fix, things like the downloading of the remoting jar and access to the jnlp tunnel will fail in the resulting maven pod, as they try to go through the proxy and fail

in fact, if you want to verify the problem exists, try a build with http_proxy set on the pod template and use the default image to start the build

with the fix, the maven build should succeed like before
Comment 4 errata-xmlrpc 2018-07-30 19:15:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1816