Bug 1779502
Summary: | [IPI on Azure] [proxy] - proxy installation does not work in a restricted network | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Etienne Simard <esimard> |
Component: | Installer | Assignee: | Abhinav Dahiya <adahiya> |
Installer sub component: | openshift-installer | QA Contact: | Etienne Simard <esimard> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | high | ||
Priority: | unspecified | CC: | bbreard, dustymabe, esimard, imcleod, jialiu, jlebon, jligon, mgahagan, mifiedle, nstielau, sdodson, smilner, walters |
Version: | 4.3.0 | Keywords: | TestBlocker |
Target Milestone: | --- | Flags: | esimard:
needinfo-
mgahagan: needinfo- esimard: needinfo+ |
Target Release: | 4.4.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-05-04 11:18:30 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Comment 2
Scott Dodson
2019-12-04 18:15:38 UTC
The AWS jobs assume access to S3 storage without proxy use, we'll need to be able to assume the same access to Azure blob storage in these Azure tests as well. (In reply to Scott Dodson from comment #20) > The AWS jobs assume access to S3 storage without proxy use, we'll need to be > able to assume the same access to Azure blob storage in these Azure tests as > well. Hello Scott, do you have a link in the docs or elsewhere that explains that assumption? Should it be included in that list: https://docs.openshift.com/container-platform/4.3/installing/install_config/configuring-firewall.html? This test was done with the assumption that we wanted to be in a completely internet disconnected network and only allowing outgoing connections through the proxy. Client environments could have similar requirements. Should an installation work with only the white list of the azure blob storage (*.blob.core.windows.net) + proxy? I confirm that I was able to create a cluster with the proxy by adding a whitelist towards Azure public IPs. Verified with: DEBUG OpenShift Installer v4.3.1 DEBUG Built from commit 2055609f95b19322ee6cfdd0bea73399297c4a3e Firewall rules added: NSG with egress access enabled towards Azure Service Tag "AzureCloud" (https://www.microsoft.com/en-us/download/details.aspx?id=56519) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0581 |