Bug 1856859
| Summary: | NO_PROXY variable not picking up cidr range. | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | manisha <mdhanve> |
| Component: | openshift-apiserver | Assignee: | Standa Laznicka <slaznick> |
| Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Xingxing Xia <xxia> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 4.4 | CC: | akhaire, aos-bugs, mfojtik, nijoshi, rabdulra, slaznick |
| Target Milestone: | --- | Flags: | mdhanve:
needinfo-
|
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-08-25 10:01:54 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
manisha
2020-07-14 15:15:40 UTC
Please attach must-gather info. The logs in comment 3 show no login attempt. The logs in comment 4 require me to request access on google docs. The logs in comment 5 appear to be cut. https:// scheme proxy from comment 6 is unsupported (see docs). I am not sure what comment 6 is supposed to show/prove. Ok, I got access to logs from comment 4, which seem to be logs of a kube API server. They don't necessary show any malign behavior, although it appears that the openshift-apiserver connections time out every now and then. I noticed comment 5 contains two other log files I cannot access. I hope one of them is a must-gather and that me and Stefan get access to it soon. *** Bug 1856860 has been marked as a duplicate of this bug. *** @Rajeeb: I am not exactly sure when authn is failing for you, but based on the logs of the oauth server from your must-gather, if the failure is observed during their Argo CD login, it's most probably because they've got it misconfigured, the OAuth client's name (they use SA as an oauth-client, it seems) comes with %3A where colons should be which causes it to fail. @manisha: would you be able to get me at least oauth-server logs? Of all the oauth-server pods I mean, they should be named "oauth-openshift" if you're looking for them with crictl, and there should be two of them appearing on different nodes. @standa: 'oauth-openshift' container logs have been attached already on comment #3. manisha, please read comment 14 _CAREFULLY_. The logs you provided come from 1 of the oauth-server instances. Usually, there are two such instances. And the logs should also show the reason why the server returned 400, like in the case of the logs Rajeeb sent. If there is no error logged, that would mean no failed log-in attempt was logged, in which case I would not be able to help. Rajeeb, what's not working, then? If it's just cURL, you should report that to their component, not here. No prove of a bug from the original description was provided, closing. There were attempts to show that cURL was not picking CIDR addresses in NO_PROXY envvar as a second issue reported here, but cURL is not a part of OpenShift. TL;DR; Once ever discussed with installation QE about CIDR in curl's NO_PROXY implementation, seems it is working as expected for curl: see curl doc in bug 1825219#c8 |