Bug 1896446

Summary: Git clone from private repository fails after upgrade OCP 4.5 to 4.6
Product: OpenShift Container Platform Reporter: Adam Kaplan <adam.kaplan>
Component: BuildAssignee: Adam Kaplan <adam.kaplan>
Status: CLOSED ERRATA QA Contact: XiuJuan Wang <xiuwang>
Severity: urgent Docs Contact:
Priority: high    
Version: 4.6CC: adam.kaplan, aivaras.laimikis, aos-bugs, gmontero, mrobson, nstielau, obulatov, rheinzma, rmarasch, sdodson, sgarciam, suchaudh, vjaypurk, wking, wzheng
Target Milestone: ---Keywords: Regression
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: pre-merge-verified
Fixed In Version: Doc Type: Bug Fix
Doc Text:
* Previously, after upgrading from OpenShift Container Platform version 4.5 to version 4.6, trying to git clone from a private repository failed because builds did not add proxy information to the git configuration that was used to pull the source code. As a result, the source code could not be pulled if the cluster used a global proxy and the source was pulled from a private git repository. The current release fixes this issue: It corrects how git is configured when the cluster uses a global proxy. Now, performing git clone can pull source code from a private git repository if the cluster uses a global proxy. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1896446[*BZ#1896446*])
Story Points: ---
Clone Of: 1894796 Environment:
Last Closed: 2021-02-24 15:32:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1901512    

Description Adam Kaplan 2020-11-10 15:08:04 UTC
+++ This bug was initially created as a clone of Bug #1894796 +++

Description of problem:

There is another problem they are facing  after the upgrade.  All the S2I builds from their private source git repositry which we have access from openshift environment are failing with the following git error. 
We are only able to see below build failure log (attached full log). 

error: only one config file at a time.
usage: git config [<options>]

Actual results:

Build fails to clone source from private git repo.

Expected results:

Builds should clone from private git repo.

Comment 4 Gabe Montero 2020-11-11 16:12:32 UTC
*** Bug 1896801 has been marked as a duplicate of this bug. ***

Comment 9 Sergio G. 2020-11-16 07:02:00 UTC
Created article with workaround: https://access.redhat.com/solutions/5571661

Comment 10 Adam Kaplan 2020-11-16 19:24:44 UTC
Work around is to set a cluster BuildDefault to clear the proxy settings for git cloning:

```
$ oc edit build.config.openshift.io/cluster

spec:
  buildDefaults:
    gitProxy:
      httpProxy: ""
      httpsProxy: ""
```

Note that this works if access to the git repository bypasses the proxy via the NO_PROXY environment variable. If the cluster requires the proxy to access all external applications, then this solution would not be applicable.

Comment 20 XiuJuan Wang 2020-11-24 08:54:31 UTC
Launched a 4.7 proxy cluster, using image built from build #189.
Test scenarios:
    With .gitconfig of source secret , build could pull code from private repo. Builds go to completed.
    With basic auth of source secret, build could pull code from private repo. Builds go to completed.
    Basic HTTP auth with token, github.com added to NO_PROXY. Times out cloning source (cannot access github.com)

Comment 22 Adam Kaplan 2020-11-25 13:53:02 UTC
Marking Bug 1873327 as a related issue, but not a blocker.

Comment 23 XiuJuan Wang 2020-11-26 06:45:13 UTC
Verified on 4.7.0-0.nightly-2020-11-25-114114 proxy cluster.

Comment 32 errata-xmlrpc 2021-02-24 15:32:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633

Comment 33 W. Trevor King 2021-04-05 17:36:20 UTC
Removing UpgradeBlocker from this older bug, to remove it from the suspect queue described in [1].  If you feel like this bug still needs to be a suspect, please add keyword again.

[1]: https://github.com/openshift/enhancements/pull/475