Bug 1985486
Summary: | Cluster Proxy not used during installation on OSP with Kuryr | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Maysa Macedo <mdemaced> | |
Component: | Networking | Assignee: | Maysa Macedo <mdemaced> | |
Networking sub component: | kuryr | QA Contact: | Jon Uriarte <juriarte> | |
Status: | CLOSED ERRATA | Docs Contact: | ||
Severity: | high | |||
Priority: | unspecified | CC: | rlobillo | |
Version: | 4.8 | |||
Target Milestone: | --- | |||
Target Release: | 4.10.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: |
Cause:
The cluster network operator was not enforcing usage of Proxy to allow communication to OpenStack API when Kuryr is used in a restricted installation with Proxy.
Consequence:
When the cluster is configured with Kuryr the cluster network operator is unable to connect to the OpenStack API and cluster installation can not progress.
Fix:
Ensure the cluster network operator uses the configured Proxy for OpenStack API communication.
Result:
The cluster network operator can communicate to the Openstack API through the Proxy and installation succeeds.
|
Story Points: | --- | |
Clone Of: | ||||
: | 2014021 (view as bug list) | Environment: | ||
Last Closed: | 2022-03-12 04:36:01 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 2014021 |
Description
Maysa Macedo
2021-07-23 17:02:48 UTC
Verified on 4.10.0-0.nightly-2021-10-04-213416 on top of RHOS-16.1-RHEL-8-20210818.n.0 with OVN-Octavia enabled. The IPI installation of the cluster with NetworkType Kuryr on a restricted network connected to a proxy worked fine: $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.10.0-0.nightly-2021-10-04-213416 True False 68m Cluster version is 4.10.0-0.nightly-2021-10-04-213416 $ oc get proxy cluster -o json { "apiVersion": "config.openshift.io/v1", "kind": "Proxy", "metadata": { "creationTimestamp": "2021-10-05T11:40:12Z", "generation": 1, "name": "cluster", "resourceVersion": "399", "uid": "fd8cc9d5-536e-4f49-9a06-2298c9807583" }, "spec": { "httpProxy": "http://dummy:dummy@172.16.0.3:3128/", "httpsProxy": "https://dummy:dummy@172.16.0.3:3130/", "trustedCA": { "name": "user-ca-bundle" } }, "status": { "httpProxy": "http://dummy:dummy@172.16.0.3:3128/", "httpsProxy": "https://dummy:dummy@172.16.0.3:3130/", "noProxy": ".cluster.local,.svc,10.128.0.0/14,127.0.0.1,169.254.169.254,172.16.0.0/24,172.30.0.0/16,api-int.ostest.shiftstack.com,localhost" } } As stated in the documentation, the proxy must be able to reply to the router that the cluster uses, so below route is added on the proxy server: sudo nmcli connection modify '{{ iface_con.stdout }}' +ipv4.routes '10.128.0.0/14 {{ restricted_network.default_gw }} The restricted_network.default_gw should be defined on the subnet and available so the OCP cluster can make use of it. Removing the Triaged keyword because: * the priority assessment is missing * the QE automation assessment (flag qe_test_coverage) is missing Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056 |