Bug 1990556
| Summary: | get-resources.sh doesn't honor the no_proxy settings even with no_proxy var | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Pamela Escorza <pescorza> | |
| Component: | Bare Metal Hardware Provisioning | Assignee: | Derek Higgins <derekh> | |
| Bare Metal Hardware Provisioning sub component: | baremetal-operator | QA Contact: | Victor Voronkov <vvoronko> | |
| Status: | CLOSED ERRATA | Docs Contact: | ||
| Severity: | high | |||
| Priority: | high | CC: | andbartl, augol, bfournie, derekh, kiran, rpittau, sserafin, tmulquee, tsedovic, vvoronko | |
| Version: | 4.8 | Keywords: | Triaged | |
| Target Milestone: | --- | |||
| Target Release: | 4.10.0 | |||
| Hardware: | All | |||
| OS: | All | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: |
cause: curl (used by the machine downloader image doesn't support CIDR's in no_proxy)
consequence: any CIDR added to noProxy is ignored when downloading the RHCOS image
fix: proxys are now removed from the environment if appropriate before calling curl
result: When downloading the machine image the value of NO_PROXY is no longer ignored
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 2020546 (view as bug list) | Environment: | ||
| Last Closed: | 2022-03-12 04:37:00 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 2020546 | |||
Hi @kiran: adding the IP in the list of the noProxy variable works as expected. Is expected to allow CIDR in the noProxy list for future versions? (In reply to Pamela Escorza from comment #13) > Hi @kiran: adding the IP in the list of the noProxy variable > works as expected. > Is expected to allow CIDR in the noProxy list for future versions? Hi Pamela, I doubt the CIDRs in no_proxy/NO_PROXY ever worked with curl or wget. Its a limitation of these tools. Short of rendering the CIDRs into IP addresses, I don't think this will look different in the future releases. Thanks. https://www.gnu.org/software/wget/manual/html_node/Proxies.html https://curl.se/docs/manpage.html @derekh Can you please provide Doc Text to assist in drawing up the Release Notes entry? Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056 |
Description of problem: get-resources.sh[0] used by OCP 4.8.2 includes var no_proxy but curl is not making reference to the variable: #!/bin/bash -xe # Check and set http(s)_proxy. Required for cURL to use a proxy export http_proxy=${http_proxy:-$HTTP_PROXY} export https_proxy=${https_proxy:-$HTTPS_PROXY} export no_proxy=${no_proxy:-$NO_PROXY} export CURL_CA_BUNDLE=${CURL_CA_BUNDLE:-/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem} export IP_OPTIONS=${IP_OPTIONS:-} .... else CONNECT_TIMEOUT=120 MAX_ATTEMPTS=5 for i in $(seq ${MAX_ATTEMPTS}); do if ! curl -g --compressed -L --connect-timeout ${CONNECT_TIMEOUT} -o "${RHCOS_IMAGE_FILENAME_RAW}" "${IMAGE_URL}/${RHCOS_IMAGE_FILENAME_RAW}"; then if (( ${i} == ${MAX_ATTEMPTS} )); then echo "Download failed." exit 1 else SLEEP_TIME=$((i*i)) echo "Download failed, retrying after ${SLEEP_TIME} seconds..." sleep ${SLEEP_TIME} fi else break fi done ... } As workaround, by updating the script /usr/local/bin/get-resource.sh with the correct noproxy information, the installation continue [0]https://github.com/openshift/ironic-rhcos-downloader/blob/71967e7deca9e9d0e094cbaedb7fe7ce0267dd84/get-resource.sh Version-Release number of selected component (if applicable): Deploy a cluster with proxy settings and serving the ipa and rhcos images in a local http server with no proxy in the middle How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: The script download fails because of the proxy Expected results: Download images correctly as per proxy configuration Additional info: