Bug 2039109

Summary: [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy
Product: OpenShift Container Platform Reporter: Fujitsu container team <fj-lsoft-rh-cnt>
Component: InstallerAssignee: Tomas Sedovic <tsedovic>
Installer sub component: OpenShift on Bare Metal IPI QA Contact:
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: ecosystem-partners-infrastructure, fj-lsoft-bm, hase.jin, hfukumot, janders, jniu, kahara, mvalsecc, vvoronko
Version: 4.10Keywords: OtherQA, Triaged
Target Milestone: ---   
Target Release: 4.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: QJ220126-002
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-10 16:38:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1920358    
Attachments:
Description Flags
Proxy setting in install-config.yaml none

Description Fujitsu container team 2022-01-11 01:39:49 UTC 
Customer Contact Name:

  Yasuhiro Futakawa

Description of Problem:

  IPI failed due to image pull failure. 
  This is because startironic.sh starts the image-customization container with sudo which causes the loss of proxy env. 
  This problem can be resolved by simply removing the sudo used in startironic.sh because this script is executed under the root user. 

Version-Release number of selected component:

  This issue was detected in the Pre-GA version.

  Red Hat OpenShift Container Platform Version Number: 4.10
  Release Number:  4.10.0-0.nightly-2021-12-20-231053
  Kubernetes Version: 1.22.1
  Cri-o Version: 1.23.0
  Related Component: NONE
  Related Middleware/Application: irmc
  Underlying RHCOS Release Number: 4.10
  Underlying RHCOS Architecture: x86_64
  Underlying RHCOS Kernel Version: 4.18.0

Drivers or hardware or architecture dependency:

  None

How reproducible:

  Everytime

Step to Reproduce:

  $ openshift-install --dir ~/clusterconfigs create manifests
  $ openshift-install --dir ~/clusterconfigs --log-level debug create cluster

Actual Results:

  IPI fails due to image pull failure

Expected Results:

  Image can be pulled normally

Summary of actions taken to resolve issue:

  Fujitsu sent PR: https://github.com/openshift/installer/pull/5513

Location of diagnostic data:

  None

Hardware configuration:

  Model: RX2540 M4
Comment 3 Victor Voronkov 2022-01-18 09:43:53 UTC 
Hi, in order to properly verify the bug I would like to get more information about the environment and content of proxy section in install-config.yaml, in my test env with squid proxy I wasn't able to reproduce the original issue
Comment 4 Jacob Anders 2022-01-18 10:34:58 UTC 
Hase-San- would you or one of your colleagues be able to provide the information requested in https://bugzilla.redhat.com/show_bug.cgi?id=2039109#c3 to our QE Team? Thank you.
Comment 5 Fujitsu container team 2022-01-19 10:14:18 UTC 
Dear Victor, Jacob,

I share proxy setting in install-config.yaml
We use local address in install-config.yaml, but we forward the proxy(we use an external proxy actually).
192.168.30.Z is bastion machine of our environment, and this bastion forwards proxy to external.

Best Regards,
Yasuhiro Futakawa
Comment 6 Fujitsu container team 2022-01-19 10:16:52 UTC 
Created attachment 1851837 [details]
Proxy setting in install-config.yaml
Comment 7 Jacob Anders 2022-01-20 01:12:45 UTC 
Thank you Futakawa-san.
Comment 8 Fujitsu container team 2022-01-21 02:06:13 UTC 
Dear Victor, Jacob,

Fujitsu confirmed that we could download the image correctly with the latest nightly which contains PR5513.
So this BZ is fixed.

Best Regards,
Yasuhiro Futakawa
Comment 9 Victor Voronkov 2022-01-21 10:26:31 UTC 
Following customer comment, the bug was verified
Comment 12 errata-xmlrpc 2022-03-10 16:38:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056