Bug 2045927
Summary: | [FJ OCP4.10 Bug]: Podman failed to pull the IPA image due to the loss of proxy environment | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Fujitsu container team <fj-lsoft-rh-cnt> |
Component: | Installer | Assignee: | Jacob Anders <janders> |
Installer sub component: | OpenShift on Bare Metal IPI | QA Contact: | Victor Voronkov <vvoronko> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | high | ||
Priority: | urgent | CC: | afasano, dtantsur, ecosystem-partners-infrastructure, fj-lsoft-bm, hfukumot, janders, jniu, kahara, mvalsecc, rhalle, rpittau, shardy, tsedovic, vvoronko |
Version: | 4.10 | Keywords: | Triaged |
Target Milestone: | --- | ||
Target Release: | 4.10.0 | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | QJ220126-001 | ||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-03-12 04:41:56 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1920358 |
Description
Fujitsu container team
2022-01-26 00:21:03 UTC
Upon discussion with the Metal Platform team we decided this qualifies as a blocker due to regression in use cases requiring use of proxy. Our colleagues from Fujitsu who originally identified this issue have proposed fixes which are currently under review. In addition to PRs which are aiming to resolve the proxy issue, the Metal Team is currently working on adding a validation / CI job that would ensure that the fixes proposed work as expected (this is tracked in https://github.com/openshift-metal3/dev-scripts/pull/1341). The Team have made good progress with this BZ - with regards to fixes, we currently we have: https://github.com/openshift/image-customization-controller/pull/33 MERGED https://github.com/openshift/cluster-baremetal-operator/pull/240 MERGED https://github.com/openshift/installer/pull/5569 OPEN PR5569 is past reviews and hasn't merged only due to perma-failing tests. It is now waiting for a Staff Engineer to review and override CI allowing it to merge. PR1341 (https://github.com/openshift-metal3/dev-scripts/pull/1341) which is aiming to add test coverage is still WIP however this is not a part of the fix - this can be finished as a follow up change post 4.10 Code Freeze. https://github.com/openshift/installer/pull/5569 has just MERGED. I removed explicit linkage to https://github.com/openshift-metal3/dev-scripts/pull/1341 and setting the BZ to MODIFIED. Verified the fix had no regression and deployment succeeded on IPv6 ctrplane network Note - no reproduce of the issue itself was possible in QE env at that moment) provisionhost-0-0 ~]$ more install-config.yaml apiVersion: v1 baseDomain: qe.lab.redhat.com proxy: httpProxy: http://[fd2e:6f44:5dd8::7c]:3128 httpsProxy: http://[fd2e:6f44:5dd8::7c]:3128 noProxy: registry.ocp-edge-cluster-0.qe.lab.redhat.com,fd00:1101:0:1::/64,fd2e:6f44:5dd8::/64,9999 networking: networkType: OVNKubernetes machineCIDR: fd2e:6f44:5dd8::/64 [kni@provisionhost-0-0 ~]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.10.0-0.nightly-2022-01-27-104747 True False 5h3m Cluster version is 4.10.0-0.nightly-2022-01-27-104747 =================== with all that the real verification wait for QE to implement iptables rules to enable connection outside only via Bastion host and via proxy or fix been verified at customer environment Hi, could you please report if the fix was working? Our test env to reproduce the original issue is still WIP. Actually we were interested to understand the topology of your env, where proxy is the only gateway and restrictions you apply on your nodes. Thanks Hi Victor,
Thank you for your reply.
> could you please report if the fix was working?
Yes, Fujitsu verified that this fix was working correctly.
Best Regards,
Yasuhiro Futakawa
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056 |