Bug 1311186 - Remove HTTP{s}_PROXY references from /etc/sysconfig/atomic-openshift-*
Remove HTTP{s}_PROXY references from /etc/sysconfig/atomic-openshift-*
Status: CLOSED NOTABUG
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer (Show other bugs)
3.1.0
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Scott Dodson
Gan Huang
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-23 10:00 EST by thunt
Modified: 2016-09-19 15:54 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-09-19 15:54:53 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description thunt 2016-02-23 10:00:17 EST
Description of problem:
/etc/sysconfig/atomic-openshift-node and /etc/sysconfig/atomic-openshift-node have references to configuring proxies:-

# Proxy configuration
# Origin uses standard HTTP_PROXY environment variables. Be sure to set
# NO_PROXY for your master
#NO_PROXY=master.example.com
#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT

No good can come from a proxy configured here, so please remove these references

Thanks

Version-Release number of selected component (if applicable):
3.1.1

How reproducible:

Very

Steps to Reproduce:
1. Configure HTTP_PROXY, HTTPS_PROXY and NO_PROXY in /etc/sysconfig/atomic-openshift-node and /etc/sysconfig/atomic-openshift-node.


Actual results:

OpenShift breaks

Expected results:

OpenShift works

Additional info:
Comment 1 Scott Dodson 2016-04-13 16:55:56 EDT
Makes sense, I can think of no reason the node would need a proxy in the vast majority of configurations. You've confirmed in environments where proxies are required that running the node without these envars works fine?
Comment 2 thunt 2016-04-13 21:42:11 EDT
Yes, and and under all normal use cases if the proxy is defined, it breaks the configuration.

Th only time we would need a proxy would be if that was the only way to reach the master, and I never expect to see that configuration.
Comment 3 Scott Dodson 2016-04-29 09:15:58 EDT
https://github.com/openshift/origin/pull/8683

This is also fixed in ansible in 
https://github.com/openshift/openshift-ansible/pull/1385
Comment 5 Gan Huang 2016-05-18 02:36:43 EDT
Test with openshift-ansible-3.0.90-1.git.0.a077b68.el7.noarch
Config http_proxy and https_proxy in inventory hosts. Check configurations after installation.
 
[root@xxx ~]# cat /etc/sysconfig/atomic-openshift-node 
OPTIONS=--loglevel=5
# /etc/origin/node/ should contain the entire contents of
# /var/lib/origin.local.certificates/node-${node-fqdn} generated by
# running 'atomic-enterprise admin create-node-config' on your master
#
# If if your node is running on a separate host you can rsync the contents
# rsync -a root@atomic-enterprise-master:/var/lib/origin/origin.local.certificates/node-`hostname`/ /etc/origin/node
CONFIG_FILE=/etc/origin/node/node-config.yaml

# The $DOCKER_NETWORK_OPTIONS variable is used by sdn plugins to set
# $DOCKER_NETWORK_OPTIONS variable in the /etc/sysconfig/docker-network
# Most plugins include their own defaults within the scripts
# TODO: More elegant solution like this
# https://github.com/coreos/flannel/blob/master/dist/mk-docker-opts.sh
# DOCKER_NETWORK_OPTIONS='-b=lbr0 --mtu=1450'

# Proxy configuration
# Origin uses standard HTTP_PROXY environment variables. Be sure to set
# NO_PROXY for your master
#NO_PROXY=master.example.com
#HTTP_PROXY=http://USER:PASSWORD@IPADDR:PORT
#HTTPS_PROXY=https://USER:PASSWORD@IPADDR:PORT
IMAGE_VERSION=

Proxy config is removed from /etc/sysconfig/atomic-openshift-node.
But proxy references are still present in /etc/sysconfig/atomic-openshift-node.
Comment 6 Gan Huang 2016-05-18 06:09:09 EDT
Experienced in rpm installation only.
Comment 9 Scott Dodson 2016-09-19 15:54:53 EDT
It actually turns out that nodes needs proxy config in particular for cloud providers. See https://bugzilla.redhat.com/show_bug.cgi?id=1375031

Note You need to log in before you can comment on or make changes to this bug.