1378840 – Scaleup playbook not updating no_proxy lists

Bug 1378840 - Scaleup playbook not updating no_proxy lists

Summary: Scaleup playbook not updating no_proxy lists

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	3.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	medium
Target Milestone:	---
Target Release:	4.1.0
Assignee:	Scott Dodson
QA Contact:	Johnny Liu
Docs Contact:
URL:
Whiteboard:
Duplicates (2):	1338676 1694012 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-09-23 11:01 UTC by Jaspreet Kaur
Modified:	2022-03-13 14:06 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-08-09 13:23:19 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	2759771	0	None	None	None	2018-03-02 14:00:46 UTC

Internal Links: 1512813

Description Jaspreet Kaur 2016-09-23 11:01:10 UTC

Description of problem:

There are a number of places where no_proxy lists are being autogenerated to include all nodes/routers/masters during scale-up operations these aren't being updated.

After scaling up our cluster to add 'external' nodes we discovered that we couldn't access the pod logs for pods living on the new nodes.

After digging this was due to the requests being routed via our proxy (which doesn't allow port 10250).

We've manually added the new nodes to the various no_proxy lists on the masters and can now access the logs.

So far I've found the following files which need updating:

Masters:

    /etc/origin/master/master-config.yaml
    /etc/sysconfig/atomic-openshift-master
    /etc/sysconfig/atomic-openshift-master-api
    /etc/sysconfig/atomic-openshift-master-controllers

All Nodes:

    /etc/sysconfig/docker

Version

openshift 3.2


Steps To Reproduce

    stand up cluster including HTTP proxies, where the proxy won't allow port 10250 access
    Expand the cluster using the scaleup playbook
    Attempt to access log files for a pod on the new host

Current Result

Obscure permission denied errors


Expected Result : It should be able to add proxy configurations.

Comment 1 Mark Chappell 2016-09-23 12:32:13 UTC

See also : https://github.com/openshift/openshift-ansible/issues/1940

Comment 2 Scott Dodson 2017-02-10 01:31:17 UTC

*** Bug 1338676 has been marked as a duplicate of this bug. ***

Comment 3 Scott Dodson 2017-02-10 01:33:34 UTC

A workaround for environments where all hosts within a given dns domain should not require a proxy is to set like openshift_no_proxy='.example.com'

Comment 10 Scott Dodson 2017-08-24 18:42:39 UTC

Continuing to add each host's IP address is not a solution that scales well with many hosts. It's preferred that a dns zone is specified in openshift_no_proxy which will cover all the hosts for which services should not use a proxy.

Lowering priority.

Comment 19 Scott Dodson 2018-08-09 13:23:19 UTC

The best solution here is to ensure that there's a dns zone that can be configured to exclude all hosts from proxy configuration.

Comment 21 Scott Dodson 2019-07-30 20:26:26 UTC

*** Bug 1694012 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.