Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1397475 - [Behind Proxy][3.4] Cannot use ssh for git repos when http/s proxy is set
[Behind Proxy][3.4] Cannot use ssh for git repos when http/s proxy is set
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build (Show other bugs)
3.2.1
Unspecified Unspecified
medium Severity medium
: ---
: 3.4.z
Assigned To: Ben Parees
Wang Haoran
:
Depends On:
Blocks: 1414522
  Show dependency treegraph
 
Reported: 2016-11-22 10:45 EST by Miheer Salunke
Modified: 2017-03-29 16:06 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Proxy value validation prevented use of default cluster proxy settings with ssh git urls. Consequence: Buildconfigs that used ssh git urls in a cluster with default proxy settings would get a validation error unless the proxy value was explicitly set to empty string in the buildconfig. Fix: Validation will no longer reject buildconfigs that use ssh git urls and have a proxy value set. However the proxy value will not be used when an ssh git url is supplied. Result: Buildconfigs that specify ssh git urls will not get a validation error even if the cluster defines a default git proxy value.
Story Points: ---
Clone Of:
: 1414522 (view as bug list)
Environment:
Last Closed: 2017-01-31 15:18:59 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 2856901 None None None 2017-01-12 03:48 EST
Red Hat Product Errata RHBA-2017:0218 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.4.1.2 bug fix update 2017-01-31 20:18:20 EST

  None (edit)
Description Miheer Salunke 2016-11-22 10:45:40 EST 
1. Proposed title of this feature request
=>Cannot use ssh for git repos when http/s proxy is set


3. What is the nature and description of the request?
=> A check in the build validation (func validateGitSource) will prevent any use of ssh to access git repos when the http or https proxy variables are set in the cluster proxy settings.

The cluster is installed with openshift_http_proxy and openshift_https_proxy variables set in installer variables. However, when gitHTTProxy and gitHTTPSProxy are set as a consequence, we cannot access internal git repositories with ssh:// URIs due to the mentioned build validation.

Our current workaround to access internal private git repositories with SSH is to set gitHTTPProxy and gitHTTPSProxy to blank values in /etc/origin/master/master-config.yaml.  This way users can access local git repositories as expected with ssh:// URIs as expected. 

However, to access any external repository (access to external repos would use HTTP/S)  we would need to use a proxy. This ticket is for investigating possibilities of changing the build validation to allow SSH-accessed git repos even when gitHTTPProxy, gitHTTPSProxy parameters are set.


The result is an error message 'only http:// and https:// GIT protocols are allowed with HTTP or HTTPS proxy set'

Expected behavior: The proxy settings for http should not interfere with the ability to access internal ssh git repos.
Comment 2 Ben Parees 2016-11-23 09:42:09 EST 
To fix this we should just remove the validation rule and allow proxy values to be set regardless of git protocol.
Comment 3 Pascal Bach 2016-12-01 09:00:30 EST 
Removing the check would be fine with me.
Comment 4 Kenjiro Nakayama 2017-01-11 03:56:43 EST 
This is not a new feature request, but just a regression due to https://github.com/openshift/origin/pull/5959 I hope that this ticket should be handled in a more timely manner...
Comment 5 Kenjiro Nakayama 2017-01-12 00:42:35 EST 
One of the customers is asking the ETA. Could you please tell us the ETA?
Comment 6 Kenjiro Nakayama 2017-01-12 05:16:27 EST 
The enterprise customer is asking us to provide the fix for 3.3. If you will fix this on the upstream, please backport to OCP 3.3.
Comment 7 Ben Parees 2017-01-12 10:26:01 EST 
https://github.com/openshift/origin/pull/12463
Comment 8 openshift-github-bot 2017-01-12 18:12:25 EST 
Commit pushed to master at https://github.com/openshift/origin

https://github.com/openshift/origin/commit/cd8299b4556452dc0c1543d74253197a8cc37e70
allow proxy values to be specified with non-http git uris

bug 1397475
Comment 12 Wenjing Zheng 2017-01-22 02:38:06 EST 
Verified with below version, git repo can be used when http/s proxy is set:
openshift v3.4.1.0
kubernetes v1.4.0+776c994
etcd 3.1.0-rc.0
Comment 14 errata-xmlrpc 2017-01-31 15:18:59 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0218
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.