Bug 1495142 - All the internal hosts should be added to NO_PROXY
Summary: All the internal hosts should be added to NO_PROXY
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.7.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 3.7.0
Assignee: Tim Bielawa
QA Contact: Gan Huang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-09-25 09:44 UTC by Gan Huang
Modified: 2017-11-28 22:12 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Facts were lost during some internal refactoring Consequence: The list of names to populate in the NO_PROXY field was empty Fix: The facts have been restored Result: The list of NO_PROXY names is correctly defined
Clone Of:
Environment:
Last Closed: 2017-11-28 22:12:28 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift openshift-ansible pull 5569 0 None None None 2017-11-01 15:27:18 UTC
Red Hat Product Errata RHSA-2017:3188 0 normal SHIPPED_LIVE Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update 2017-11-29 02:34:54 UTC

Description Gan Huang 2017-09-25 09:44:03 UTC 
Description of problem:
Only the host itself added to NO_PROXY in /etc/sysconfig/atomic-openshift-master-api, /etc/sysconfig/atomic-openshift-master-controllers, /etc/sysconfig/atomic-openshift-node and /etc/origin/master/master-config.yaml. That result in `oc logs..` failed. We should add all the internal hosts to NO_PROXY at least.

Version-Release number of the following components:
openshift-ansible-3.7.0-0.126.4.git.0.3fc2b9b.el7.noarch.rpm

How reproducible:
always

Steps to Reproduce:
1.Trigger proxy installation
<--snip-->
openshift_https_proxy=http://xxxx.redhat.com:3128
openshift_http_proxy=http://xxxx.redhat.com:3128
<--snip-->


Actual results:
Installation succeed, but only the host itself added to NO_PROXY.

Expected results:
All the internal hosts added to NO_PROXY.

Additional info:
Comment 4 Tim Bielawa 2017-10-17 17:33:30 UTC 
I believe I have reproduced this error in a 1m2n cluster. The problem is even worse in that scenario as the nodes will fail to register completely. Just as you described in the OP, the only host entry in the sysconfig proxy settings was for the host I was looking at, along with the boilerplate '.svc...' items.

Trying this now on OCP 3.6
Comment 5 Tim Bielawa 2017-10-19 14:17:38 UTC 
I have ran tests and verified this bug for OCP 3.7 when proxy parameters are set. I am working on identifying the source of the regression now.
Comment 6 Gan Huang 2017-10-19 15:09:41 UTC 
Tim,

I submitted a PR for the issue, at least it worked for me. But uncertain if that's a good way to fix. Hopefully could help you to identify the issue.
Comment 7 Gan Huang 2017-10-19 15:10:22 UTC 
Might be a fix: https://github.com/openshift/openshift-ansible/pull/5569/files
Comment 8 Tim Bielawa 2017-10-19 15:13:59 UTC 
Ouch. Since that PR has lingered for almost a month it has gotten out of sync. I'll try fixing it up and running the 3.7 proxy tests again.
Comment 9 Tim Bielawa 2017-10-19 18:55:04 UTC 
I've fixed up the rebase problem with the original patch you provided and I have successfully tested the patch. Results are shown in github: https://github.com/openshift/openshift-ansible/pull/5569#issuecomment-338001818
Comment 11 Gan Huang 2017-10-26 09:25:12 UTC 
Verified in openshift-ansible-3.7.0-0.178.0.git.0.27a1039.el7.noarch.rpm

Proxy variables added correctly. Thanks Tim.
Comment 15 errata-xmlrpc 2017-11-28 22:12:28 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188
Note You need to log in before you can comment on or make changes to this bug.