We've been unable to reproduce these issues and have been able to provision and bind behind a proxy using `oc cluster up` based environments as well as openshift-ansible environments using the following variables: `openshift_http_proxy and openshift_https_proxy`. Can you please retest, and if you continue to see issues, please confirm HTTP_PROXY, HTTPS_PROXY, and NO_PROXY are appropriately set in /etc/sysconfig/docker on the cluster nodes?
@Erik I hit some trouble in environment installation from Jenkins today. I will re-setup a env for you debug later. Thanks.
Think I may have gotten to the bottom of this now that I was able to access the repro env. The registry is configured with https://registry.access.redhat.com as the root. During the bootstrap phase, a number of requests are made against this server to load the APB list. As part of that, the crane server is redirecting /v2/ requests to a registry behind "access.redhat.com", *not* "registry.access.redhat.com". I confirmed this was the case manually walking through the requests that the broker needs to make using curl while inside the broker's container. I suspect the proxy server is configured to whitelist only "registry.access.redhat.com". Is that true? Can you please make sure that "access.redhat.com" is whitelisted as well, and retest?
This is the address in question that the container must have access to: https://access.redhat.com/webassets/docker/content/dist/rhel/server/7/7Server/x86_64/ose/3/containers/registry/openshift3/mariadb-apb/manifests/v3.7
(And all other paths for each of the various APBs)
I can't even ping access.redhat.com from the master host, and I'm not familiar with how these environments are set up. Is there something about the networking configuration that would prevent communications with this host?
Thanks for Gan's explanation. I'm changing status to "assign" base on the current test result.
https://github.com/openshift/ansible-service-broker/pull/654
Will verify this bug in 1.1.6. The latest is 1.1.5 from downstream registry.
@Erik, That is OKay. PR #683 was merged in 1.1.8, I will double check while downstream image ready for test. Please update and add comments if you find any more need to change. Furthermore, I can support you prepare a behind proxy env for you develop or pre-check if you need. BTW, I cannot keep a env long time, the env in Comment 24 maybe lost by Jan. 29 or 30.
@Zhang I believe 1.1.8 should be available with the lowercase proxy var fix. Please make sure you have configured the broker with HTTP_PROXY,HTTPS_PROXY, and NO_PROXY, and see if you can confirm the APB pod that it spawns also have those environment variables set on them. Additionally, the "openshift.keep_namespace" and "openshift.keep_namespace_on_error" settings in the broker-config configmap should be set to true; these will help keep the resources around for debugging purposes. If you encounter trouble, please keep the environment up, I will try to investigate as soon as I can so you don't have to keep it around for too long.
@Erik Will verify till downstream image ready. The latest is 1.1.7 at present.
Changing status to "MODIFIED" since still waiting downstream image for test.
Changing status to ON_QA since downstream image ready for test.
Follow comment31, changing status to "Verified" HTTP_PROXY,HTTPS_PROXY, and NO_PROXY are set on the broker's container can be applyed those same settings in uppercase and lowercase to the APBs succeed. APBs provision/binding succeed in my testing.
REsolved