1544645 – Service catalog playbook missing --noproxy '*' when checking api server

Bug 1544645 - Service catalog playbook missing --noproxy '*' when checking api server

Summary: Service catalog playbook missing --noproxy '*' when checking api server

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	3.7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	3.9.0
Assignee:	Vadim Rutkovsky
QA Contact:	Gan Huang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-02-13 06:48 UTC by Takayoshi Kimura
Modified:	2018-03-28 14:28 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-03-28 14:28:16 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift openshift-ansible pull 7125	0	None	closed	Use curl --noproxy option for internal apiserver access	2021-01-21 04:01:31 UTC
Red Hat Product Errata	RHBA-2018:0489	0	None	None	None	2018-03-28 14:28:54 UTC

Description Takayoshi Kimura 2018-02-13 06:48:13 UTC

Description of problem:

In proxy env, the hosts have proxy env vars configured but it doesn't have OpenShift specific hostnames like ".svc".

Service catalog install fails because it checks the api server using curl without --noproxy option specified.

Version-Release number of the following components:

$ rpm -q openshift-ansible
openshift-ansible-3.7.14-1.git.0.4b35b2d.el7.noarch
$ rpm -q ansible
ansible-2.4.1.0-1.el7.noarch
$ ansible --version
ansible 2.4.1.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/nekop/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, May  3 2017, 07:55:04) [GCC 4.8.5 20150623 (Red Hat 4.8.5-14)

How reproducible:

Always

Steps to Reproduce:
1.
2.
3.

Actual results:

TASK [openshift_service_catalog : wait for api server to be ready] ******************************************************************************************
FAILED - RETRYING: wait for api server to be ready (120 retries left).
FAILED - RETRYING: wait for api server to be ready (1 retries left).
fatal: [ose-master1]: FAILED! => {"attempts": 120, "changed": false, "cmd": ["curl", "-k", "https://apiserver.kube-service-catalog.svc/healthz"], "delta": "0:00:00.010631", "end": "2018-02-13 09:34:17.759183", "msg": "non-zero return code", "rc": 56, "start": "2018-02-13 09:34:17.748552", "stderr": "  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current\n                                 Dload  Upload   Total   Spent    Left  Speed\n\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0\r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0\ncurl: (56) Received HTTP code 403 from proxy after CONNECT", "stderr_lines": ["  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current", "                                 Dload  Upload   Total   Spent    Left  Speed", "", "  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0", "  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0", "curl: (56) Received HTTP code 403 from proxy after CONNECT"], "stdout": "", "stdout_lines": []}
        to retry, use: --limit @/var/lib/awx/projects/openshift-ansible/playbooks/byo/config.retry

Expected results:

Check performed with curl --noproxy '*' option and passed

Additional info:

Comment 1 Vadim Rutkovsky 2018-02-16 09:52:00 UTC

Fix is available in openshift-ansible-3.9.0-0.45.0.git.0.05f6826.el7

Comment 2 Gan Huang 2018-02-23 03:22:54 UTC

The fix was reverted by PR https://github.com/openshift/openshift-ansible/pull/7222/files

Comment 3 Vadim Rutkovsky 2018-02-23 10:06:20 UTC

Created https://github.com/openshift/openshift-ansible/pull/7262 to unrevert it

Comment 5 Gan Huang 2018-02-28 08:50:25 UTC

Verified in openshift-ansible-3.9.1-1.git.0.9862628.el7.noarch.rpm

Comment 8 errata-xmlrpc 2018-03-28 14:28:16 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0489

Note You need to log in before you can comment on or make changes to this bug.