Installed a stand-alone cluster (everything on one box) using the openshift-ansible installer (3.6.173.0.96-1). openshift_http(s)_proxy variables were set properly during the install (in the /etc/ansible/hosts file). Everything installs correctly. However, after the install we were unable to 'docker login' to the registry via the route either from a desktop OR on the openshift box itself. The error was "TLS Handshake Timeout" or something like that. We were able to fix this by adding '172.30.0.1' (kube SVC address) to the NO_PROXY environment variable in the docker-registry's deployment config. It looks like traffic destined for the SDN IP space was being sent out through the proxy.
Sounds like https://github.com/openshift/openshift-ansible/pull/6215 should be cherry-picked on 3.6. Nicholas, would you be able to test the fix as I'm afraid I don't have a proxy configured for this
Created https://github.com/openshift/openshift-ansible/pull/7180
Fix is available in openshift-ansible-3.6.173.0.103-1-2-gdafe5d979
The latest rpm package of the 3.6 builds is openshift-ansible-3.6.173.0.104-1.git.0.ee43cc5.el7.noarch.rpm that the fix is not in. Moving to MODIFIED to wait the next rpm build having the fix. And I can't find openshift-ansible-3.6.173.0.103-1-2-gdafe5d979. Vadim, please kindly correct me if I'm missing something.
Correct, the fix is not yet released in 3.6, sorry for the noise
Fix not in yet, moving back temporarily.
Still no new rpm packages built yet.
in openshift-ansible-3.6.173.0.105-1
Verified in openshift-ansible-3.6.173.0.105-1.git.0.406806c.el7.noarch.rpm
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:1106