Bug 1550385 - Update *sql-apb plan or version failed in 'behind proxy' env
Summary: Update *sql-apb plan or version failed in 'behind proxy' env
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Service Broker
Version: 3.9.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 3.9.0
Assignee: Todd Sanders
QA Contact: Zihan Tang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-03-01 07:18 UTC by Zihan Tang
Modified: 2018-06-27 18:02 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
undefined
Clone Of:
Environment:
Last Closed: 2018-06-27 18:01:34 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2013 None None None 2018-06-27 18:02:09 UTC

Comment 1 Zihan Tang 2018-03-01 07:34:19 UTC
mariadb, mysql also failed with this error.

Comment 4 Jason Montleon 2018-03-01 15:07:06 UTC
It looks like the env vars are already set on all the failed pods so it's something beyond that.

Every pod I try to exec into in this environment whether through proxy or not failes with:
command terminated with exit code 129

This is making it hard to diagnose any further. I can say if exec won't work then none of the copy or execution logic is going to function correctly and we have bigger problems.

Testing locally it looks like there is nothing special we should have to do to carry over existing environment variables into the apb shell commands:

    - hosts: localhost
      tasks:
      - shell: echo $http_proxy
        register: out
     
      - debug:
          msg: "{{ out.stdout }}"

Beyond that, in the original comment the error looks to be:

"Unable to connect to the server: Not Found" as though it's either having a problem resolving name of the proxy or server.

I'm wondering if this is a name resolution problem.

Comment 5 Jason Montleon 2018-03-01 15:32:13 UTC
oc exec errors seem to be selinux related:
# setenforce 0
# oc exec -it -n test                                postgresql-9.5-dev-1-mdsj7  /bin/bash
bash-4.2$ 


Seeing lots of errors like:
type=AVC msg=audit(1519916059.744:52152): avc:  denied  { read write } for  pid=85032 comm="bash" path="/dev/pts/5" dev="devpts" ino=8 scontext=system_u:system_r:container_t:s0:c9,c17 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
type=AVC msg=audit(1519916059.744:52152): avc:  denied  { read write } for  pid=85032 comm="bash" path="/dev/pts/5" dev="devpts" ino=8 scontext=system_u:system_r:container_t:s0:c9,c17 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
type=AVC msg=audit(1519916059.744:52152): avc:  denied  { read write } for  pid=85032 comm="bash" path="/dev/pts/5" dev="devpts" ino=8 scontext=system_u:system_r:container_t:s0:c9,c17 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
type=AVC msg=audit(1519916059.744:52152): avc:  denied  { read write } for  pid=85032 comm="bash" path="/dev/pts/5" dev="devpts" ino=8 scontext=system_u:system_r:container_t:s0:c9,c17 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file

This should probably get opened up as a separate bug.

Comment 7 Jason Montleon 2018-03-01 15:38:38 UTC
Add ,.default to your no_proxy/NO_PROXY env vars.

Comment 8 Jason Montleon 2018-03-01 15:39:33 UTC
If it works this probably needs to get added to the docs.

Comment 9 Erik Nelson 2018-03-01 16:32:00 UTC
Docs update PR: https://github.com/openshift/ansible-service-broker/pull/806

Comment 11 Zihan Tang 2018-03-02 05:51:07 UTC
(In reply to Jason Montleon from comment #5)
> oc exec errors seem to be selinux related:
> # setenforce 0
> # oc exec -it -n test                               
> postgresql-9.5-dev-1-mdsj7  /bin/bash
> bash-4.2$ 

> Seeing lots of errors like:
> type=AVC msg=audit(1519916059.744:52152): avc:  denied  { read write } for 
> pid=85032 comm="bash" path="/dev/pts/5" dev="devpts" ino=8
> scontext=system_u:system_r:container_t:s0:c9,c17
> tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
> 
> This should probably get opened up as a separate bug.
This 'exec' issue has been opened in 
https://bugzilla.redhat.com/show_bug.cgi?id=1517212

Comment 13 errata-xmlrpc 2018-06-27 18:01:34 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2013


Note You need to log in before you can comment on or make changes to this bug.