Bug 1550385 – Update *sql-apb plan or version failed in 'behind proxy' env

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1550385 - Update *sql-apb plan or version failed in 'behind proxy' env

Summary:	Update *sql-apb plan or version failed in 'behind proxy' env

Status:	CLOSED ERRATA

Aliases:	None

Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Service Broker (Show other bugs)
Sub Component:
Version:	3.9.0
Hardware:	Unspecified Unspecified

Priority	medium Severity medium
Target Milestone:	---
Target Release:	3.9.0
Assigned To:	Todd Sanders
QA Contact:	Zihan Tang
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2018-03-01 02:18 EST by Zihan Tang
Modified:	2018-06-27 14:02 EDT (History)
CC List:	7 users (show)

See Also:
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:	undefined
Story Points:	---
Clone Of:
Environment:
Last Closed:	2018-06-27 14:01:34 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:2013	None	None	None	2018-06-27 14:02 EDT

Groups: None (edit)

Comment 1 Zihan Tang 2018-03-01 02:34:19 EST

mariadb, mysql also failed with this error.

Comment 4 Jason Montleon 2018-03-01 10:07:06 EST

It looks like the env vars are already set on all the failed pods so it's something beyond that.

Every pod I try to exec into in this environment whether through proxy or not failes with:
command terminated with exit code 129

This is making it hard to diagnose any further. I can say if exec won't work then none of the copy or execution logic is going to function correctly and we have bigger problems.

Testing locally it looks like there is nothing special we should have to do to carry over existing environment variables into the apb shell commands:

    - hosts: localhost
      tasks:
      - shell: echo $http_proxy
        register: out
     
      - debug:
          msg: "{{ out.stdout }}"

Beyond that, in the original comment the error looks to be:

"Unable to connect to the server: Not Found" as though it's either having a problem resolving name of the proxy or server.

I'm wondering if this is a name resolution problem.

Comment 5 Jason Montleon 2018-03-01 10:32:13 EST

oc exec errors seem to be selinux related:
# setenforce 0
# oc exec -it -n test                                postgresql-9.5-dev-1-mdsj7  /bin/bash
bash-4.2$ 


Seeing lots of errors like:
type=AVC msg=audit(1519916059.744:52152): avc:  denied  { read write } for  pid=85032 comm="bash" path="/dev/pts/5" dev="devpts" ino=8 scontext=system_u:system_r:container_t:s0:c9,c17 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
type=AVC msg=audit(1519916059.744:52152): avc:  denied  { read write } for  pid=85032 comm="bash" path="/dev/pts/5" dev="devpts" ino=8 scontext=system_u:system_r:container_t:s0:c9,c17 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
type=AVC msg=audit(1519916059.744:52152): avc:  denied  { read write } for  pid=85032 comm="bash" path="/dev/pts/5" dev="devpts" ino=8 scontext=system_u:system_r:container_t:s0:c9,c17 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
type=AVC msg=audit(1519916059.744:52152): avc:  denied  { read write } for  pid=85032 comm="bash" path="/dev/pts/5" dev="devpts" ino=8 scontext=system_u:system_r:container_t:s0:c9,c17 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file

This should probably get opened up as a separate bug.

Comment 7 Jason Montleon 2018-03-01 10:38:38 EST

Add ,.default to your no_proxy/NO_PROXY env vars.

Comment 8 Jason Montleon 2018-03-01 10:39:33 EST

If it works this probably needs to get added to the docs.

Comment 9 Erik Nelson 2018-03-01 11:32:00 EST

Docs update PR: https://github.com/openshift/ansible-service-broker/pull/806

Comment 11 Zihan Tang 2018-03-02 00:51:07 EST

(In reply to Jason Montleon from comment #5)
> oc exec errors seem to be selinux related:
> # setenforce 0
> # oc exec -it -n test                               
> postgresql-9.5-dev-1-mdsj7  /bin/bash
> bash-4.2$ 

> Seeing lots of errors like:
> type=AVC msg=audit(1519916059.744:52152): avc:  denied  { read write } for 
> pid=85032 comm="bash" path="/dev/pts/5" dev="devpts" ino=8
> scontext=system_u:system_r:container_t:s0:c9,c17
> tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
> 
> This should probably get opened up as a separate bug.
This 'exec' issue has been opened in 
https://bugzilla.redhat.com/show_bug.cgi?id=1517212

Comment 13 errata-xmlrpc 2018-06-27 14:01:34 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2013

Note You need to log in before you can comment on or make changes to this bug.