Bug 1578993 - jenkins slave does not respect no_proxy 3.10
Summary: jenkins slave does not respect no_proxy 3.10
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build
Version: 3.10.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 3.10.0
Assignee: Gabe Montero
QA Contact: Wenjing Zheng
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-16 18:24 UTC by Gabe Montero
Modified: 2018-07-30 19:15 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: jenkins no_proxy processing could not handle suffixes like ".svc" Consequence: communication between a jenkins k8s agent pod and the jenkins master would attempt to go through a configured http_proxy and fail Fix: the openshift jenkins agent images are updated to automatically include the jenkins master and jnlp hosts in the no_proxy list Result: the jenkins limitation for no_proxy processing is circumvented
Clone Of: 1578989
Environment:
Last Closed: 2018-07-30 19:15:30 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:1816 None None None 2018-07-30 19:15:54 UTC
Red Hat Knowledge Base (Solution) 3429951 None None None 2018-05-16 18:24:44 UTC

Comment 1 Gabe Montero 2018-05-16 18:48:44 UTC
The fix for this merged last week, and the images are on brew-pulp.

For example, brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/jenkins-slave-maven-rhel7:v3.10.0.20180515.215815 has the fix.

To test:
- you use a pipeline with agents like https://raw.githubusercontent.com/openshift/origin/master/examples/jenkins/pipeline/maven-pipeline.yaml

- log into the jenkins console, go to manage jenkins -> configure system, and update the maven pod template towards the bottom on the page by
   
   -- add the env var http_proxy to the pod template, setting it to a http proxy
   -- either a) change the image ref to brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/jenkins-slave-maven-rhel7:v3.10.0.20180515.215815, pull that image to the node, and uncheck pull always, so it uses the local image, or b) retag brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/openshift3/jenkins-slave-maven-rhel7:v3.10.0.20180515.215815 to an image repository you can push, and then push it to an accessible repository

- save the changes,
- then start the build 

without the fix, things like the downloading of the remoting jar and access to the jnlp tunnel will fail in the resulting maven pod, as they try to go through the proxy and fail

in fact, if you want to verify the problem exists, try a build with http_proxy set on the pod template and use the default image to start the build

with the fix, the maven build should succeed like before

Comment 4 errata-xmlrpc 2018-07-30 19:15:30 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1816


Note You need to log in before you can comment on or make changes to this bug.