Hide Forgot
Description of problem: Config build.config.openshift.io/cluster did not work, because setting invalid proxy in cluster config, build still complete Version-Release number of selected component (if applicable): 4.0.0-0.nightly-2019-02-13-204401 registry.svc.ci.openshift.org/ocp/release@sha256:8168c9d2a331b6e8ca5e9b08f623d7f0ff50277bbc63fa71b1bc2a8c806f2ddf How reproducible: always Steps to Reproduce: 1.Create cluster with invalid proxy setting in cluster-config.yaml $ oc create -f cluster-config.yaml kind: Build apiVersion: config.openshift.io/v1 metadata: name: cluster spec: buildDefaults: defaultProxy: - httpProxy: http://invalid.rdu.redhat.com:3128 httpsProxy: https://invalid.rdu.redhat.com:3128 2.Create project and create app $ oc new-app -f https://raw.githubusercontent.com/openshift/origin/master/examples/sample-app/application-template-stibuild.json -n wewang2 3.Check the build $ oc get builds -n wewang2 NAME TYPE FROM STATUS STARTED DURATION ruby-sample-build-1 Source Git@787f1be Complete 7 minutes ago 1m35s 4. Check the build pod, no related proxy info https://url.corp.redhat.com/242bd13 5. Check build pod env, nothing $oc set env pods ruby-sample-build-1-build --list -n wewang2 |grep -i proxy Actual results: Build complete Expected results: Build should fail with invaild proxy Additional info:
Submitted pull request https://github.com/openshift/origin/pull/22071 to correct this issue
@Adam Kaplan now I saw the pr:https://github.com/openshift/api/pull/156/files from deads2k, seems there will be proxy.config.openshift.io/cluster : https://github.com/openshift/api/blob/master/config/v1/types_proxy.go#L11, if so, do we still need define proxy in build.config.openshift.io/cluster?
And I saw defaultProxy(https://github.com/openshift/api/blob/master/config/v1/types_build.go#L42) in build.config.openshift.io/cluster are using ProxySpec from types_proxy.go(https://github.com/openshift/api/blob/master/config/v1/types_proxy.go#L12), does I misunderstand it, if so, pls correct me, thanks!
@wewang we are using the same types in the code so we have a consistent API. However, the cluster isn't creating the `proxy.config.openshift.io/cluster` object at installation (this is a bug - will be fixed soon).
And the build controller is not consuming the proxy.config.openshift.io/cluster object and it may not do so in 4.0.
@Ben Parees, if build defaults default proxy setting will override the proxy in cluster proxy config?
@wewang at present we ignore anything set in proxy.config.openshift.io/cluster - builds will only use the default proxy set in the build.config.openshift.io/cluster spec.
pull request has merged into origin
@cdaley Checked pr already merged to origin,see[1], and tested as https://bugzilla.redhat.com/show_bug.cgi?id=1677585#c0 described, still Config build.config.openshift.io/cluster did not work, build complete and no proxy info in build pod. Version-Release number of selected component: ./openshift-install unreleased-master-420-g1b13d68b1ad0259cb8bd4af77288cdebf70a243f payload: registry.svc.ci.openshift.org/openshift/origin-release@sha256:7773458ee2c15b132441350a37fa16157e7c690d0c652b9238bea191fd6e2490 version: 4.0.0-0.alpha-2019-02-26-012920 [1]Check pr if merged origin $ oc adm release info --commits "registry.svc.ci.openshift.org/openshift/origin-release:4.0.0-0.alpha-2019-02-26-012920" |grep cli cli https://github.com/openshift/origin 43346b6b0dcf5a9266602995e5f80e0332b9ac36 [wewang@Desktop origin]$ pwd /home/wewang/go/src/github.com/openshift/origin [wewang@Desktop origin]$ git log |grep 43346b6b0dcf5a9266602995e5f80e0332b9ac36 commit 43346b6b0dcf5a9266602995e5f80e0332b9ac36
@cdaley,Checked in origin image and pr aleady merged in it, see[1], and tested as https://bugzilla.redhat.com/show_bug.cgi?id=1677585#c0 description, Config build.config.openshift.io/cluster did not work, build still complete and no proxy info in build pod. Version-Release number of selected component (if applicable): ./openshift-install unreleased-master-420-g1b13d68b1ad0259cb8bd4af77288cdebf70a243f payload: registry.svc.ci.openshift.org/openshift/origin-release@sha256:7773458ee2c15b132441350a37fa16157e7c690d0c652b9238bea191fd6e2490 version: 4.0.0-0.alpha-2019-02-26-012920 [1] Check pr#22071 in 4.0.0-0.alpha-2019-02-26-012920 version 1. $ oc adm release info --commits "registry.svc.ci.openshift.org/openshift/origin-release:4.0.0-0.alpha-2019-02-26-012920"|grep cli cli https://github.com/openshift/origin 43346b6b0dcf5a9266602995e5f80e0332b9ac36 2. $ pwd /home/wewang/go/src/github.com/openshift/origin 3. $ git log 43346b6b0dcf5a9266602995e5f80e0332b9ac36 |grep "#22071" Merge pull request #22071 from coreydaley/add_env_vars_to_whitelist
pls ignore Comment 9 and check Comment 10, thx
I am currently looking into this
OK, Thanks Corey Daley, I thought you missed it, next time you can tell me that you are tracking it, so I will not bother you, ^_^
And we should report the process of 4.0 bug status everyday, hope you can understand.
Modified state means a fix has been merged and we're waiting on a build to include it. Moving this back to Assigned since it sounds like it still needs a code fix.
this is a test case error, the build configuration yaml is incorrect. There is an erroneous dash before httpProxy. The config should be: apiVersion: config.openshift.io/v1 kind: Build metadata: creationTimestamp: 2019-03-01T19:40:42Z generation: 1 name: cluster resourceVersion: "146580" selfLink: /apis/config.openshift.io/v1/builds/cluster uid: e687d0ca-3c59-11e9-bb3a-0289919e9ace spec: buildDefaults: defaultProxy: httpProxy: http://invalid.rdu.redhat.com:3128 httpsProxy: https://invalid.rdu.redhat.com:3128 With that setting I saw the expected behavior: $ oc start-build nodejs-ex -n p1 -F build.build.openshift.io/nodejs-ex-4 started Cloning "https://github.com/openshift/nodejs-ex" ... error: fatal: unable to access 'https://github.com/openshift/nodejs-ex/': Could not resolve proxy: invalid.rdu.redhat.com; Unknown error
Incidentally, that bad config appears to actually block the build controller from starting up at all, with no obvious error message reported in the logs (things fail deep in a parser somewhere and we don't bubble the error up), so that's something that should probably be improved. I think we might be getting stuck in wait for cache sync, but i'm not sure. It looks like waitforcache sync will never timeout.
Verified with below version: [wzheng@laptop 4.0]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.0.0-0.nightly-2019-03-04-033148 True False 171m Cluster version is 4.0.0-0.nightly-2019-03-04-033148 [wzheng@laptop 4.0]$ oc logs builds/ruby-ex-1 Cloning "https://github.com/sclorg/ruby-ex.git" ... error: Unable to update build status: resource name may not be empty error: fatal: unable to access 'https://github.com/sclorg/ruby-ex.git/': Could not resolve proxy: invalid.rdu.redhat.com; Unknown error
(In reply to Ben Parees from comment #18) > Incidentally, that bad config appears to actually block the build controller > from starting up at all, with no obvious error message reported in the logs > (things fail deep in a parser somewhere and we don't bubble the error up), > so that's something that should probably be improved. I think we might be > getting stuck in wait for cache sync, but i'm not sure. It looks like > waitforcache sync will never timeout. Yes, it is hard to debug if no obvious error message appears when it is mis-config. We will report a RFE on this. Thanks, Ben!
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758