Bug 1759611
| Summary: | [Proxy]machine configs are not updated when proxy.config.openshift.io gets updated | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Daneyon Hansen <dhansen> |
| Component: | Machine Config Operator | Assignee: | Sinny Kumari <skumari> |
| Status: | CLOSED ERRATA | QA Contact: | Michael Nguyen <mnguyen> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.2.0 | CC: | amurdaca, kgarriso, miabbott, mnguyen, mvalledi, scuppett |
| Target Milestone: | --- | ||
| Target Release: | 4.2.z | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1759363 | Environment: | |
| Last Closed: | 2019-12-03 22:43:11 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1759363 | ||
| Bug Blocks: | |||
|
Comment 1
Kirsten Garrison
2019-11-06 18:05:02 UTC
PR for the fix is in https://github.com/openshift/machine-config-operator/pull/1175 Since this bug depends on corresponding 4.3 bug https://bugzilla.redhat.com/show_bug.cgi?id=1759363 , we will first need to get BZ#1759363 verified by QE Verified with 4.2.0-0.nightly-2019-11-27-102509
```
== Configure VM as Squid Proxy ==
- Install Fedora in AWS
- Relax Security Group to allow all traffic in/out
- dnf -y install squid
- Edit /etc/squid/squid.conf
- add `acl Safe_ports port 0-65535`
- comment out all Safe_ports out
- s/http_port 3128/http_port 8080
- add `http_access allow all`
- comment out `http_access deny CONNECT !SSL_ports`
- comment out `http_access deny !Safe_ports`
- comment out `http_access deny all`
== create install config ==
./openshift-install create install-config --dir test
== add proxy to install config ==
vi test/install-config.yaml
proxy:
httpProxy: http://<ip-of-squid>:8080
httpsProxy: http://<ip-of-squid>:8080
== install openshift ==
./openshift-install create cluster --dir=test
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.2.0-0.nightly-2019-11-27-102509 True False 9m1s Cluster version is 4.2.0-0.nightly-2019-11-27-102509
== edit proxy and add noProxy ==
$ oc edit proxy
spec:
httpProxy: http://<ip-of-squid>:8080
httpsProxy: http://<ip-of-squid>:8080
noProxy: .example.com
trustedCA:
name: ""
== verify the changes get rolled out to the cluster ==
$ oc get nodes
NAME STATUS ROLES AGE VERSION
ip-10-0-128-130.ec2.internal Ready worker 17m v1.14.6+31a56cf75
ip-10-0-143-165.ec2.internal Ready master 23m v1.14.6+31a56cf75
ip-10-0-144-195.ec2.internal Ready,SchedulingDisabled worker 17m v1.14.6+31a56cf75
ip-10-0-146-64.ec2.internal Ready,SchedulingDisabled master 23m v1.14.6+31a56cf75
ip-10-0-162-232.ec2.internal Ready master 23m v1.14.6+31a56cf75
ip-10-0-174-143.ec2.internal Ready worker 17m v1.14.6+31a56cf75
== check that the proxy is getting propagated to the host (should see .example.com) ==
$ oc debug node/ip-10-0-128-130.ec2.internal
Starting pod/ip-10-0-128-130ec2internal-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.128.130
If you don't see a command prompt, try pressing enter.
sh-4.2# chroot /host
sh-4.4# grep -ri NO_PROXY /etc/systemd/system
/etc/systemd/system/kubelet.service.d/10-default-env.conf:Environment=NO_PROXY=.cluster.local,.ec2.internal,.example.com,.svc,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.miabbott-4.2-nightly.devcluster.openshift.com,etcd-0.miabbott-4.2-nightly.devcluster.openshift.com,etcd-1.miabbott-4.2-nightly.devcluster.openshift.com,etcd-2.miabbott-4.2-nightly.devcluster.openshift.com,localhost
/etc/systemd/system/machine-config-daemon-host.service.d/10-default-env.conf:Environment=NO_PROXY=.cluster.local,.ec2.internal,.example.com,.svc,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.miabbott-4.2-nightly.devcluster.openshift.com,etcd-0.miabbott-4.2-nightly.devcluster.openshift.com,etcd-1.miabbott-4.2-nightly.devcluster.openshift.com,etcd-2.miabbott-4.2-nightly.devcluster.openshift.com,localhost
/etc/systemd/system/pivot.service.d/10-default-env.conf:Environment=NO_PROXY=.cluster.local,.ec2.internal,.example.com,.svc,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.miabbott-4.2-nightly.devcluster.openshift.com,etcd-0.miabbott-4.2-nightly.devcluster.openshift.com,etcd-1.miabbott-4.2-nightly.devcluster.openshift.com,etcd-2.miabbott-4.2-nightly.devcluster.openshift.com,localhost
/etc/systemd/system/crio.service.d/10-default-env.conf:Environment=NO_PROXY=.cluster.local,.ec2.internal,.example.com,.svc,10.0.0.0/16,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,api-int.miabbott-4.2-nightly.devcluster.openshift.com,etcd-0.miabbott-4.2-nightly.devcluster.openshift.com,etcd-1.miabbott-4.2-nightly.devcluster.openshift.com,etcd-2.miabbott-4.2-nightly.devcluster.openshift.com,localhost
== check mcp / mc for proxy changes ==
oc get mcp
NAME CONFIG UPDATED UPDATING DEGRADED
master rendered-master-e3187ca22881e6d4ceaa7c811603f585 False True False
worker rendered-worker-e5aab63d54eabc8b174ad7d774cc01e5 False True False
$ oc get mc
NAME GENERATEDBYCONTROLLER IGNITIONVERSION CREATED
00-master d780d197a9c5848ba786982c0c4aaa7487297046 2.2.0 24m
00-worker d780d197a9c5848ba786982c0c4aaa7487297046 2.2.0 24m
01-master-container-runtime d780d197a9c5848ba786982c0c4aaa7487297046 2.2.0 24m
01-master-kubelet d780d197a9c5848ba786982c0c4aaa7487297046 2.2.0 24m
01-worker-container-runtime d780d197a9c5848ba786982c0c4aaa7487297046 2.2.0 24m
01-worker-kubelet d780d197a9c5848ba786982c0c4aaa7487297046 2.2.0 24m
99-master-0e49e2e2-1133-11ea-bd77-0a1a4a8977e5-registries d780d197a9c5848ba786982c0c4aaa7487297046 2.2.0 24m
99-master-ssh 2.2.0 25m
99-worker-0e58dbc2-1133-11ea-bd77-0a1a4a8977e5-registries d780d197a9c5848ba786982c0c4aaa7487297046 2.2.0 24m
99-worker-ssh 2.2.0 25m
rendered-master-302fa35413ecec6d40ab2b6b2b2814fd d780d197a9c5848ba786982c0c4aaa7487297046 2.2.0 6m23s
rendered-master-e3187ca22881e6d4ceaa7c811603f585 d780d197a9c5848ba786982c0c4aaa7487297046 2.2.0 24m
rendered-worker-be325d0d62e7886c48ad6332fd11a5f6 d780d197a9c5848ba786982c0c4aaa7487297046 2.2.0 6m23s
rendered-worker-e5aab63d54eabc8b174ad7d774cc01e5 d780d197a9c5848ba786982c0c4aaa7487297046 2.2.0 24m
$ oc get mc/rendered-master-302fa35413ecec6d40ab2b6b2b2814fd -o yaml | grep example\.com
source: data:,%5BService%5D%0AEnvironment%3DHTTP_PROXY%3Dhttp%3A%2F%2F54.83.158.238%3A8080%0AEnvironment%3DHTTPS_PROXY%3Dhttp%3A%2F%2F54.83.158.238%3A8080%0AEnvironment%3DNO_PROXY%3D.cluster.local%2C.ec2.internal%2C.example.com%2C.svc%2C10.0.0.0%2F16%2C10.128.0.0%2F14%2C127.0.0.1%2C169.254.169.254%2C172.30.0.0%2F16%2Capi-int.miabbott-4.2-nightly.devcluster.openshift.com%2Cetcd-0.miabbott-4.2-nightly.devcluster.openshift.com%2Cetcd-1.miabbott-4.2-nightly.devcluster.openshift.com%2Cetcd-2.miabbott-4.2-nightly.devcluster.openshift.com%2Clocalhost%0A
source: data:,%5BService%5D%0AEnvironment%3DHTTP_PROXY%3Dhttp%3A%2F%2F54.83.158.238%3A8080%0AEnvironment%3DHTTPS_PROXY%3Dhttp%3A%2F%2F54.83.158.238%3A8080%0AEnvironment%3DNO_PROXY%3D.cluster.local%2C.ec2.internal%2C.example.com%2C.svc%2C10.0.0.0%2F16%2C10.128.0.0%2F14%2C127.0.0.1%2C169.254.169.254%2C172.30.0.0%2F16%2Capi-int.miabbott-4.2-nightly.devcluster.openshift.com%2Cetcd-0.miabbott-4.2-nightly.devcluster.openshift.com%2Cetcd-1.miabbott-4.2-nightly.devcluster.openshift.com%2Cetcd-2.miabbott-4.2-nightly.devcluster.openshift.com%2Clocalhost%0A
source: data:,%5BService%5D%0AEnvironment%3DHTTP_PROXY%3Dhttp%3A%2F%2F54.83.158.238%3A8080%0AEnvironment%3DHTTPS_PROXY%3Dhttp%3A%2F%2F54.83.158.238%3A8080%0AEnvironment%3DNO_PROXY%3D.cluster.local%2C.ec2.internal%2C.example.com%2C.svc%2C10.0.0.0%2F16%2C10.128.0.0%2F14%2C127.0.0.1%2C169.254.169.254%2C172.30.0.0%2F16%2Capi-int.miabbott-4.2-nightly.devcluster.openshift.com%2Cetcd-0.miabbott-4.2-nightly.devcluster.openshift.com%2Cetcd-1.miabbott-4.2-nightly.devcluster.openshift.com%2Cetcd-2.miabbott-4.2-nightly.devcluster.openshift.com%2Clocalhost%0A
source: data:,%5BService%5D%0AEnvironment%3DHTTP_PROXY%3Dhttp%3A%2F%2F54.83.158.238%3A8080%0AEnvironment%3DHTTPS_PROXY%3Dhttp%3A%2F%2F54.83.158.238%3A8080%0AEnvironment%3DNO_PROXY%3D.cluster.local%2C.ec2.internal%2C.example.com%2C.svc%2C10.0.0.0%2F16%2C10.128.0.0%2F14%2C127.0.0.1%2C169.254.169.254%2C172.30.0.0%2F16%2Capi-int.miabbott-4.2-nightly.devcluster.openshift.com%2Cetcd-0.miabbott-4.2-nightly.devcluster.openshift.com%2Cetcd-1.miabbott-4.2-nightly.devcluster.openshift.com%2Cetcd-2.miabbott-4.2-nightly.devcluster.openshift.com%2Clocalhost%0A
```
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3953 |