Bug 1771337 - [4.4]Cannot visit jenkins console in http proxy env
Summary: [4.4]Cannot visit jenkins console in http proxy env
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Jenkins
Version: 4.4
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.4.0
Assignee: Akram Ben Aissi
QA Contact: XiuJuan Wang
URL:
Whiteboard:
Depends On:
Blocks: 1773854 1791253
TreeView+ depends on / blocked
 
Reported: 2019-11-12 08:08 UTC by wewang
Modified: 2020-06-26 14:33 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1773854 1776760 (view as bug list)
Environment:
Last Closed: 2020-05-04 11:15:07 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift jenkins pull 983 0 'None' closed Bug 1771337: Bump openshfit-login-plugin to 1.0.21 2020-07-13 09:16:21 UTC
Red Hat Product Errata RHBA-2020:0581 0 None None None 2020-05-04 11:15:34 UTC

Comment 5 XiuJuan Wang 2019-12-04 09:03:31 UTC
Akram,
Should we set this bug target version to 4.4.0, since I saw the pr https://github.com/openshift/jenkins/pull/983 had merged into jenkins master branch.
And the latest 4.3 payload 4.3.0-0.nightly-2019-12-04-054458 doesn't install openshift-login-plugin with 1.0.21.

Comment 6 Akram Ben Aissi 2019-12-05 13:07:27 UTC
I am forced to re-set the bug to POST state as the original has been merged only a few hours after the code freeze, so we can have it in
The subsequent cherry-picked are expecting this parent to be in POST state.

Comment 8 XiuJuan Wang 2019-12-16 07:34:37 UTC
Could you help to build a new image for 4.4?

Comment 12 Akram Ben Aissi 2020-01-14 08:17:29 UTC
ART has been asked to release through: https://issues.redhat.com/browse/ART-1449

Comment 13 XiuJuan Wang 2020-01-17 10:21:46 UTC
In the gcp with http proxy cluster 4.4.0-0.nightly-2020-01-17-032851
Could access jenkins webconsole, but there are some error in pod log, http://pastebin.test.redhat.com/828241

And in aws with proxy cluster, 4.4.0-0.nightly-2020-01-17-032851
Can't access jenkins webconsole, with the similar error http://pastebin.test.redhat.com/828250

Comment 15 Wenjing Zheng 2020-03-11 09:38:50 UTC
@Akram, QE think this is a bug which has to be fixed in 4.4 phase.What's your plan on this?

Comment 17 Akram Ben Aissi 2020-03-12 16:12:51 UTC
Hi @Xiujuan,

we have done some tests with it today and gathered information for the MCO team. They said they will not support and they will not implement propagation of http_proxy configuration from cluster-wide proxy configuration to user applications.

So, for make this to work, you need to setup http_proxy, https_proxy and no_proxy in your deployment config to make it work.
We have done it using the following command:

```
oc set env dc/jenkins http_proxy=$(oc get proxy cluster -o jsonpath='{.status.httpProxy}') \
                      https_proxy=$(oc get proxy cluster -o jsonpath='{.status.httpsProxy}') \
                      no_proxy=$(oc get proxy cluster -o jsonpath='{.status.noProxy}') 
```

So, we will update the documentation and link it to this BZ. Could you please confirm that setting the environment variables works?
and if yes, do not mark this issue as a blocker, as it will be documentation only.

Comment 18 Akram Ben Aissi 2020-03-12 21:11:59 UTC
I will reset it to ON_QA for 4.4 . And, there is a duplicate of this bug that I moved to 4.5 so we can release the documentation of it in 4.5.

If you agree, and that setting the env variables works, then, please set it to VERIFIED.

Greetings
Akram

Comment 19 XiuJuan Wang 2020-03-13 02:43:47 UTC
Akram,
Thank you
It works to pass proxy setting to dc via env vars. Could access jenkins webconsole with proxy now.
```
oc set env dc/jenkins http_proxy=$(oc get proxy cluster -o jsonpath='{.status.httpProxy}') \
                      https_proxy=$(oc get proxy cluster -o jsonpath='{.status.httpsProxy}') \
                      no_proxy=$(oc get proxy cluster -o jsonpath='{.status.noProxy}') 
```

But there are additional error "java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
If you have plan to address the new minior issue, I will open a new thread to track it. Let me to verify this bug since the major issue is resolved

2020-03-13 02:36:32.646+0000 [id=45]	INFO	hudson.util.Retrier#start: The attempt #1 to do the action check updates server failed with an allowed exception:
java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
	at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:2152)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:268)
	at hudson.model.DownloadService.loadJSON(DownloadService.java:113)
	at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:185)
	at hudson.PluginManager.checkUpdatesServer(PluginManager.java:1765)
	at hudson.util.Retrier.start(Retrier.java:62)
	at hudson.PluginManager.doCheckUpdatesServer(PluginManager.java:1736)
	at jenkins.DailyCheck.execute(DailyCheck.java:93)
	at hudson.model.AsyncPeriodicWork.lambda$doRun$0(AsyncPeriodicWork.java:100)
	at java.lang.Thread.run(Thread.java:748)
2020-03-13 02:36:32.647+0000 [id=45]	INFO	hudson.util.Retrier#start: Calling the listener of the allowed exception 'Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"' at the attempt #1 to do the action check updates server
2020-03-13 02:36:32.650+0000 [id=44]	INFO	hudson.util.Retrier#start: The attempt #1 to do the action check updates server failed with an allowed exception:
java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"
	at sun.net.www.protocol.http.HttpURLConnection.doTunneling(HttpURLConnection.java:2152)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:268)
	at hudson.model.DownloadService.loadJSON(DownloadService.java:113)
	at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:185)
	at hudson.PluginManager.checkUpdatesServer(PluginManager.java:1765)
	at hudson.util.Retrier.start(Retrier.java:62)
	at hudson.PluginManager.doCheckUpdatesServer(PluginManager.java:1736)
	at hudson.PluginManager$doCheckUpdatesServer.call(Unknown Source)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:117)
	at update-center-init$1$2$3.call(update-center-init.groovy:12)
	at update-center-init$1$2$3.call(update-center-init.groovy)
	at hudson.security.ACL.impersonate(ACL.java:290)
	at hudson.security.ACL$impersonate.call(Unknown Source)
	at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
	at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133)
	at update-center-init$1$2.run(update-center-init.groovy:9)
2020-03-13 02:36:32.651+0000 [id=44]	INFO	hudson.util.Retrier#start: Calling the listener of the allowed exception 'Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required"' at the attempt #1 to do the action check updates server

Comment 22 errata-xmlrpc 2020-05-04 11:15:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581


Note You need to log in before you can comment on or make changes to this bug.