Bug 1873556
| Summary: | [Openstack] HTTP_PROXY setting for NetworkManager-resolv-prepender not working | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Robert Heinzmann <rheinzma> | |
| Component: | Machine Config Operator | Assignee: | Emilien Macchi <emacchi> | |
| Status: | CLOSED ERRATA | QA Contact: | weiwei jiang <wjiang> | |
| Severity: | low | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 4.5 | CC: | emacchi, jerzhang, kgarriso, m.andre, mkrejci, pprinett | |
| Target Milestone: | --- | Keywords: | UpcomingSprint | |
| Target Release: | 4.7.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: |
Cause: The proxy environment variables (HTTP_PROXY, HTTPS_PROXY, and NO_PROXY) were not loaded in the environment during the execution of the NetworkManager's resolv-prepender dispatcher.
Consequence: Nodes fail to pull container images from remote registries when using a proxy.
Fix: Export the HTTP_PROXY, HTTPS_PROXY and NO_PROXY variables.
Result: Nodes can now pull the required container images when using a proxy.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1904065 (view as bug list) | Environment: | ||
| Last Closed: | 2021-02-24 15:16:47 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1904065, 1907637 | |||
|
Comment 2
Martin André
2020-08-28 18:41:43 UTC
Checked with 4.7.0-0.nightly-2020-12-04-013308, and now it should work well, so move to verified.
$ oc get proxy -A -o yaml 130 ↵
apiVersion: v1
items:
- apiVersion: config.openshift.io/v1
kind: Proxy
metadata:
creationTimestamp: "2020-12-09T05:01:47Z"
generation: 1
...
name: cluster
resourceVersion: "3039"
selfLink: /apis/config.openshift.io/v1/proxies/cluster
uid: 6237fddd-dba6-44c8-a67d-3a703824efbc
spec:
httpProxy: http://proxy-user1:HIDDEN@10.0.77.163.nip.io:3128
httpsProxy: http://proxy-user1:HIDDEN@10.0.77.163.nip.io:3128
noProxy: rhos-d.infra.prod.upshift.rdu2.redhat.com,oauth-openshift.apps.wj47ios1209c.1209-0eq.qe.rhcloud.com,api.wj47ios1209c.1209-0eq.qe.rhcloud.com,api-int.wj47ios1209c.1209-0eq.qe.rhcloud.com
trustedCA:
name: ""
status:
httpProxy: http://proxy-user1:HIDDEN@10.0.77.163.nip.io:3128
httpsProxy: http://proxy-user1:HIDDEN@10.0.77.163.nip.io:3128
noProxy: .cluster.local,.svc,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,192.168.0.0/18,api-int.wj47ios1209c.1209-0eq.qe.rhcloud.com,api.wj47ios1209c.1209-0eq.qe.rhcloud.com,etcd-0.,etcd-1.,etcd-2.,localhost,oauth-openshift.apps.wj47ios1209c.1209-0eq.qe.rhcloud.com,rhos-d.infra.prod.upshift.rdu2.redhat.com
kind: List
metadata:
resourceVersion: ""
selfLink: ""
# Before scaleup:
$ oc get machine -A
NAMESPACE NAME PHASE TYPE REGION ZONE AGE
openshift-machine-api wj47ios1209c-clk5g-master-0 Running m1.xlarge regionOne nova 109m
openshift-machine-api wj47ios1209c-clk5g-master-1 Running m1.xlarge regionOne nova 109m
openshift-machine-api wj47ios1209c-clk5g-master-2 Running m1.xlarge regionOne nova 109m
openshift-machine-api wj47ios1209c-clk5g-worker-0-rl4dp Running m1.large regionOne nova 102m
openshift-machine-api wj47ios1209c-clk5g-worker-0-t7bdk Running m1.large regionOne nova 102m
$ oc get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
wj47ios1209c-clk5g-master-0 Ready master 109m v1.19.2+ad738ba 192.168.2.232 <none> Red Hat Enterprise Linux CoreOS 47.83.202012032113-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.git5e950f8.el8.26-dev
wj47ios1209c-clk5g-master-1 Ready master 110m v1.19.2+ad738ba 192.168.3.88 <none> Red Hat Enterprise Linux CoreOS 47.83.202012032113-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.git5e950f8.el8.26-dev
wj47ios1209c-clk5g-master-2 Ready master 109m v1.19.2+ad738ba 192.168.3.206 <none> Red Hat Enterprise Linux CoreOS 47.83.202012032113-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.git5e950f8.el8.26-dev
wj47ios1209c-clk5g-worker-0-rl4dp Ready worker 91m v1.19.2+ad738ba 192.168.2.168 <none> Red Hat Enterprise Linux CoreOS 47.83.202012032113-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.git5e950f8.el8.26-dev
wj47ios1209c-clk5g-worker-0-t7bdk Ready worker 91m v1.19.2+ad738ba 192.168.0.87 <none> Red Hat Enterprise Linux CoreOS 47.83.202012032113-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.git5e950f8.el8.26-dev
# After scaleup:
$ oc get machine -A
NAMESPACE NAME PHASE TYPE REGION ZONE AGE
openshift-machine-api wj47ios1209c-clk5g-master-0 Running m1.xlarge regionOne nova 121m
openshift-machine-api wj47ios1209c-clk5g-master-1 Running m1.xlarge regionOne nova 121m
openshift-machine-api wj47ios1209c-clk5g-master-2 Running m1.xlarge regionOne nova 121m
openshift-machine-api wj47ios1209c-clk5g-worker-0-p6p4q Running m1.large regionOne nova 4m9s
openshift-machine-api wj47ios1209c-clk5g-worker-0-rl4dp Running m1.large regionOne nova 114m
openshift-machine-api wj47ios1209c-clk5g-worker-0-t7bdk Running m1.large regionOne nova 114m
# openstack server list --name wj4
+--------------------------------------+-----------------------------------+--------+--------------------------------------------+----------------------------+-----------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+-----------------------------------+--------+--------------------------------------------+----------------------------+-----------+
| 4adb466b-b689-4b85-87de-fde162052331 | wj47ios1209c-clk5g-worker-0-rl4dp | ACTIVE | wj47ios1209c-clk5g-openshift=192.168.2.168 | rhcos-47.83.202012030221-0 | m1.large |
| 0a704d97-2234-4f16-80da-b4501a8e2939 | wj47ios1209c-clk5g-worker-0-rdjl4 | ACTIVE | wj47ios1209c-clk5g-openshift=192.168.1.224 | rhcos-47.83.202012030221-0 | m1.large |
| ffe86ac3-c19f-4eec-b243-da57fa18bd3d | wj47ios1209c-clk5g-worker-0-t7bdk | ACTIVE | wj47ios1209c-clk5g-openshift=192.168.0.87 | rhcos-47.83.202012030221-0 | m1.large |
| e731c881-eed0-4537-b0ae-e30c972991ad | wj47ios1209c-clk5g-master-2 | ACTIVE | wj47ios1209c-clk5g-openshift=192.168.3.206 | rhcos-47.83.202012030221-0 | m1.xlarge |
| be467f71-fc41-4e85-975a-fcf075ccf599 | wj47ios1209c-clk5g-master-0 | ACTIVE | wj47ios1209c-clk5g-openshift=192.168.2.232 | rhcos-47.83.202012030221-0 | m1.xlarge |
| db3003fd-5c2f-4a6d-b8a6-d492dc13240b | wj47ios1209c-clk5g-master-1 | ACTIVE | wj47ios1209c-clk5g-openshift=192.168.3.88 | rhcos-47.83.202012030221-0 | m1.xlarge |
+--------------------------------------+-----------------------------------+--------+--------------------------------------------+----------------------------+-----------+
$ oc get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
wj47ios1209c-clk5g-master-0 Ready master 138m v1.19.2+ad738ba 192.168.2.232 <none> Red Hat Enterprise Linux CoreOS 47.83.202012032113-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.git5e950f8.el8.26-dev
wj47ios1209c-clk5g-master-1 Ready master 138m v1.19.2+ad738ba 192.168.3.88 <none> Red Hat Enterprise Linux CoreOS 47.83.202012032113-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.git5e950f8.el8.26-dev
wj47ios1209c-clk5g-master-2 Ready master 138m v1.19.2+ad738ba 192.168.3.206 <none> Red Hat Enterprise Linux CoreOS 47.83.202012032113-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.git5e950f8.el8.26-dev
wj47ios1209c-clk5g-worker-0-p6p4q Ready worker 19m v1.19.2+ad738ba 192.168.2.18 <none> Red Hat Enterprise Linux CoreOS 47.83.202012032113-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.git5e950f8.el8.26-dev
wj47ios1209c-clk5g-worker-0-rl4dp Ready worker 120m v1.19.2+ad738ba 192.168.2.168 <none> Red Hat Enterprise Linux CoreOS 47.83.202012032113-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.git5e950f8.el8.26-dev
wj47ios1209c-clk5g-worker-0-t7bdk Ready worker 120m v1.19.2+ad738ba 192.168.0.87 <none> Red Hat Enterprise Linux CoreOS 47.83.202012032113-0 (Ootpa) 4.18.0-240.1.1.el8_3.x86_64 cri-o://1.20.0-0.rhaos4.7.git5e950f8.el8.26-dev
[root@wj47ios1209c-clk5g-worker-0-p6p4q core]# cat /etc/NetworkManager/dispatcher.d/30-resolv-prepender
#!/bin/bash
set -eo pipefail
IFACE=$1
STATUS=$2
export HTTP_PROXY=http://proxy-user1:HIDDEN@10.0.77.163.nip.io:3128
export HTTPS_PROXY=http://proxy-user1:HIDDEN@10.0.77.163.nip.io:3128
export NO_PROXY=.cluster.local,.svc,10.128.0.0/14,127.0.0.1,169.254.169.254,172.30.0.0/16,192.168.0.0/18,api-int.wj47ios1209c.1209-0eq.qe.rhcloud.com,api.wj47ios1209c.1209-0eq.qe.rhcloud.com,etcd-0.,etcd-1.,etcd-2.,localhost,oauth-openshift.apps.wj47ios1209c.1209-0eq.qe.rhcloud.com,rhos-d.infra.prod.upshift.rdu2.redhat.com
This should be documented as a bugfix. @Emilien could you add to the Doc Text field above? Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633 |