Bug 1877486 - NoProxy in install-config.yaml doesn't accept '*'
Summary: NoProxy in install-config.yaml doesn't accept '*'
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.5
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Abhinav Dahiya
QA Contact: Gaoyun Pei
URL:
Whiteboard:
Depends On:
Blocks: 1877866
TreeView+ depends on / blocked
 
Reported: 2020-09-09 17:55 UTC by Moti Asayag
Modified: 2021-04-08 12:03 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Installer did not accept `*` as a valid value for proxy.noProxy field Consequence: Users cannot create a cluster with no proxy set to `*` during installation. Fix: Installer now allows `*` as a valid value Result: Users can create a cluster with no proxy set to `*` during installation.
Clone Of:
Environment:
Last Closed: 2021-04-08 12:03:13 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 4172 0 None closed Bug 1877486: proxy: allow * for noProxy 2021-01-28 19:00:19 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:39:12 UTC

Internal Links: 1877866

Description Moti Asayag 2020-09-09 17:55:31 UTC
Description of problem:
'*' wildcard isn't accepted as value for 'noProxy' when it is provided in install-config.yaml

Version-Release number of the following components:
openshift-install 4.5.2
built from commit 6336a4b3d696dd898eed192e4188edbac99e8c27
release image quay.io/openshift-release-dev/ocp-release@sha256:8f923b7b8efdeac619eb0e7697106c1d17dd3d262c49d8742b38600417cf7d1d

How reproducible:
always

Steps to Reproduce:
1. Add in install-config.yaml proxy settings:

proxy:
  httpProxy: http://10.46.41.7:3128
  noProxy: "*"

2. Generate ignition files:

openshift-install --dir no_proxy create ignition-configs
FATAL failed to fetch Kubeconfig Admin Client: failed to load asset "Install Config": invalid "install-config.yaml" file: [proxy: Required value: must include httpProxy or httpsProxy, NoProxy: Invalid value: "*": must be a CIDR or domain, without wildcard characters]


Actual results:
Command failed with the above output.


Expected results:
ignition file should be generated successfully


Additional info:

"*" is considered to be a valid value for noProxy according to https://docs.openshift.com/container-platform/4.5/installing/installing_bare_metal/installing-restricted-networks-bare-metal.html#installation-configure-proxy_installing-restricted-networks-bare-metal 

"A comma-separated list of destination domain names, domains, IP addresses, or other network CIDRs to exclude proxying. Preface a domain with . to include all subdomains of that domain. Use * to bypass proxy for all destinations."

Also, a document bug related to this issue: https://github.com/openshift/openshift-docs/pull/25201

Comment 1 Abhinav Dahiya 2020-09-10 19:00:01 UTC
seems like proxies.config.openshift.io/v1 object support this wildcard, so i think the installer can also support this. see https://github.com/openshift/cluster-network-operator/blob/899cff815b2611100eee370cc8e0cdf9b736e1b9/pkg/controller/proxyconfig/validation.go#L64

Comment 3 Gaoyun Pei 2020-09-21 06:54:55 UTC
Reproduced this issue with payload 4.6.0-0.nightly-2020-09-17-195238, noProxy: '*' is not accepted by the installer.

Example install-config.yaml:

proxy:
  httpProxy: http://xxx.xx:3128
  noProxy: "*"

++ ./openshift-install create manifests --dir '/home/jenkins/workspace/Launch Environment Flexy/workdir/install-dir'
level=fatal msg="failed to fetch Master Machines: failed to load asset \"Install Config\": invalid \"install-config.yaml\" file: NoProxy: Invalid value: \"*\": must be a CIDR or domain, without wildcard characters"


And on payload 4.6.0-0.nightly-2020-09-20-022022, it accepted '*' now.

# oc get proxy cluster -o yaml
apiVersion: config.openshift.io/v1
kind: Proxy
...
spec:
  httpProxy: http://xx.xx:3128
  noProxy: '*'
  trustedCA:
    name: ""
status:
  httpProxy: http://xx.xx:3128
  noProxy: '*'

Comment 6 errata-xmlrpc 2020-10-27 16:38:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196

Comment 7 vemporop 2021-04-08 11:05:48 UTC
This issue has re-surfaced in 4.7.5 (quay.io/openshift-release-dev/ocp-release:4.7.5-x86_64), was definitely not present in 4.7.2.

See also https://bugzilla.redhat.com/show_bug.cgi?id=1947066

Maybe the fix was reverted for some reason, although * seems to be a valid value.

Comment 9 vemporop 2021-04-08 12:03:13 UTC
I'm very sorry, it was my mistake. Closing


Note You need to log in before you can comment on or make changes to this bug.