1896446 – Git clone from private repository fails after upgrade OCP 4.5 to 4.6

Bug 1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6

Summary: Git clone from private repository fails after upgrade OCP 4.5 to 4.6

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Build
Sub Component:
Version:	4.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	urgent
Target Milestone:	---
Target Release:	4.7.0
Assignee:	Adam Kaplan
QA Contact:	XiuJuan Wang
Docs Contact:
URL:
Whiteboard:	pre-merge-verified
Duplicates (1):	1896801 (view as bug list)
Depends On:
Blocks:	1901512
TreeView+	depends on / blocked

Reported:	2020-11-10 15:08 UTC by Adam Kaplan
Modified:	2021-04-05 20:47 UTC (History)
CC List:	15 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	* Previously, after upgrading from OpenShift Container Platform version 4.5 to version 4.6, trying to git clone from a private repository failed because builds did not add proxy information to the git configuration that was used to pull the source code. As a result, the source code could not be pulled if the cluster used a global proxy and the source was pulled from a private git repository. The current release fixes this issue: It corrects how git is configured when the cluster uses a global proxy. Now, performing git clone can pull source code from a private git repository if the cluster uses a global proxy. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1896446[BZ#1896446])
Clone Of:	1894796
Environment:
Last Closed:	2021-02-24 15:32:32 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift builder pull 189	None	closed	Bug 1896446: Fix private git clones behind a proxy	2021-02-15 06:02:28 UTC
Github	openshift library-go pull 946	None	closed	Bug 1896446: Add git configuration to the environment default	2021-02-15 06:02:28 UTC
Red Hat Bugzilla	1873327	unspecified	CLOSED	libcurl: Segfault when HTTPS_PROXY and NO_PROXY is used together	2023-05-24 12:00:42 UTC
Red Hat Bugzilla	1894796	medium	CLOSED	err.code="manifest unknown" after upgrade from OCP 4.5 to 4.6	2021-03-08 08:04:24 UTC
Red Hat Product Errata	RHSA-2020:5633	None	None	None	2021-02-24 15:33:02 UTC

Description Adam Kaplan 2020-11-10 15:08:04 UTC

+++ This bug was initially created as a clone of Bug #1894796 +++

Description of problem:

There is another problem they are facing  after the upgrade.  All the S2I builds from their private source git repositry which we have access from openshift environment are failing with the following git error. 
We are only able to see below build failure log (attached full log). 

error: only one config file at a time.
usage: git config [<options>]

Actual results:

Build fails to clone source from private git repo.

Expected results:

Builds should clone from private git repo.

Comment 4 Gabe Montero 2020-11-11 16:12:32 UTC

*** Bug 1896801 has been marked as a duplicate of this bug. ***

Comment 9 Sergio G. 2020-11-16 07:02:00 UTC

Created article with workaround: https://access.redhat.com/solutions/5571661

Comment 10 Adam Kaplan 2020-11-16 19:24:44 UTC

Work around is to set a cluster BuildDefault to clear the proxy settings for git cloning:

```
$ oc edit build.config.openshift.io/cluster

spec:
  buildDefaults:
    gitProxy:
      httpProxy: ""
      httpsProxy: ""
```

Note that this works if access to the git repository bypasses the proxy via the NO_PROXY environment variable. If the cluster requires the proxy to access all external applications, then this solution would not be applicable.

Comment 20 XiuJuan Wang 2020-11-24 08:54:31 UTC

Launched a 4.7 proxy cluster, using image built from build #189.
Test scenarios:
    With .gitconfig of source secret , build could pull code from private repo. Builds go to completed.
    With basic auth of source secret, build could pull code from private repo. Builds go to completed.
    Basic HTTP auth with token, github.com added to NO_PROXY. Times out cloning source (cannot access github.com)

Comment 22 Adam Kaplan 2020-11-25 13:53:02 UTC

Marking Bug 1873327 as a related issue, but not a blocker.

Comment 23 XiuJuan Wang 2020-11-26 06:45:13 UTC

Verified on 4.7.0-0.nightly-2020-11-25-114114 proxy cluster.

Comment 32 errata-xmlrpc 2021-02-24 15:32:32 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633

Comment 33 W. Trevor King 2021-04-05 17:36:20 UTC

Removing UpgradeBlocker from this older bug, to remove it from the suspect queue described in [1].  If you feel like this bug still needs to be a suspect, please add keyword again.

[1]: https://github.com/openshift/enhancements/pull/475

Note You need to log in before you can comment on or make changes to this bug.