Bug 1896446 - Git clone from private repository fails after upgrade OCP 4.5 to 4.6
Summary: Git clone from private repository fails after upgrade OCP 4.5 to 4.6
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build
Version: 4.6
Hardware: Unspecified
OS: Unspecified
high
urgent
Target Milestone: ---
: 4.7.0
Assignee: Adam Kaplan
QA Contact: XiuJuan Wang
Rolfe Dlugy-Hegwer
URL:
Whiteboard: pre-merge-verified
: 1896801 (view as bug list)
Depends On:
Blocks: 1901512
TreeView+ depends on / blocked
 
Reported: 2020-11-10 15:08 UTC by Adam Kaplan
Modified: 2021-02-24 15:33 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
* Previously, after upgrading from OpenShift Container Platform version 4.5 to version 4.6, trying to git clone from a private repository failed because builds did not add proxy information to the git configuration that was used to pull the source code. As a result, the source code could not be pulled if the cluster used a global proxy and the source was pulled from a private git repository. The current release fixes this issue: It corrects how git is configured when the cluster uses a global proxy. Now, performing git clone can pull source code from a private git repository if the cluster uses a global proxy. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1896446[*BZ#1896446*])
Clone Of: 1894796
Environment:
Last Closed: 2021-02-24 15:32:32 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift builder pull 189 0 None closed Bug 1896446: Fix private git clones behind a proxy 2021-02-15 06:02:28 UTC
Github openshift library-go pull 946 0 None closed Bug 1896446: Add git configuration to the environment default 2021-02-15 06:02:28 UTC
Red Hat Bugzilla 1873327 0 unspecified VERIFIED libcurl: Segfault when HTTPS_PROXY and NO_PROXY is used together 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 1894796 0 medium CLOSED err.code="manifest unknown" after upgrade from OCP 4.5 to 4.6 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:33:02 UTC

Description Adam Kaplan 2020-11-10 15:08:04 UTC
+++ This bug was initially created as a clone of Bug #1894796 +++

Description of problem:

There is another problem they are facing  after the upgrade.  All the S2I builds from their private source git repositry which we have access from openshift environment are failing with the following git error. 
We are only able to see below build failure log (attached full log). 

error: only one config file at a time.
usage: git config [<options>]

Actual results:

Build fails to clone source from private git repo.

Expected results:

Builds should clone from private git repo.

Comment 4 Gabe Montero 2020-11-11 16:12:32 UTC
*** Bug 1896801 has been marked as a duplicate of this bug. ***

Comment 9 Sergio G. 2020-11-16 07:02:00 UTC
Created article with workaround: https://access.redhat.com/solutions/5571661

Comment 10 Adam Kaplan 2020-11-16 19:24:44 UTC
Work around is to set a cluster BuildDefault to clear the proxy settings for git cloning:

```
$ oc edit build.config.openshift.io/cluster

spec:
  buildDefaults:
    gitProxy:
      httpProxy: ""
      httpsProxy: ""
```

Note that this works if access to the git repository bypasses the proxy via the NO_PROXY environment variable. If the cluster requires the proxy to access all external applications, then this solution would not be applicable.

Comment 20 XiuJuan Wang 2020-11-24 08:54:31 UTC
Launched a 4.7 proxy cluster, using image built from build #189.
Test scenarios:
    With .gitconfig of source secret , build could pull code from private repo. Builds go to completed.
    With basic auth of source secret, build could pull code from private repo. Builds go to completed.
    Basic HTTP auth with token, github.com added to NO_PROXY. Times out cloning source (cannot access github.com)

Comment 22 Adam Kaplan 2020-11-25 13:53:02 UTC
Marking Bug 1873327 as a related issue, but not a blocker.

Comment 23 XiuJuan Wang 2020-11-26 06:45:13 UTC
Verified on 4.7.0-0.nightly-2020-11-25-114114 proxy cluster.

Comment 32 errata-xmlrpc 2021-02-24 15:32:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633


Note You need to log in before you can comment on or make changes to this bug.