Created attachment 1747059 [details] ironic-conductor-podman-inspect-output Description of problem: In an installation requiring a proxy to reach redfish endpoints, Ironic components are not getting the proxy configuration from the installer. Version-Release number of selected component (if applicable): 4.6.8 How reproducible: Always Steps to Reproduce: 1. Configure the required proxy configurations in the install-config file 2. Export the required proxy configurations before running the OpenShift installer 3. Wait for the ironic conductor to try to power on servers via redfish 4. Conductor times out since no proxy is configured on the container environment vars or ironic config files Actual results: Ironic / Container doesn't have the required proxy configurations. Expected results: Ironic / Container has the required proxy configurations. Additional info: If we export the HTTPS_PROXY env var and run a curl to redfish endpoint within the ironic-conductor container it works as expected. So we're assuming it's a matter of getting these env vars configured as specified in the install-config. Proxy settings used on the install-config: <OMITTED_OUTPUT> proxy: httpProxy: http://192.168.0.10:3128 httpsProxy: http://192.168.0.10:3128 noProxy: .example.com,192.168.1.0/24 <OMITTED_OUTPUT> Environment file we source before running the installer binary: /etc/environment: https_proxy=192.168.0.10:3128 http_proxy=192.168.0.10:3128 no_proxy=.example.com,192.168.1.10,192.168.1.12,192.168.1.13 Ironic conductor podman inspect output attached. You can see no env vars related to proxy are set. Ironic config files inside the container don't have the proxy setting.
We moved the BMC to a different network to avoid requiring the proxy for accessing them. Then we found a different problem after the cluster is deployed. The global proxy setting is set correctly, but the metal3 pod as its running with the hostnetwork seems to not use the proxy setting, which means that it cannot download the RHCOS images due to missing proxy. The init container metal3-machine-os-downloader fails. We tried to rsh into the container and as expected, when setting the https proxy everything works as expected: sh-4.4# curl https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/latest/latest/rhcos-4.6.8-x86_64-openstack.x86_64.qcow2.gz sh-4.4# sh-4.4# sh-4.4# https_proxy=http://192.168.1.10:3128 curl https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/latest/latest/rhcos-4.6.8-x86_64-openstack.x86_64.qcow2.gz -O % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 844M 0 864k 0 0 850k 0 0:16:57 0:00:01 0:16:56 849k^C
The must-gather attached to the case doesn't indicate there's any cluster-wide proxy settings set. Can you share the full install-config the customer used?
And if that's not the most recently must-gather, please provide an updated must-gather, or installer log bundle. Thanks!
I found it, sorry - it's there in ./cluster-scoped-resources/config.openshift.io/proxies/cluster.yaml, and I see it's not on the Metal3 pod. Still investigating why, but you don't need to ask for a new must-gather.
This will be fixed in CBO in 4.7 and not in MAO for 4.6.
*** This bug has been marked as a duplicate of bug 1916772 ***
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days