Description of problem: If a port is specified in proxy in install-config.yaml, installer is not able to validate if the proxy ip overlaps with service and cluster network. In [1], if a port is specified in the proxy url, parsed.Host contains the port, in the result, net.ParseIP returns nil because parsed.Host is not a valid IP address. A simple test: u, err := url.ParseRequestURI("http://user:password@127.0.0.1:3128") fmt.Println("host :",u.Host) fmt.Println(net.ParseIP(u.Host)) Results: host : 127.0.0.1:3128 <nil> [1]https://github.com/openshift/installer/blob/master/pkg/types/validation/installconfig.go#L592 Installer does not fail when creating manifest with a install-config.yaml containing below content 18 proxy: 19 httpProxy: http://172.30.1.25:3128 <--overlaps with service network 20 httpsProxy: https://172.30.1.25:3128 21 noProxy: test.no-proxy.com,localhost 22 networking: 23 clusterNetwork: 24 - cidr: 10.128.0.0/14 25 hostPrefix: 23 26 machineNetwork: 27 - cidr: 10.0.0.0/16 28 networkType: OpenShiftSDN 29 serviceNetwork: 30 - 172.30.0.0/16 Version-Release number of selected component (if applicable): 4.8.0-0.nightly-2021-02-24-063313 How reproducible: Always Steps to Reproduce: 1. Prepare a install-config.yaml in which proxy overlaps with service network 18 proxy: 19 httpProxy: http://172.30.1.25:3128 20 httpsProxy: https://172.30.1.25:3128 21 noProxy: test.no-proxy.com,localhost 22 networking: 23 clusterNetwork: 24 - cidr: 10.128.0.0/14 25 hostPrefix: 23 26 machineNetwork: 27 - cidr: 10.0.0.0/16 28 networkType: OpenShiftSDN 29 serviceNetwork: 30 - 172.30.0.0/16 2. Create manifests # openshift-install create manifests --dir bz INFO Credentials loaded from file "/root/.gcp/osServiceAccount.json" INFO Consuming Install Config from target directory INFO Manifests created in: bz/manifests and bz/openshift Actual result: Manifests are created w/o error Expected result: Installer fails to create manifests and prompts error
Verified with 4.8.0-0.nightly-2021-03-01-031258 1. Create manifests with a install-config.yaml which contains below content: 18 proxy: 19 httpProxy: http://user:password@172.30.1.25:3128 <---overlaps with service network 20 httpsProxy: https://user:password@10.128.1.25:3128 <---overlaps with cluster network 21 noProxy: test.no-proxy.com,localhost 22 networking: 23 clusterNetwork: 24 - cidr: 10.128.0.0/14 25 hostPrefix: 23 26 machineNetwork: 27 - cidr: 10.0.0.0/16 28 networkType: OpenShiftSDN 29 serviceNetwork: 30 - 172.30.0.0/16 # openshift-install create manifests --dir bz FATAL failed to fetch Master Machines: failed to load asset "Install Config": invalid "install-config.yaml" file: [proxy.httpProxy: Invalid value: "http://user:password@172.30.1.25:3128": proxy value is part of the service networks, proxy.httpsProxy: Invalid value: "https://user:password@10.128.1.25:3128": proxy value is part of the cluster networks] The validation works on the proxy with port specified. Moving it to verified state.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438