Bug 1947066 - machine-config-operator pod crashes when noProxy is *
Summary: machine-config-operator pod crashes when noProxy is *
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Machine Config Operator
Version: 4.7
Hardware: Unspecified
OS: Linux
high
high
Target Milestone: ---
: 4.8.0
Assignee: Zack Zlotnik
QA Contact: Michael Nguyen
URL:
Whiteboard:
Depends On:
Blocks: 1877866
TreeView+ depends on / blocked
 
Reported: 2021-04-07 15:19 UTC by vemporop
Modified: 2021-07-27 22:58 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-07-27 22:57:54 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift machine-config-operator pull 2565 0 None open Bug 1947066: Allow wildcard in noProxy field 2021-05-07 09:05:49 UTC
Red Hat Knowledge Base (Solution) 6171232 0 None None None 2021-07-07 08:05:52 UTC
Red Hat Product Errata RHSA-2021:2438 0 None None None 2021-07-27 22:58:17 UTC

Description vemporop 2021-04-07 15:19:20 UTC
Created attachment 1769954 [details]
must-gather

Description of problem:
When an asterisk (*) is used for noProxy, i.e. bypass proxy for all destination, machine-config-operator pod crashes with the following message:
> panic: yaml: line 51: did not find expected alphabetic or numeric character

Version-Release number of selected component (if applicable):
4.7.2

How reproducible:
Always

Steps to Reproduce:
1. Set `noProxy: '*'` in the proxy definition of an install-config.yaml
2. Try to install a cluster using the install-config.yaml

Actual results:
Machine-config-operator pod crashes on failing to parse a YAML. Must-gather of the installation are attached.

Expected results:
Cluster installs correctly, the configured proxy is bypassed for all destination.

Additional info:
I was using Assisted Installer to install the cluster on bare metal (simulated by VMs). The install-config.yaml generated by assisted installer was fed to the openshift-installer installer command to generate manifests and passed all validations.

Comment 4 Michael Nguyen 2021-05-10 19:22:07 UTC
Verified on 4.8.0-0.nightly-2021-05-10-092939.  noProxy set as '*' without any errors.

INFO Waiting up to 10m0s for the openshift-console route to be created... 
DEBUG Route found in openshift-console namespace: console 
DEBUG OpenShift console route is admitted          
INFO Install complete!                            
INFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/home/mnguyen/openshift/4.8/testcluster/auth/kubeconfig' 
INFO Access the OpenShift web-console here: https://console-openshift-console.apps.mnguyen48proxytest.devcluster.openshift.com 
INFO Login to the console with user: "kubeadmin", and password: "xxx-xxx-xxx-xxx" 
DEBUG Time elapsed per stage:                      
DEBUG     Infrastructure: 6m15s                    
DEBUG Bootstrap Complete: 14m18s                   
DEBUG  Bootstrap Destroy: 1m31s                    
DEBUG  Cluster Operators: 17m34s                   
INFO Time elapsed: 39m49s                         
$ export KUBECONFIG=/home/mnguyen/openshift/4.8/testcluster/auth/kubeconfig
$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.8.0-0.nightly-2021-05-10-092939   True        False         4m3s    Cluster version is 4.8.0-0.nightly-2021-05-10-092939
$ oc get proxy/cluster -o yaml
apiVersion: config.openshift.io/v1
kind: Proxy
metadata:
  creationTimestamp: "2021-05-10T18:39:44Z"
  generation: 1
  managedFields:
  - apiVersion: config.openshift.io/v1
    fieldsType: FieldsV1
    fieldsV1:
      f:spec:
        .: {}
        f:httpProxy: {}
        f:httpsProxy: {}
        f:noProxy: {}
        f:trustedCA:
          .: {}
          f:name: {}
      f:status:
        .: {}
        f:httpProxy: {}
        f:httpsProxy: {}
        f:noProxy: {}
    manager: cluster-bootstrap
    operation: Update
    time: "2021-05-10T18:39:44Z"
  name: cluster
  resourceVersion: "658"
  uid: 60a7d3ff-7c70-4cc7-a7b4-3ec282774a7f
spec:
  httpProxy: http://52.12.160.219:8080
  httpsProxy: http://52.12.160.219:8080
  noProxy: '*'
  trustedCA:
    name: ""
status:
  httpProxy: http://52.12.160.219:8080
  httpsProxy: http://52.12.160.219:8080
  noProxy: '*'
$ oc -n openshift-machine-config-operator get pods
NAME                                         READY   STATUS    RESTARTS   AGE
machine-config-controller-667c5cc98c-rpjc5   1/1     Running   0          28m
machine-config-daemon-9w9hc                  2/2     Running   0          29m
machine-config-daemon-bx5dn                  2/2     Running   0          22m
machine-config-daemon-n2dd8                  2/2     Running   0          22m
machine-config-daemon-tw8cb                  2/2     Running   0          21m
machine-config-daemon-v5dth                  2/2     Running   0          29m
machine-config-daemon-xbqrs                  2/2     Running   0          29m
machine-config-operator-679999dbcb-f56qv     1/1     Running   0          30m
machine-config-server-llg7j                  1/1     Running   0          28m
machine-config-server-sxslt                  1/1     Running   0          28m
machine-config-server-xq9wv                  1/1     Running   0          28m
$ oc -n openshift-machine-config-operator logs machine-config-operator-679999dbcb-f56qv | grep -i panic

Comment 7 errata-xmlrpc 2021-07-27 22:57:54 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438


Note You need to log in before you can comment on or make changes to this bug.