Hide Forgot
Description of problem: get-resources.sh[0] used by OCP 4.8.2 includes var no_proxy but curl is not making reference to the variable: #!/bin/bash -xe # Check and set http(s)_proxy. Required for cURL to use a proxy export http_proxy=${http_proxy:-$HTTP_PROXY} export https_proxy=${https_proxy:-$HTTPS_PROXY} export no_proxy=${no_proxy:-$NO_PROXY} export CURL_CA_BUNDLE=${CURL_CA_BUNDLE:-/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem} export IP_OPTIONS=${IP_OPTIONS:-} .... else CONNECT_TIMEOUT=120 MAX_ATTEMPTS=5 for i in $(seq ${MAX_ATTEMPTS}); do if ! curl -g --compressed -L --connect-timeout ${CONNECT_TIMEOUT} -o "${RHCOS_IMAGE_FILENAME_RAW}" "${IMAGE_URL}/${RHCOS_IMAGE_FILENAME_RAW}"; then if (( ${i} == ${MAX_ATTEMPTS} )); then echo "Download failed." exit 1 else SLEEP_TIME=$((i*i)) echo "Download failed, retrying after ${SLEEP_TIME} seconds..." sleep ${SLEEP_TIME} fi else break fi done ... } As workaround, by updating the script /usr/local/bin/get-resource.sh with the correct noproxy information, the installation continue [0]https://github.com/openshift/ironic-rhcos-downloader/blob/71967e7deca9e9d0e094cbaedb7fe7ce0267dd84/get-resource.sh Version-Release number of selected component (if applicable): Deploy a cluster with proxy settings and serving the ipa and rhcos images in a local http server with no proxy in the middle How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: The script download fails because of the proxy Expected results: Download images correctly as per proxy configuration Additional info:
Hi @kiran: adding the IP in the list of the noProxy variable works as expected. Is expected to allow CIDR in the noProxy list for future versions?
(In reply to Pamela Escorza from comment #13) > Hi @kiran: adding the IP in the list of the noProxy variable > works as expected. > Is expected to allow CIDR in the noProxy list for future versions? Hi Pamela, I doubt the CIDRs in no_proxy/NO_PROXY ever worked with curl or wget. Its a limitation of these tools. Short of rendering the CIDRs into IP addresses, I don't think this will look different in the future releases. Thanks. https://www.gnu.org/software/wget/manual/html_node/Proxies.html https://curl.se/docs/manpage.html
@derekh Can you please provide Doc Text to assist in drawing up the Release Notes entry?
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056