Bug 2000542 - Cluster Proxy not used during installation on OSP
Summary: Cluster Proxy not used during installation on OSP
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Compute
Version: 4.8
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.8.z
Assignee: Eric Duen
QA Contact: rlobillo
Depends On: 1986540
Blocks: 2000551
TreeView+ depends on / blocked
Reported: 2021-09-02 11:16 UTC by OpenShift BugZilla Robot
Modified: 2021-09-16 08:18 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: The HTTP transport to connect to OpenStack endpoints using a custom CA certificate was missing the Proxy settings. Consequence: Cluster wasn't fully operational when deployed on OpenStack with a combination of proxy and custom CA certificate. Fix: Pass the proxy settings to the HTTP transport used when connecting with a custom CA certificate. Result: All cluster components work as expected.
Clone Of:
: 2000551 (view as bug list)
Last Closed: 2021-09-14 06:57:48 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-api-provider-openstack pull 199 0 None None None 2021-09-03 10:43:28 UTC
Red Hat Product Errata RHBA-2021:3429 0 None None None 2021-09-14 06:58:07 UTC

Comment 1 Martin André 2021-09-02 12:51:43 UTC
Bumping severity because it blocks install behind a proxy.

Comment 5 rlobillo 2021-09-07 10:00:54 UTC
Verified on 4.8.0-0.nightly-2021-09-06-042819 on top of OSP16.1 (RHOS-16.1-RHEL-8-20210604.n.0) using OpenShiftSDN network type. The installation was performed using IPI on restricted network and configuring a proxy with http and https:

--- install-config.yaml section ---
    cloud:            "shiftstack"
    externalNetwork:  ""
    region:           "regionOne"
    computeFlavor:    "m4.xlarge"
    machinesSubnet: 5bd85e62-3487-4d41-977f-f508c1f40045
    apiVIP: ""
    ingressVIP: ""
  httpProxy: http://dummy:dummy@
  httpsProxy: https://dummy:dummy@

The error log mentioned on the bug description is not appearing:

$ oc logs machine-api-controllers-68b7c76784-l7zmk -n openshift-machine-api -c machine-controller | grep "Failed to authenticate provider client"
[cloud-user@installer-host ~]$ 

And the nodes were successfully deployed:

$ oc get nodes
NAME                          STATUS   ROLES    AGE   VERSION
ostest-mfhzv-master-0         Ready    master   70m   v1.21.1+9807387
ostest-mfhzv-master-1         Ready    master   70m   v1.21.1+9807387
ostest-mfhzv-master-2         Ready    master   70m   v1.21.1+9807387
ostest-mfhzv-worker-0-8rrrn   Ready    worker   48m   v1.21.1+9807387
ostest-mfhzv-worker-0-bgvnz   Ready    worker   47m   v1.21.1+9807387
ostest-mfhzv-worker-0-ncqj6   Ready    worker   48m   v1.21.1+9807387

$ oc -n openshift-machine-api get pods 
NAME                                          READY   STATUS    RESTARTS   AGE
cluster-autoscaler-operator-8b565f5b4-cwzd8   2/2     Running   0          73m
cluster-baremetal-operator-747bc97d67-bd54c   2/2     Running   5          73m
machine-api-controllers-68b7c76784-l7zmk      7/7     Running   0          61m
machine-api-operator-5467b94745-rlpsl         2/2     Running   1          73m

$ oc -n openshift-machine-api -c machine-controller rsh machine-api-controllers-68b7c76784-l7zmk
sh-4.4$ env | grep -i proxy

Please note that installation is not completed successfully because the Storage clusteroperator is degraded due to https://bugzilla.redhat.com/show_bug.cgi?id=1996672

$ oc logs -n openshift-cluster-csi-drivers openstack-cinder-csi-driver-operator-cdb55587b-pxfwk | tail -2
I0907 09:50:41.219043       1 event.go:282] Event(v1.ObjectReference{Kind:"ConfigMap", Namespace:"openshift-cluster-csi-drivers", Name:"openstack-cinder-csi-driver-operator-lock", UID:"64cd106c-2953-42dc-a781-3774d0d13f2d", APIVersion:"v1", ResourceVersion:"45917", FieldPath:""}): type: 'Normal' reason: 'LeaderElection' openstack-cinder-csi-driver-operator-cdb55587b-pxfwk_51e75064-f774-41a2-ae2f-8e9248709ab9 became leader
W0907 09:50:44.319558       1 builder.go:99] graceful termination failed, controllers failed with error: couldn't collect info about cloud availability zones: failed to create a compute client: Get "": dial tcp connect: no route to host

Comment 7 errata-xmlrpc 2021-09-14 06:57:48 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.8.11 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.