Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2002196

Summary: Pass down proxy env to operands failed for ansible type operator
Product: OpenShift Container Platform Reporter: Fan Jia <jfan>
Component: Operator SDKAssignee: amacdona <austin>
Status: CLOSED ERRATA QA Contact: Fan Jia <jfan>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 4.9CC: aos-bugs, jesusr, marobrie
Target Milestone: ---   
Target Release: 4.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-18 17:51:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Fan Jia 2021-09-08 08:31:01 UTC 
Description of problem:
Pass down proxy env to operands failed for ansible type operator as the description : https://github.com/operator-framework/enhancements/blob/master/enhancements/proxy-passdown.md 

Version-Release number of selected component (if applicable):
operator-sdk version: "v1.10.1-ocp", commit: "972fd59bb3a4cdb2e5102fc37fc3afa32f6c066f", kubernetes version: "v1.21", go version: "go1.16.5", GOOS: "linux", GOARCH: "amd64"

How reproducible:
always

Steps to Reproduce:
1. created a memcached-operator as https://docs.openshift.com/container-platform/4.8/operators/operator_sdk/ansible/osdk-ansible-tutorial.html#osdk-run-locally_osdk-ansible-tutorial and add the proxy to the task file
---
# tasks file for memcached
- name: start memcached
  k8s:
    definition:
      kind: Deployment
      apiVersion: apps/v1
      metadata:
        name: '{{ ansible_operator_meta.name }}-memcached'
        namespace: '{{ ansible_operator_meta.namespace }}'
      spec:
        replicas: "{{size}}"
        selector:
          matchLabels:
            app: memcached
        template:
          metadata:
            labels:
              app: memcached
          spec:
            containers:
            - name: memcached
              command:
              - memcached
              - -m=64
              - -o
              - modern
              - -v
              image: "docker.io/memcached:1.4.36-alpine"
              ports:
                - containerPort: 11211
              env:
              - name: HTTPS_PROXY:
                value: "{{ lookup('env', 'HTTPS_PROXY') | default('', True) }}"
              - name: HTTP_PROXY:
                value: "{{ lookup('env', 'HTTP_PROXY') | default('', True) }}"
              - name: NO_PROXY:
                value: "{{ lookup('env', 'NO_PROXY') | default('', True) }}" 

2. create the CR
apiVersion: cache.example.com/v1
kind: Memcached
metadata:
  name: memcached-sample
...
spec:
...
  size: 1

Actual results:

ansible type operator with error:

$oc logs deployment.apps/memcached-operator-controller-manager -c manager -n memcached-operator-system
`
{"level":"error","ts":1631076632.10605,"logger":"reconciler","msg":"\u001b[0;34mansible-playbook 2.9.24\u001b[0m\r\n\u001b[0;34m config file = /etc/ansible/ansible.cfg\u001b[0m\r\n\u001b[0;34m configured module search path = ['/usr/share/ansible/openshift']\u001b[0m\r\n\u001b[0;34m ansible python module location = /usr/lib/python3.6/site-packages/ansible\u001b[0m\r\n\u001b[0;34m executable location = /usr/bin/ansible-playbook\u001b[0m\r\n\u001b[0;34m python version = 3.6.8 (default, Mar 18 2021, 08:58:41) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]\u001b[0m\r\n\u001b[0;34mUsing /etc/ansible/ansible.cfg as config file\u001b[0m\r\n\u001b[0;31mERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:\u001b[0m\r\n\u001b[0;31mJSON: Expecting value: line 1 column 1 (char 0)\u001b[0m\r\n\u001b[0;31m\u001b[0m\r\n\u001b[0;31mSyntax Error while loading YAML.\u001b[0m\r\n\u001b[0;31m mapping values are not allowed in this context\u001b[0m\r\n\u001b[0;31m\u001b[0m\r\n\u001b[0;31mThe error appears to be in '/opt/ansible/roles/memcached/tasks/main.yml': line 33, column 34, but may\u001b[0m\r\n\u001b[0;31mbe elsewhere in the file depending on the exact syntax problem.\u001b[0m\r\n\u001b[0;31m\u001b[0m\r\n\u001b[0;31mThe offending line appears to be:\u001b[0m\r\n\u001b[0;31m\u001b[0m\r\n\u001b[0;31m env:\u001b[0m\r\n\u001b[0;31m - name: HTTPS_PROXY:\u001b[0m\r\n\u001b[0;31m ^ here\u001b[0m\r\n","job":"2775422040480279449","name":"memcached-sample","namespace":"memcached-system","error":"did not receive playbook_on_stats event","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\toperator-sdk/vendor/github.com/go-logr/zapr/zapr.go:132\ngithub.com/operator-framework/operator-sdk/internal/ansible/controller.(*AnsibleOperatorReconciler).Reconcile\n\toperator-sdk/internal/ansible/controller/reconcile.go:229\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\toperator-sdk/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:298\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\toperator-sdk/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:253\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1.2\n\toperator-sdk/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:216\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext.func1\n\toperator-sdk/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\toperator-sdk/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\toperator-sdk/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\toperator-sdk/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.JitterUntilWithContext\n\toperator-sdk/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:185\nk8s.io/apimachinery/pkg/util/wait.UntilWithContext\n\toperator-sdk/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:99"}
`

Expected results:
The http_proxy can be added to the deployment of memcached-sample. And the CR is created successfully.

Additional info:
Comment 1 amacdona@redhat.com 2021-09-09 16:19:07 UTC 
heres an example with instructions https://github.com/asmacdo/ansible-operator-proxy-demo
Comment 2 Fan Jia 2021-09-10 03:35:27 UTC 
verified.

test env:
1. operator-sdk version: "v1.10.1-ocp", commit: "972fd59bb3a4cdb2e5102fc37fc3afa32f6c066f", kubernetes version: "v1.21", go version: "go1.16.5", GOOS: "linux", GOARCH: "amd64"
2. cv:4.9.0-0.nightly-2021-09-09-145014

3.. add the http_proxy message to the ansible operator task

1)$task/main.yaml
---
- name: start memcached
  community.kubernetes.k8s:
        ......
          spec:
            ......
              env:
                 - Name: HTTP_PROXY: 
                   Value: "{{ lookup('env', 'HTTP_PROXY') | default('', True) }}"
                 - Name: http_proxy: 
                   Value: "{{ lookup('env', 'HTTP_PROXY') | default('', True) }}"
                

2)$Makefile
deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
        cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
        $(KUSTOMIZE) build config/default | CLUSTER_PROXY=$(shell kubectl get proxies.config.openshift.io cluster  -o json | jq '.spec.httpProxy') envsubst | kubectl apply -f -

3)$config/manager/manager.yaml
spec:
  ......
    spec:
      securityContext:
        runAsNonRoot: true
      containers:
      ...........
        env:
        - name: ANSIBLE_GATHERING
          value: explicit
        - name: HTTP_PROXY
          value: $CLUSTER_PROXY

test result:
CR created success and env is passed to operand
1)$ oc create -f config/samples/cache1_v1_blacklist.yaml
blacklist.cache1.blacklist.com/blacklist-sample created

2)$oc get deployment blacklist-sample-blacklist -o=jsonpath={.spec.template.spec.containers[0].env}
[{"name":"HTTP_PROXY","value":"http://proxy-user1:JYgU8qRZV4xxxxxxxxxxxxx@xxxxx-141-199-xx.us-xxxx-2.compute.amazonaws.com:3128"},{"name":"http_proxy","value":"http://proxy-user1:JYgU8qRZV4xxxxxxxxxxxxx@xxxxx-141-199-xx.us-xxxx-2.compute.amazonaws.com:3128"}]
Comment 5 errata-xmlrpc 2021-10-18 17:51:28 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759