Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2005805

Summary: Cannot set whole subnet cidr in noProxy in install-config.yaml for baremetal os4 deployment
Product: OpenShift Container Platform Reporter: Andy Bartlett <andbartl>
Component: Bare Metal Hardware ProvisioningAssignee: Derek Higgins <derekh>
Bare Metal Hardware Provisioning sub component: baremetal-operator QA Contact: Victor Voronkov <vvoronko>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: bbennett, bfournie, derekh, dnagaraj, mmahmoud, nkaushik, shardy, vkochuku, vvoronko
Version: 4.8Keywords: Triaged
Target Milestone: ---   
Target Release: 4.8.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
cause: curl (used by the machine downloader image doesn't support CIDR's in no_proxy) consequence: any CIDR added to noProxy is ignored when downloading the RHCOS image fix: proxys are now removed from the environment if appropriate before calling curl result: When downloading the machine image the value of NO_PROXY is no longer ignored
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-01-05 16:11:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2020546    
Bug Blocks:    

Description Andy Bartlett 2021-09-20 08:53:40 UTC 
Description of problem:

I have a customer having issues with the noproxy settings:

We have to pull the container images via a proxy. I've configured it like below:

install-config.yaml:
apiVersion: v1
baseDomain: xxxx.xxxx.local
proxy:
  httpProxy: http://prx1.<domain>:3128 
  httpsProxy: http://prx1.<domain>:3128
  noProxy: .xxx.xxx.local,10.118.17.8,10.118.145.68,10.118.145.69,10.118.145.70,10.118.145.71,10.118.145.72,10.118.145.72,10.118.145.73,10.118.17.5,10.118.17.6,10.118.17.7,10.118.17.9,10.118.17.20,10.118.17.21

Currently I have to specify every single ip address to be excluded from the proxy. I would rather use 10.118.17.0/26 in the noProxy config but unfortunately that does not work.

In the Openshift3 config it was possible to set a subnetrange ( see chapter 23.3. Configuring Hosts for Proxies) : https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/installation_and_configuration/install-config-http-proxies

If i check the bootstrap node it has automatically added some subnet ranges with should be excluded from the proxy but this does not work either:

[root@bootstrap ~]# set | grep -i proxy
HTTPS_PROXY=http://prx1.<domain>:3128
HTTP_PROXY=http://prx1.<domain>:3128
NO_PROXY=.cluster.local,.xxxx.xxxx.local,.svc,10.118.145.68,10.118.145.69,10.118.145.70,10.118.145.71,10.118.145.72,10.118.145.73,10.118.17.0/26,10.118.17.20,10.118.17.21,10.118.17.5,10.118.17.6,10.118.17.7,10.118.17.8,10.118.17.9,10.128.0.0/14,127.0.0.1,172.30.0.0/16,api-int.xxx.xxxx.xxxx.local,localhost


Version-Release number of selected component (if applicable):

Openshift 4.8 Baremetal Install

How reproducible:

100%


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Mohamed Mahmoud 2021-09-20 12:02:48 UTC 
Why this component is set to MetalLB ? Metallb is not even exists in 4.8 release ?
Comment 13 Mohamed Mahmoud 2021-09-21 12:08:31 UTC 
I assume u are using openshift-install command to create ur cluster ? I just tried an install-config.yaml using something like the following 
apiVersion: v1
baseDomain: gcp.devcluster.openshift.com
proxy:
  httpProxy: http://10.10.10.11:3128 
  httpsProxy: http://10.10,10.11:3128
  noProxy: 10.118.17.0/26,10.118.145.64/26 
compute:
- architecture: amd64
and it didn't complain
Comment 14 Mohamed Mahmoud 2021-09-21 12:12:53 UTC 
(In reply to Mohamed Mahmoud from comment #13)
> I assume u are using openshift-install command to create ur cluster ? I just
> tried an install-config.yaml using something like the following 
> apiVersion: v1
> baseDomain: gcp.devcluster.openshift.com
> proxy:
>   httpProxy: http://10.10.10.11:3128 
>   httpsProxy: http://10.10,10.11:3128
>   noProxy: 10.118.17.0/26,10.118.145.64/26 
> compute:
> - architecture: amd64
> and it didn't complain

were u able to repro this issue if its that straight fwd to repro ?
Comment 16 Mohamed Mahmoud 2021-09-21 14:38:29 UTC 
pls collect the installion logs per https://docs.openshift.com/container-platform/4.8/installing/installing-troubleshooting.html#installation-bootstrap-gather_installing-troubleshooting

and share them
Comment 25 Derek Higgins 2021-09-28 16:23:23 UTC 
This bug appears to be a duplicate of bz#1990556

A solution is currently being worked on and a workaround is described in bz#1990556

Let us know if this workaround works for your setup
Comment 32 Derek Higgins 2021-11-16 14:48:28 UTC 
Attaching fix to support CIDR in the RHOS image download container
Comment 39 errata-xmlrpc 2022-01-05 16:11:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.8.25 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:5209
Comment 42 Victor Voronkov 2022-04-25 05:58:40 UTC 
no need in automation, same issue covered by https://bugzilla.redhat.com/show_bug.cgi?id=1990556