Bug 2039109 - [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customization container when behind a proxy
Summary: [FJ OCP4.10 Bug]: startironic.sh failed to pull the image of image-customizat...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.10
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.10.0
Assignee: Tomas Sedovic
QA Contact:
Whiteboard: QJ220126-002
Depends On:
Blocks: 1920358
TreeView+ depends on / blocked
Reported: 2022-01-11 01:39 UTC by Fujitsu container team
Modified: 2022-03-10 16:38 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2022-03-10 16:38:34 UTC
Target Upstream Version:

Attachments (Terms of Use)
Proxy setting in install-config.yaml (589 bytes, text/plain)
2022-01-19 10:16 UTC, Fujitsu container team
no flags Details

System ID Private Priority Status Summary Last Updated
Github openshift installer pull 5513 0 None open Bug 2039109: Fix image-customization-controller image pull failure 2022-01-12 05:03:56 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:38:52 UTC

Description Fujitsu container team 2022-01-11 01:39:49 UTC
Customer Contact Name:

  Yasuhiro Futakawa

Description of Problem:

  IPI failed due to image pull failure. 
  This is because startironic.sh starts the image-customization container with sudo which causes the loss of proxy env. 
  This problem can be resolved by simply removing the sudo used in startironic.sh because this script is executed under the root user. 

Version-Release number of selected component:

  This issue was detected in the Pre-GA version.

  Red Hat OpenShift Container Platform Version Number: 4.10
  Release Number:  4.10.0-0.nightly-2021-12-20-231053
  Kubernetes Version: 1.22.1
  Cri-o Version: 1.23.0
  Related Component: NONE
  Related Middleware/Application: irmc
  Underlying RHCOS Release Number: 4.10
  Underlying RHCOS Architecture: x86_64
  Underlying RHCOS Kernel Version: 4.18.0

Drivers or hardware or architecture dependency:


How reproducible:


Step to Reproduce:

  $ openshift-install --dir ~/clusterconfigs create manifests
  $ openshift-install --dir ~/clusterconfigs --log-level debug create cluster

Actual Results:

  IPI fails due to image pull failure

Expected Results:

  Image can be pulled normally

Summary of actions taken to resolve issue:

  Fujitsu sent PR: https://github.com/openshift/installer/pull/5513

Location of diagnostic data:


Hardware configuration:

  Model: RX2540 M4

Comment 3 Victor Voronkov 2022-01-18 09:43:53 UTC
Hi, in order to properly verify the bug I would like to get more information about the environment and content of proxy section in install-config.yaml, in my test env with squid proxy I wasn't able to reproduce the original issue

Comment 4 Jacob Anders 2022-01-18 10:34:58 UTC
Hase-San- would you or one of your colleagues be able to provide the information requested in https://bugzilla.redhat.com/show_bug.cgi?id=2039109#c3 to our QE Team? Thank you.

Comment 5 Fujitsu container team 2022-01-19 10:14:18 UTC
Dear Victor, Jacob,

I share proxy setting in install-config.yaml
We use local address in install-config.yaml, but we forward the proxy(we use an external proxy actually).
192.168.30.Z is bastion machine of our environment, and this bastion forwards proxy to external.

Best Regards,
Yasuhiro Futakawa

Comment 6 Fujitsu container team 2022-01-19 10:16:52 UTC
Created attachment 1851837 [details]
Proxy setting in install-config.yaml

Comment 7 Jacob Anders 2022-01-20 01:12:45 UTC
Thank you Futakawa-san.

Comment 8 Fujitsu container team 2022-01-21 02:06:13 UTC
Dear Victor, Jacob,

Fujitsu confirmed that we could download the image correctly with the latest nightly which contains PR5513.
So this BZ is fixed.

Best Regards,
Yasuhiro Futakawa

Comment 9 Victor Voronkov 2022-01-21 10:26:31 UTC
Following customer comment, the bug was verified

Comment 12 errata-xmlrpc 2022-03-10 16:38:34 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.