Created attachment 1855484 [details] must-gather Description of problem: IPI installation behind a proxy is failing. The same is working with legacy CAPO. machine-controller container is not able to reach OSP API, presumably because it is not using the proxy: E0126 09:23:04.150076 1 controller.go:317] controller/machine_controller "msg"="Reconciler error" "error"="Failed to authenticate provider client: Get \"https://10.46.44.10:13000/\": dial tcp 10.46.44.10:13000: connect: no route to host" "name"="ostest-lsz7t-master-2" "namespace"="openshift-machine-api" However, the proxy env values are set on the container: $ oc rsh -n openshift-machine-api -c machine-controller machine-api-controllers-5cc999bcff-p9sb8 sh-4.4$ env | grep -i proxy HTTP_PROXY=http://dummy:dummy@172.16.0.3:3128/ NO_PROXY=.cluster.local,.svc,10.128.0.0/14,127.0.0.1,169.254.169.254,172.16.0.0/24,172.30.0.0/16,api-int.ostest.shiftstack.com,localhost HTTPS_PROXY=https://dummy:dummy@172.16.0.3:3130/ sh-4.4$ curl -k https://10.46.44.10:13000/ {"versions": {"values": [{"id": "v3.13", "status": "stable", "updated": "2019-07-19T00:00:00Z", "links": [{"rel": "self", "href": "https://10.46.44.10:13000/v3/"}], "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}]}]}}sh-4.4$ Version-Release number of selected component (if applicable): 4.10.0-0.nightly-2022-01-25-023600 & RHOS-16.1-RHEL-8-20210903.n.0 How reproducible: Always Steps to Reproduce: Install OCP cluster enabling TP features on an isolated network that can only access outside through a proxy. $ oc get featureGate/cluster -o yaml apiVersion: config.openshift.io/v1 kind: FeatureGate metadata: annotations: include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" release.openshift.io/create-only: "true" creationTimestamp: "2022-01-26T08:40:47Z" generation: 1 name: cluster resourceVersion: "959" uid: a9093152-16e9-4d3b-a4af-976f525e2f8c spec: featureSet: TechPreviewNoUpgrade $ oc get proxy/cluster -o yaml apiVersion: config.openshift.io/v1 kind: Proxy metadata: creationTimestamp: "2022-01-26T08:40:22Z" generation: 1 name: cluster resourceVersion: "547" uid: 242cdf17-326c-4485-b32d-840df2e080e2 spec: httpProxy: http://dummy:dummy@172.16.0.3:3128/ httpsProxy: https://dummy:dummy@172.16.0.3:3130/ trustedCA: name: user-ca-bundle status: httpProxy: http://dummy:dummy@172.16.0.3:3128/ httpsProxy: https://dummy:dummy@172.16.0.3:3130/ noProxy: .cluster.local,.svc,10.128.0.0/14,127.0.0.1,169.254.169.254,172.16.0.0/24,172.30.0.0/16,api-int.ostest.shiftstack.com,localhost Actual results: Installation fails. Expected results: Installation OK and cluster operative. Additional info: must-gather and install-config.yaml attached
Setting blocker- because MAPO is not GA in 4.10.
Verified on 4.11.0-0.nightly-2022-03-23-132952 on top of RHOS-16.2-RHEL-8-20220311.n.1. IPI proxy installation with the 3 NetworkTypes worked OK on D/S CI.
with featureGate enabling MAPO: apiVersion: config.openshift.io/v1 kind: FeatureGate metadata: annotations: include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" release.openshift.io/create-only: "true" name: cluster spec: customNoUpgrade: enabled: - MachineAPIProviderOpenStack featureSet: CustomNoUpgrade
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069