Bug 2071689 - Machine-config daemon does not recover from broken Proxy configuration
Summary: Machine-config daemon does not recover from broken Proxy configuration
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Machine Config Operator
Version: 4.7
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.9.z
Assignee: Yu Qi Zhang
QA Contact: Sergio
URL:
Whiteboard:
: 2071686 (view as bug list)
Depends On: 1981549
Blocks: 2089971
TreeView+ depends on / blocked
 
Reported: 2022-04-04 14:35 UTC by OpenShift BugZilla Robot
Modified: 2022-11-17 11:36 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-05-31 17:26:43 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift machine-config-operator pull 3057 0 None open [release-4.9] Bug 2071689: lib/resourcemerge: handle container env var deletions 2022-04-04 14:36:33 UTC
Red Hat Product Errata RHBA-2022:4741 0 None None None 2022-05-31 17:27:02 UTC

Comment 1 Pablo Alonso Rodriguez 2022-04-04 14:38:38 UTC
*** Bug 2071686 has been marked as a duplicate of this bug. ***

Comment 5 Sergio 2022-05-26 15:12:33 UTC
Verified using ipi aws deployment with version: 
$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.9.0-0.nightly-2022-05-25-223510   True        False         45m     Error while reconciling 4.9.0-0.nightly-2022-05-25-223510: an unknown error has occurred: MultipleErrors


Verification steps:

1. Configure a proxy in the cluster

oc edit proxy cluster
...
  spec:
    httpProxy: http://user:pass@proxy-fake:1111
    httpsProxy: http://user:pass@proxy-fake:1111
    noProxy: test.no-proxy.com
    trustedCA:
      name: ""

2. Verfify that the proxy has been added to MCD pods environment variables
$ oc get pods -o yaml machine-config-daemon-6snvk | grep env -A 9
    env:
    - name: NODE_NAME
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: spec.nodeName
    - name: HTTP_PROXY
      value: http://user:pass@proxy-fake:1111
    - name: HTTPS_PROXY
      value: http://user:pass@proxy-fake:1111

3. Remove the proxy from the cluster

oc edit proxy cluster
...
spec:
  trustedCA:
    name: ""

4. Verify that the proxy has been removed from MCD pods environmnet variables

$ oc get pods machine-config-daemon-4gv8c -o yaml | grep env -A 9
...
    env:
    - name: NODE_NAME
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: spec.nodeName
    image: quay.io/openshift-release-d.....


Fake proxies will break the nodes (they cant get ready) and will cause the daemonset pods to be stuck in terminating status. It's better to use a real proxy to execute the verification steps.



We move the status to VERIFIED.

Comment 7 errata-xmlrpc 2022-05-31 17:26:43 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.9.36 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:4741


Note You need to log in before you can comment on or make changes to this bug.