StarlingX

"no-proxy" is not automatically set when setting docker proxy

Bug #2062079 reported by João Victor Portal on 2024-04-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	Medium	João Victor Portal

Bug Description

Brief Description
-----------------
"no-proxy" is not automatically set when setting docker proxy. One symptom is pods failing, like ceph-pools-audit (executed every 5 minutes), because the pod executes a request using the Kubernetes apiserver cluster API IP (10.96.0.1 in IPv4 deploys) and this request is sent to the proxy, while it should be treated locally (the IP 10.96.0.1 should be present in the environment variable "NO_PROXY" of docker and containerd services).

Severity
--------
Major.

Steps to Reproduce
------------------
Set up proxy with
source /etc/platform/openrc
system service-parameter-add docker proxy https_proxy=http://1.2.3.4:3128
system service-parameter-add docker proxy http_proxy=http://1.2.3.4:3128
system service-parameter-apply docker

Expected Behavior
------------------
Proxy is applied, rest of the functionalities is not impacted.

Actual Behavior
----------------
Since "no-proxy" is not automatically configured with proxy setting, the functionality gets broken.

Reproducibility
---------------
100% reproducible.

System Configuration
--------------------
Any.

Branch/Pull Time/Commit
-----------------------
NA.

Last Pass
---------
NA.

Timestamp/Logs
--------------
NA.

Test Activity
-------------
NA.

Workaround
----------
Manually set up "no-proxy".

See original description

Tags:

João Victor Portal (jvictorp) on 2024-04-17

Changed in starlingx:
assignee:	nobody → João Victor Portal (jvictorp)

OpenStack Infra (hudson-openstack) on 2024-04-17

Changed in starlingx:
status:	New → In Progress

João Victor Portal (jvictorp) on 2024-04-19

description:	updated
description:	updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-04-23: Fix proposed to docs (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/docs/+/916834

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-04-24: Fix merged to config (master)

Reviewed: https://review.opendev.org/c/starlingx/config/+/916019
Committed: https://opendev.org/starlingx/config/commit/2ede09a70a20ab904e48c245b7f6e09b2720d893
Submitter: "Zuul (22348)"
Branch: master

commit 2ede09a70a20ab904e48c245b7f6e09b2720d893
Author: Joao Victor Portal <email address hidden>
Date: Tue Apr 16 17:45:42 2024 -0300

Export apiserver cluster IP to puppet var

    The Kubernetes API server cluster IP in not available for puppet
    manifests. This commit makes this information available at
    "platform::kubernetes::params::apiserver_cluster_ip".

Test Plan:

    PASS: Successfully deploy an IPv4 AIO-SX and verify that the following
    line is present at file
    "/opt/platform/puppet/24.03/hieradata/system.yaml":
    "platform::kubernetes::params::apiserver_cluster_ip: 10.96.0.1".

Partial-Bug: 2062079

Change-Id: I1ef708ca519c25a4504c7a0ccd92db8fd46ddb3d
Signed-off-by: Joao Victor Portal <email address hidden>

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-04-24: Fix merged to stx-puppet (master)

Reviewed: https://review.opendev.org/c/starlingx/stx-puppet/+/915924
Committed: https://opendev.org/starlingx/stx-puppet/commit/937132aafb7ff35db33d02042656156386a0970c
Submitter: "Zuul (22348)"
Branch: master

commit 937132aafb7ff35db33d02042656156386a0970c
Author: Joao Victor Portal <email address hidden>
Date: Mon Apr 15 18:16:55 2024 -0300

Added system IPs to services "NO_PROXY" list

    When configuring the Docker proxy (see feature doc at
    https://docs.starlingx.io/configuration/docker_proxy_config.html), the
    system IPs should be added automatically to the "NO_PROXY" environment
    variable of services "docker" and "containerd". This configuration was
    lost long time ago during a code cleanup (review
    https://review.opendev.org/c/starlingx/config/+/703516 , file
    controllerconfig/controllerconfig/controllerconfig/configassistant.py ,
    line 2286). This commit implements again the addition of system IPs to
    "NO_PROXY" list.

Test Plan:

    PASS: Successfully deploy an IPv4 AIO-SX and an IPv6 AIO-DX with no
    bootstrap overrides.
    PASS: In the deployed IPv4 AIO-SX with no bootstrap overrides, apply the
    configuration below and verify that the pod "ceph-pools-audit" (executed
    every 5 minutes) continues working correctly:
    source /etc/platform/openrc
    system service-parameter-add docker proxy
    https_proxy=http://1.2.3.4:3128
    system service-parameter-add docker proxy http_proxy=http://1.2.3.4:3128
    system service-parameter-add docker proxy no_proxy="5.6.7.8"
    system service-parameter-apply docker
    PASS: Repeat the test above in the IPv6 AIO-DX with no bootstrap
    overrides.
    PASS: Successfully deploy an IPv4 AIO-SX and an IPv6 AIO-DX with Docker
    proxy bootstrap overrides. Verify that the environment variables for
    "docker" and "containerd" services (at
    /etc/systemd/system/docker.service.d/http-proxy.conf and
    /etc/systemd/system/containerd.service.d/http-proxy.conf) are correct.
    Verify that the pod "ceph-pools-audit" (executed every 5 minutes)
    continues working correctly.

Partial-Bug: 2062079

    Depends-On: https://review.opendev.org/c/starlingx/config/+/916019
    Change-Id: I7691fab7c4e2ba813bac1bf71c0ed7d4c4432380
    Signed-off-by: Joao Victor Portal <email address hidden>

Reviewed:  https://review.opendev.org/c/starlingx/stx-puppet/+/915924
Committed: https://opendev.org/starlingx/stx-puppet/commit/937132aafb7ff35db33d02042656156386a0970c
Submitter: "Zuul (22348)"
Branch:    master

commit 937132aafb7ff35db33d02042656156386a0970c
Author: Joao Victor Portal <Joao.VictorPortal@windriver.com>
Date:   Mon Apr 15 18:16:55 2024 -0300

Added system IPs to services "NO_PROXY" list
    
    When configuring the Docker proxy (see feature doc at
    https://docs.starlingx.io/configuration/docker_proxy_config.html), the
    system IPs should be added automatically to the "NO_PROXY" environment
    variable of services "docker" and "containerd". This configuration was
    lost long time ago during a code cleanup (review
    https://review.opendev.org/c/starlingx/config/+/703516 , file
    controllerconfig/controllerconfig/controllerconfig/configassistant.py ,
    line 2286). This commit implements again the addition of system IPs to
    "NO_PROXY" list.
    
    Test Plan:
    
    PASS: Successfully deploy an IPv4 AIO-SX and an IPv6 AIO-DX with no
    bootstrap overrides.
    PASS: In the deployed IPv4 AIO-SX with no bootstrap overrides, apply the
    configuration below and verify that the pod "ceph-pools-audit" (executed
    every 5 minutes) continues working correctly:
    source /etc/platform/openrc
    system service-parameter-add docker proxy
    https_proxy=http://1.2.3.4:3128
    system service-parameter-add docker proxy http_proxy=http://1.2.3.4:3128
    system service-parameter-add docker proxy no_proxy="5.6.7.8"
    system service-parameter-apply docker
    PASS: Repeat the test above in the IPv6 AIO-DX with no bootstrap
    overrides.
    PASS: Successfully deploy an IPv4 AIO-SX and an IPv6 AIO-DX with Docker
    proxy bootstrap overrides. Verify that the environment variables for
    "docker" and "containerd" services (at
    /etc/systemd/system/docker.service.d/http-proxy.conf and
    /etc/systemd/system/containerd.service.d/http-proxy.conf) are correct.
    Verify that the pod "ceph-pools-audit" (executed every 5 minutes)
    continues working correctly.
    
    Partial-Bug: 2062079
    
    Depends-On: https://review.opendev.org/c/starlingx/config/+/916019
    Change-Id: I7691fab7c4e2ba813bac1bf71c0ed7d4c4432380
    Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-04-25: Fix merged to docs (master)

Reviewed: https://review.opendev.org/c/starlingx/docs/+/916834
Committed: https://opendev.org/starlingx/docs/commit/fabaaeedc970ec9cf9ae97e18b7950dae98b03a4
Submitter: "Zuul (22348)"
Branch: master

commit fabaaeedc970ec9cf9ae97e18b7950dae98b03a4
Author: Joao Victor Portal <email address hidden>
Date: Tue Apr 23 15:28:10 2024 -0300

Fix Docker registry configuration commands (dsr8MR2+, dsMR3)

The commands to configure and apply the service parameters related to
Docker proxy feature were outdated.

Partial-Bug: 2062079

Change-Id: Ib8d8deb19528120b7813d406ad9d5e6b952a760f
Signed-off-by: Joao Victor Portal <email address hidden>

Ghada Khalil (gkhalil) on 2024-04-25

Changed in starlingx:
importance:	Undecided → Medium
tags:	added: stx.10.0 stx.containers

Ghada Khalil (gkhalil) on 2024-05-01

Changed in starlingx:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.