Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-12772

Cinder CSI metadata requests can be affected by proxy configuration

XMLWordPrintable

    • ?
    • Low
    • No
    • ShiftStack Sprint 235, ShiftStack Sprint 236, ShiftStack Sprint 237, ShiftStack Sprint 238
    • 4
    • False
    • Hide

      None

      Show
      None
    • Hide
      Cause: http proxy settings were honoured when fetching Nova metadata.
      Consequence: calls to Nova metadata were redirected to the jump-host; in the best case, failing. In the worst case, returning the Nova metadata relative to the proxy server rather than the calling server.
      Fix: http proxy settings are now ignored when contacting the well-known metadata IP.
      Show
      Cause: http proxy settings were honoured when fetching Nova metadata. Consequence: calls to Nova metadata were redirected to the jump-host; in the best case, failing. In the worst case, returning the Nova metadata relative to the proxy server rather than the calling server. Fix: http proxy settings are now ignored when contacting the well-known metadata IP.
    • Bug Fix

      Description of problem:

      Reported upstream in https://github.com/kubernetes/cloud-provider-openstack/issues/2217

Not specifically reproduced in OpenShift, but I have no reason to think we would not be affected, and I know we have users with strict proxy requirements.

The user's configuration requires all OpenStack API requests from the tenant network to go through a proxy. They have configured a proxy 'globally' in their cluster in a manner which also affects the CSI driver.

Attempting to attach a volume to a pod fails. Inspecting the logs we see that cinder attempted to attach the volume to the proxy server, not the node hosting the pod. The reason for this is that the metadata request was also proxied, meaning the returned values relate to the proxy server, not the local server.

      Version-Release number of selected component (if applicable):

      4.13, but likely all versions since we enabled CSI

      How reproducible:

       

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

       

      Expected results:

       

      Additional info:

       

              pprinett@redhat.com Pierre Prinetti
              rhn-gps-mbooth Matthew Booth
              Itshak Brown Itshak Brown
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: