Merge pull request #4720 from adellape/enterprise-3.5

BZ#1458660: NO_PROXY etcd IP workaround

Author: adellape

install_config/install/advanced_install.adoc

@@ -1362,10 +1362,59 @@ specifications, and save it as *_/etc/ansible/hosts_*.
 [[running-the-advanced-installation]]
 == Running the Advanced Installation
 
-After you have xref:configuring-ansible[configured Ansible] by defining an
-inventory file in *_/etc/ansible/hosts_*, you can run the advanced installation
-using the following playbook:
-
+After you have finished xref:configuring-ansible[configuring Ansible] by
+defining your own inventory file in *_/etc/ansible/hosts_* or modifying one of
+the xref:adv-install-example-inventory-files[example inventories], follow these
+steps to run the advanced installation:
+
+// tag::BZ1466783-workaround-install[]
+. If you are using a proxy, you must add the IP address of the etcd endpoints to
+the `openshift_no_proxy` cluster variable in your inventory file.
++
+[NOTE]
+====
+If you are not using a proxy, you can skip this step.
+====
++
+In {product-title}
+ifdef::openshift-enterprise[]
+3.4,
+endif::[]
+ifdef::openshift-origin[]
+1.4,
+endif::[]
+the master connected to the etcd cluster using the host name of the etcd
+endpoints. In {product-title}
+ifdef::openshift-enterprise[]
+3.5,
+endif::[]
+ifdef::openshift-origin[]
+1.5,
+endif::[]
+the master now connects to etcd via IP address.
++
+When configuring a cluster to use proxy settings (see
+xref:advanced-install-configuring-global-proxy[Configuring Global Proxy Options]), this change causes the master-to-etcd connection to be proxied as
+well, rather than being excluded by host name in each host's `NO_PROXY` setting
+(see
+xref:../../install_config/http_proxies.adoc#install-config-http-proxies[Working with HTTP Proxies] for more about `NO_PROXY`).
++
+To workaround this issue, set the following:
++
+----
+openshift_no_proxy=https://<ip_address>:<port>
+----
++
+Use the IP that the master will use to contact the etcd cluster as the
+`<ip_address>`. The `<port>` should be `2379` if you are using standalone etcd
+(clustered) or `4001` for embedded etcd (single master, non-clustered etcd). The
+installer will be updated in a future release to handle this scenario
+automatically during installation and upgrades
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1466783[*BZ#1466783*]).
+// end::BZ1466783-workaround-install[]
+
+. Run the advanced installation using the following playbook:
++
 ----
 ifdef::openshift-enterprise[]
 # ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml
@@ -1374,17 +1423,20 @@ ifdef::openshift-origin[]
 # ansible-playbook ~/openshift-ansible/playbooks/byo/config.yml
 endif::[]
 ----
-
++
 If for any reason the installation fails, before re-running the installer, see
-xref:installer-known-issues[Known Issues] to check for any specific
-instructions or workarounds.
+xref:installer-known-issues[Known Issues] to check for any specific instructions
+or workarounds.
+
+. After the installation succeeds, continue to
+xref:advanced-verifying-the-installation[Verifying the Installation].
 
 [[advanced-verifying-the-installation]]
 == Verifying the Installation
 
-// tag::verifying-the-installation[]
 After the installation completes:
 
+// tag::verifying-the-installation[]
 . Verify that the master is started and nodes
 are registered and reporting in *Ready* status. _On the master host_, run the
 following as root:

install_config/install/disconnected_install.adoc

@@ -2,7 +2,7 @@
 = Disconnected Installation
 {product-author}
 {product-version}
-:latest-tag: v3.5.5.15
+:latest-tag: v3.5.5.26
 :latest-int-tag: 3.5.0
 :latest-registry-console-tag: 3.5
 :data-uri:

install_config/install/quick_install.adoc

@@ -280,6 +280,67 @@ xref:quick-verifying-the-installation[verify the installation].
 [[quick-verifying-the-installation]]
 == Verifying the Installation
 
+After the installation completes:
+
+. If you are using a proxy, you must add the IP address of the etcd endpoints to
+the `openshift_no_proxy` cluster variable in your inventory file.
++
+[NOTE]
+====
+If you are not using a proxy, you can skip this step.
+====
++
+In {product-title}
+ifdef::openshift-enterprise[]
+3.4,
+endif::[]
+ifdef::openshift-origin[]
+1.4,
+endif::[]
+the master connected to the etcd cluster using the host name of the etcd
+endpoints. In {product-title}
+ifdef::openshift-enterprise[]
+3.5,
+endif::[]
+ifdef::openshift-origin[]
+1.5,
+endif::[]
+the master now connects to etcd via IP address.
++
+When configuring a cluster to use proxy settings (see
+xref:../../install_config/install/advanced_install.adoc#advanced-install-configuring-global-proxy[Configuring Global Proxy Options]), this change causes the master-to-etcd connection to be
+proxied as well, rather than being excluded by host name in each host's
+`NO_PROXY` setting (see
+xref:../../install_config/http_proxies.adoc#install-config-http-proxies[Working with HTTP Proxies] for more about `NO_PROXY`).
+
+.. To workaround this issue, add the IP address of the etcd endpoints to the
+`NO_PROXY` environment variable on each master host's
+*_/etc/sysconfig/atomic-openshift-master-controllers_* file. For example:
++
+----
+NO_PROXY=https://<ip_address>:<port>
+----
++
+Use the IP that the master will use to contact the etcd cluster as the
+`<ip_address>`. The `<port>` should be `2379` if you are using standalone etcd
+(clustered) or `4001` for embedded etcd (single master, non-clustered etcd). The
+installer will be updated in a future release to handle this scenario
+automatically during installation and upgrades
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1466783[*BZ#1466783*]).
+
+.. Restart the master service for the changes to take effect:
++
+ifdef::openshift-origin[]
+----
+# systemctl restart origin-master
+----
+endif::[]
+ifdef::openshift-enterprise[]
+----
+# systemctl restart atomic-openshift-master
+----
+endif::[]
+
 include::install_config/install/advanced_install.adoc[tag=verifying-the-installation]
 
 . Then, see xref:quick-install-whats-next[What's Next] for the next steps on

install_config/revhistory_install_config.adoc

@@ -8,6 +8,24 @@
 
 // do-release: revhist-tables
 
+== Fri Jul 07 2017
+
+// tag::install_config_fri_jul_07_2017[]
+[cols="1,3",options="header"]
+|===
+
+|Affected Topic |Description of Change
+//Fri Jul 07 2017
+
+|xref:../install_config/install/advanced_install.adoc#install-config-install-advanced-install[Installing a Cluster -> Advanced Installation]
+.4+.^|Added workaround for `NO_PROXY` issue. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1466783[*BZ#1466783*])
+|xref:../install_config/install/quick_install.adoc#install-config-install-quick-install[Installing a Cluster -> Quick Installation]
+|xref:../install_config/upgrading/manual_upgrades.adoc#install-config-upgrading-manual-upgrades[Upgrading a Cluster -> Manual In-place Upgrades]
+|xref:../install_config/upgrading/automated_upgrades.adoc#install-config-upgrading-automated-upgrades[Upgrading a Cluster -> Automated In-place Upgrades]
+
+|===
+// end::install_config_fri_jul_07_2017[]
+
 == Thu Jul 06 2017
 
 // tag::install_config_thu_jul_06_2017[]
@@ -21,6 +39,8 @@
 |New topic on enabling controller-managed attachment and detachment.
 
 |===
+// end::install_config_thu_jul_06_2017[]
+
 == Tue Jun 27 2017
 
 // tag::install_config_tue_jun_27_2017[]

install_config/upgrading/automated_upgrades.adoc

@@ -2,7 +2,7 @@
 = Performing Automated In-place Cluster Upgrades
 {product-author}
 {product-version}
-:latest-tag: v3.5.5.15
+:latest-tag: v3.5.5.26
 :latest-int-tag: v3.5
 :data-uri:
 :icons:
@@ -579,7 +579,68 @@ complete the metrics deployment upgrade.
 
 To verify the upgrade:
 
-. First check that all nodes are marked as *Ready*:
+// tag::BZ1466783-workaround-upgrade[]
+. If you are using a proxy, you must add the IP address of the etcd endpoints to
+the `openshift_no_proxy` cluster variable in your inventory file.
++
+[NOTE]
+====
+If you are not using a proxy, you can skip this step.
+====
++
+In {product-title}
+ifdef::openshift-enterprise[]
+3.4,
+endif::[]
+ifdef::openshift-origin[]
+1.4,
+endif::[]
+the master connected to the etcd cluster using the host name of the etcd
+endpoints. In {product-title}
+ifdef::openshift-enterprise[]
+3.5,
+endif::[]
+ifdef::openshift-origin[]
+1.5,
+endif::[]
+the master now connects to etcd via IP address.
++
+When configuring a cluster to use proxy settings (see
+xref:../../install_config/install/advanced_install.adoc#advanced-install-configuring-global-proxy[Configuring Global Proxy Options]), this change causes the master-to-etcd connection to be
+proxied as well, rather than being excluded by host name in each host's
+`NO_PROXY` setting (see
+xref:../../install_config/http_proxies.adoc#install-config-http-proxies[Working with HTTP Proxies] for more about `NO_PROXY`).
+
+.. To workaround this issue, add the IP address of the etcd endpoint to the
+`NO_PROXY` environment variable on each master host's
+*_/etc/sysconfig/atomic-openshift-master-controllers_* file. For example:
++
+----
+NO_PROXY=https://<ip_address>:<port>
+----
++
+Use the IP that the master will use to contact the etcd cluster as the
+`<ip_address>`. The `<port>` should be `2379` if you are using standalone etcd
+(clustered) or `4001` for embedded etcd (single master, non-clustered etcd). The
+installer will be updated in a future release to handle this scenario
+automatically during installation and upgrades
+(link:https://bugzilla.redhat.com/show_bug.cgi?id=1466783[*BZ#1466783*]).
+
+.. Restart the master service for the changes to take effect:
++
+ifdef::openshift-origin[]
+----
+# systemctl restart origin-master
+----
+endif::[]
+ifdef::openshift-enterprise[]
+----
+# systemctl restart atomic-openshift-master
+----
+endif::[]
+// end::BZ1466783-workaround-upgrade[]
+
+. Check that all nodes are marked as *Ready*:
 +
 ----
 # oc get nodes

install_config/upgrading/manual_upgrades.adoc

@@ -2,7 +2,7 @@
 = Performing Manual In-place Cluster Upgrades
 {product-author}
 {product-version}
-:latest-tag: v3.5.5.15
+:latest-tag: v3.5.5.26
 :latest-int-tag: v3.5
 :data-uri:
 :icons:
@@ -1381,11 +1381,18 @@ There are no additional manual steps for the upgrade to
 xref:../../release_notes/ocp_3_5_release_notes.adoc#ocp-3-5-5-8[{product-title} 3.5.5.8] that are not already mentioned inline during the standard manual
 upgrade process.
 
-[[manual-step-ocp-3-5-5-15]]
-=== {product-title} 3.5.5.15
+[[manual-step-ocp-3-5-5-24]]
+=== {product-title} 3.5.5.24
 
 There are no additional manual steps for the upgrade to
-xref:../../release_notes/ocp_3_5_release_notes.adoc#ocp-3-5-5-15[{product-title} 3.5.5.15] that are not already mentioned inline during the standard manual
+xref:../../release_notes/ocp_3_5_release_notes.adoc#ocp-3-5-5-24[{product-title} 3.5.5.24] that are not already mentioned inline during the standard manual
+upgrade process.
+
+[[manual-step-ocp-3-5-5-26]]
+=== {product-title} 3.5.5.26
+
+There are no additional manual steps for the upgrade to
+xref:../../release_notes/ocp_3_5_release_notes.adoc#ocp-3-5-5-24[{product-title} 3.5.5.26] that are not already mentioned inline during the standard manual
 upgrade process.
 endif::[]
 
@@ -1641,23 +1648,26 @@ endif::[]
 [[manual-upgrades-verifying-the-upgrade]]
 == Verifying the Upgrade
 
-To verify the upgrade, first check that all nodes are marked as *Ready*:
+To verify the upgrade:
+
+include::install_config/upgrading/automated_upgrades.adoc[tag=BZ1466783-workaround-upgrade]
 
+. Check that all nodes are marked as *Ready*:
++
 ----
 # oc get nodes
 NAME                        STATUS                     AGE
 master.example.com          Ready,SchedulingDisabled   165d
 node1.example.com           Ready                      165d
 node2.example.com           Ready                      165d
-
 ----
 
-Then, verify that you are running the expected versions of the *docker-registry*
+. Verify that you are running the expected versions of the *docker-registry*
 and *router* images, if deployed.
 ifdef::openshift-enterprise[]
 Replace `<tag>` with `{latest-tag}` for the latest version.
 endif::[]
-
++
 ----
 ifdef::openshift-enterprise[]
 # oc get -n default dc/docker-registry -o json | grep \"image\"
@@ -1673,17 +1683,15 @@ ifdef::openshift-origin[]
 endif::[]
 ----
 
-
 ifdef::openshift-origin[]
-If you upgraded from Origin 1.0 to Origin 1.1, verify in your old
+. If you upgraded from Origin 1.0 to Origin 1.1, verify in your old
 *_/etc/sysconfig/openshift-master_* and *_/etc/sysconfig/openshift-node_* files
 that any custom configuration is added to your new
 *_/etc/sysconfig/origin-master_* and *_/etc/sysconfig/origin-node_* files.
 endif::[]
 
-You can use the diagnostics tool on the master to look for
-common issues:
-
+. Use the diagnostics tool on the master to look for common issues:
++
 ----
 # oadm diagnostics
 ...