Closed yeungalan0 closed 3 years ago
I've just tried to deploy Eclipse Che 7.27 on OpenShift 4.7 with cluster wide proxy configured.
I've set nonProxyHosts
due to https://github.com/eclipse/che/issues/17681
nonProxyHosts: 'api.<DOMAIN>|oauth-openshift.apps.<DOMAIN>'
I was able to start a workspace and project was successfully cloned.
It leads me to question if it is possible to check proxy server logs?
@azatsarynnyy
I am wondering if curl
is used to clone the project.
If so, @yeungalan0 could you check if curl works correctly inside theia container?
Thanks for looking into this @tolusha !
Ok we're using Eclipse Che 7.27 on Openshift 4.5.31 with a cluster wide proxy configured.
We used the default operator settings (so we didn't set the nonProxyHosts
manually).
Unfortunately, we do not have access to the proxy server logs to see if the request even hit it.
curl
seems to work without issue on the theia container.
bash-5.0$ curl www.google.com
<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for." name="description"><meta content="noodp" name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/logos/doodles/2021/wu-lien-tehs-142nd-birthday-6753651837108881-l.png" itemprop="image"><meta content="Dr. Wu Lien-teh's 142nd Birthday"
...
The default operator settings we used to standup the cluster:
apiVersion: org.eclipse.che/v1
kind: CheCluster
metadata:
name: eclipse-che
namespace: eclipse-che
spec:
auth:
identityProviderURL: ''
identityProviderRealm: ''
oAuthSecret: ''
identityProviderPassword: ''
identityProviderImage: ''
oAuthClientName: ''
initialOpenShiftOAuthUser: true
identityProviderClientId: ''
identityProviderAdminUserName: ''
externalIdentityProvider: false
database:
postgresImage: ''
chePostgresUser: ''
externalDb: false
chePostgresHostName: ''
chePostgresPassword: ''
chePostgresDb: ''
chePostgresPort: ''
metrics:
enable: true
server:
proxyURL: ''
cheClusterRoles: ''
singleHostGatewayConfigMapLabels: {}
singleHostGatewayImage: ''
proxyPassword: ''
nonProxyHosts: ''
pluginRegistryImage: ''
serverMemoryRequest: ''
devfileRegistryImage: ''
proxyPort: ''
singleHostGatewayConfigSidecarImage: ''
tlsSupport: true
serverMemoryLimit: ''
allowUserDefinedWorkspaceNamespaces: false
serverTrustStoreConfigMapName: ''
proxyUser: ''
cheImage: ''
cheWorkspaceClusterRole: ''
workspaceNamespaceDefault: <username>-che
serverExposureStrategy: ''
gitSelfSignedCert: false
useInternalClusterSVCNames: true
cheFlavor: ''
cheImageTag: ''
storage:
postgresPVCStorageClassName: ''
preCreateSubPaths: true
pvcClaimSize: 1Gi
pvcJobsImage: ''
pvcStrategy: common
workspacePVCStorageClassName: ''
So seems like the OpenShift cluster wide proxy settings are automatically set in the theia container (including the no_proxy
). When I unset the proxies and then run a clone, the timeout issue appears. Which seems to indicate that the module that does the initial git clone
just seems to not have inherited the proxy Env variables somehow...
bash-5.0$ unset https_proxy http_proxy
bash-5.0$ git clone https://github.com/che-samples/python-hello-world.git
Cloning into 'python-hello-world'...
fatal: unable to access 'https://github.com/che-samples/python-hello-world.git/': Failed to connect to github.com port 443: Operation timed out
Your suggestions make sense... I don't see that env variables are used to clone the project [1] [2] [3] @azatsarynnyy it sounds like a bug
[1] https://github.com/eclipse/che-theia/blob/master/plugins/workspace-plugin/src/git.ts#L101 [2] https://github.com/eclipse/che-theia/blob/master/plugins/workspace-plugin/src/exec.ts#L15 [3] https://github.com/eclipse/che-theia/blob/master/plugins/workspace-plugin/src/exec.ts#L55
Taking into account https://github.com/eclipse/che/issues/19242#issuecomment-796641839 looks like the problem is on workspace-plugin
side, so I'm changing the area to plugins
.
/cc @svor
@azatsarynnyy it sounds like a bug
@tolusha I agree
che-theia is invoking the git command. So if the env variable is there it should work ... we'll investigate
@yeungalan0 could you create a workspace from the devfile on your che deployment in a proxy environment and test how cloning works?
There is a PR with workspace plugin improvements.
Now the plugin checks for http_proxy
, https_proxy
and no_proxy
environment variables and applies them when it runs git
or ssh
.
See the PR to get more details how the fixup was tested.
Describe the bug
When setting up a new eclipse che application using the standard operator with all default settings on an OpenShift cluster behind a proxy with a self signed certificate, everything seems to work except that after workspace creation the initial
git clone
times out, which seems to indicate it's not honoring/aware of the proxies.git clone
on the theia container in my project directory and that succeeds without issuegit clone
seems to ignore themChe version
Steps to reproduce
Expected behavior
Cloning should succeed and pickup the proxy variables set in the environment.
Runtime
kubectl version
)oc version
)minikube version
andkubectl version
)minishift version
andoc version
)docker version
andkubectl version
)Screenshots
Installation method
chectl version
commandEnvironment
Eclipse Che Logs
Log output from theia container:
We also see the below in the theia container logs, but aren't sure if it's related...
Additional context
Related issue: #17017 - This closed issue seems to match what we're seeing exactly
Release Notes
Cloning a git repository failed even if the proxy was configured at the container level. This has been resolved when the editor is Che-Theia.