Trying to deploy RHOSP 16.1 on a KVM behind a proxy

Hi..

I've been struggling with deploying director on a KVM that I have on RHEL machine in a lab, not for production purposes, but to learn about Openstack.

I created the VM with with external access (ie; what I ssh to from the host) via the default NAT'd network 192.168.122.0/24 on eth0 and created a private network 192.168.24.1/24 on eth1 that is NOT nat'd.

Because I have to go through a proxy to get to the outside world (redhat.com, image registry, etc), I have defined the following in /etc/environment:

HTTP_PROXY=http://web-proxy.corp.corp.net:8080/
HTTPS_PROXY=http://web-proxy.corp.corp.net:8080/
NO_PROXY=127.0.0.1,localhost,.localdomain

I honestly am a bit puzzled about what should be the value of NO_PROXY and whether or not it is case sensitive. I get really far in deployment before falling apart and then fall into this pit:

TASK [Wait for puppet host configuration to finish] *************************************************************************
Thursday 04 February 2021 23:23:39 +0000 (0:00:00.539) 0:10:00.389 *****
WAITING FOR COMPLETION: Wait for puppet host configuration to finish (1200 retries left).

This counts down until it fails. Besides the generic failure at line 1328, it complains it can't get to director.localdomain with a 503 if I recall correctly . It's in the middle of failing as I write this so can't check.

images get downloaded but no containers start. btr-ctlplane gets created

This suggests to me that the NO_PROXY isn't broad enough, but I think it should be based on the director installation guide:

"The no_proxy variable primarily uses domain names (www.example.com), domain suffixes (example.com), and domains with a wildcard (*.example.com). Most Red Hat OpenStack Platform services interpret IP addresses in no_proxy but certain services, such as container health checks, do not interpret IP addresses in the no_proxy environment variable due to limitations with cURL and wget. To use a system-wide proxy with the undercloud, disable container health checks with the container_healthcheck_disabled parameter in the undercloud.conf file during installation."

When I look at /etc/hosts at this stage, ansible has modified the top part to show:

192.168.24.2 director.localdomain director
192.168.24.2 director.external.localdomain director.external
192.168.24.2 director.ctlplane.localdomain director.ctlplane

It seems that no_proxy for any localdomain domain should do it.

I also saw in Openshift manual:

OpenShift Container Platform does not accept * as a wildcard attached to a domain suffix.

I'm ass-u-ming that this would also apply to Openstack but not sure.

What I am also unclear about is whether the environment variable is case sensitive or not. While Openstack has the lower-case variant, the Openshift manuals do not.

Thoughts on what the right values for no_proxy/NO_PROXY should be based on this config?

Thanks,

Rick
ps. In case my undercloud.conf is useful:

[DEFAULT]
cleanup = false
container_healthcheck_disabled = true
container_images_file = /home/stack/containers-prepare-parameter.yaml
custom_env_files = /home/stack/templates/custom-undercloud-params.yaml
local_interface = eth1
local_ip = 192.168.24.2/24
local_subnet = ctlplane-subnet
overcloud_domain_name = localdomain
undercloud_admin_host = 192.168.24.3
undercloud_debug = true
undercloud_hostname = director.ertlinux.lab
undercloud_log_file = install-undercloud.log
undercloud_nameservers = 192.168.122.1
undercloud_public_host = 192.168.24.2
undercloud_timezone = UTC
[ctlplane-subnet]
cidr = 192.168.24.0/24
dhcp_start = 192.168.24.5
dhcp_end = 192.168.24.24
inspection_iprange = 192.168.24.100,192.168.24.120
gateway = 192.168.24.1
masquerade = true