Cluster installation failed with error code OCM3038: ProxyTimeout

Solution Verified - Updated -

Environment

  • Red Hat OpenShift Service on AWS (ROSA 4)

Issue

  • Cluster installation failed with error code OCM3038: ProxyTimeout.
  • Following error message was observed in install logs:
"error pinging docker registry .+ proxyconnect tcp: dial tcp [^ ]+: i/o timeout"
"error pinging docker registry .+ proxyconnect tcp: dial tcp [^ ]+: connect: connection refused"
"error pinging docker registry .+ proxyconnect tcp: dial tcp [^ ]+: connect: no route to host"

Resolution

The cluster is being installed via a proxy, however the proxy server is refusing or timing out connections.

Please verify the below pre-requisites before re-attempting the installation:

  1. The proxy is running.
  2. The proxy can access the VPC for the cluster and the private subnets of the VPC.
  3. The proxy is also accessible from the VPC for the cluster and from the private subnets of the VPC.
  4. You have added the ec2..amazonaws.com, elasticloadbalancing..amazonaws.com, and s3..amazonaws.com endpoints to your VPC endpoint. These endpoints are required to complete requests from the nodes to the AWS EC2 API. Because the proxy works at the container level and not at the node level, you must route these requests to the AWS EC2 API through the AWS private network. Adding the public IP address of the EC2 API to your allowlist in your proxy server is not enough.
  5. Verify firewall prerequisites as per our official documentation.

If you need help from Red Hat, please open a support case with us by clicking here.

Root Cause

OCM3038 is observed when the proxy server is refusing or timing out connections. This impacts your cluster's network egress, including ability to pull system images, run cluster operators, manage instances and perform upgrade-related actions. Before re-attempting installation, customers should review their proxy server's state and configuration.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments