Bug 1702098
Summary: | cluster-machine-approver is marking CSRs that haven't been approved as approved | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Erica von Buelow <evb> |
Component: | apiserver-auth | Assignee: | Matt Rogers <mrogers> |
Status: | CLOSED ERRATA | QA Contact: | Chuan Yu <chuyu> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 4.1.0 | CC: | aos-bugs, gblomqui, mrogers, somalley |
Target Milestone: | --- | ||
Target Release: | 4.1.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-04 10:47:50 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Erica von Buelow
2019-04-22 23:19:22 UTC
This is most likely due to doing status updates on the informer cache instead of a copy. I've opened https://github.com/openshift/cluster-machine-approver/pull/19 for this. Verified. 4.1.0-0.nightly-2019-04-23-223857 $ curl -s https://storage.googleapis.com/origin-ci-test/logs/release-openshift-ocp-installer-e2e-aws-4.1/58/artifacts/e2e-aws/pods/openshift-cluster-machine-approver_machine-approver-86c845b897-gjm72_machine-approver-controller.log.gz | gunzip | rg 'csr-' I0423 23:03:03.565380 1 main.go:97] CSR csr-crm9v added I0423 23:03:03.617276 1 main.go:149] CSR csr-crm9v approved I0423 23:03:03.625515 1 main.go:97] CSR csr-jp497 added I0423 23:03:03.625587 1 main.go:107] CSR csr-jp497 is already approved I0423 23:03:03.625704 1 main.go:97] CSR csr-mnmd9 added I0423 23:03:03.625756 1 main.go:107] CSR csr-mnmd9 is already approved I0423 23:03:03.625859 1 main.go:97] CSR csr-nhbh7 added I0423 23:03:03.648124 1 main.go:149] CSR csr-nhbh7 approved I0423 23:03:03.648277 1 main.go:97] CSR csr-qgm7v added I0423 23:03:03.648328 1 main.go:107] CSR csr-qgm7v is already approved I0423 23:03:03.648373 1 main.go:97] CSR csr-bhjn8 added I0423 23:03:03.675538 1 main.go:149] CSR csr-bhjn8 approved I0423 23:04:58.590703 1 main.go:97] CSR csr-zv5dw added I0423 23:04:58.614571 1 main.go:123] CSR csr-zv5dw not authorized: Doesn't match expected prefix I0423 23:05:03.836035 1 main.go:97] CSR csr-lg4nl added I0423 23:05:03.864861 1 main.go:123] CSR csr-lg4nl not authorized: Doesn't match expected prefix I0423 23:05:10.835145 1 main.go:97] CSR csr-nnk5m added I0423 23:05:10.899159 1 main.go:149] CSR csr-nnk5m approved I0423 23:05:15.973982 1 main.go:97] CSR csr-wfcm2 added I0423 23:05:15.994951 1 main.go:149] CSR csr-wfcm2 approved I0423 23:05:20.986958 1 main.go:97] CSR csr-xnpbl added I0423 23:05:20.999129 1 main.go:123] CSR csr-xnpbl not authorized: Doesn't match expected prefix I0423 23:05:33.763003 1 main.go:97] CSR csr-gqv2q added I0423 23:05:33.791896 1 main.go:149] CSR csr-gqv2q approved I0423 23:18:07.661499 1 main.go:97] CSR tester-csr-5ht97 added I0423 23:18:07.673536 1 main.go:123] CSR tester-csr-5ht97 not authorized: Doesn't match expected prefix Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758 |