Bug 1776079
| Summary: | Cloud Credential Operator tries to create existing Azure Role Assignments every 10 hours triggering alerts in Azure | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Joel Pearson <japearson> | ||||||
| Component: | Cloud Credential Operator | Assignee: | Joel Diaz <jdiaz> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Xiaoli Tian <xtian> | ||||||
| Severity: | low | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 4.2.z | CC: | jdiaz | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | 4.4.0 | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: |
Cause: Reconciling a CredentialsRequest would attempt to create a role assignment that already exists.
Consequence: Azure logs would show "create role assignment" errors.
Fix: Check for existing role assignment to avoid creating one that already exists.
Result: Less messages in Azure logs.
|
Story Points: | --- | ||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2020-05-04 11:16:28 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 1639343 [details]
Azure error json
Verified on 4.4.0-0.nightly-2019-12-09-012357 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0581 |
Created attachment 1639342 [details] Cloud credential operator logs Description of problem: Cloud Credential Operator (CCO) tries to create existing Azure Role Assignments every 10 hours triggering alerts in Azure. Version-Release number of selected component (if applicable): 4.2.7 How reproducible: It always happens every 10 hours Steps to Reproduce: 1. Install an Azure cluster 2. Wait until it tries to renew the azure credentials (every 10 hours it looks like) 3. CCO won't report any errors 4. Go into the Azure console, and open the resource group that openshift is installed in, open the activity log, and change the event severity to exclude informational events. Look for any "Create role assignment" errors. Actual results: There are 3 "Create role assignment" errors, presumably one for each of the 3 tracked credential requests. Expected results: No errors, I would expect that the CCO wouldn't try to create credentials that already exist, which trigger Azure errors. Additional info: