Bug 1798666

Summary: Catalog Operator pod hangs indefinitely if it can't reach the api server when starting
Product: OpenShift Container Platform Reporter: Ben Luddy <bluddy>
Component: OLMAssignee: Ben Luddy <bluddy>
OLM sub component: OLM QA Contact: Bruno Andrade <bandrade>
Status: CLOSED ERRATA Docs Contact:
Severity: unspecified    
Priority: unspecified CC: bbrownin, bluddy, jiazha, kuiwang, scolange, tbuskey
Version: 4.2.z   
Target Milestone: ---   
Target Release: 4.2.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1798135 Environment:
Last Closed: 2020-04-14 11:58:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1798665    
Bug Blocks:    

Description Ben Luddy 2020-02-05 18:33:54 UTC 
+++ This bug was initially created as a clone of Bug #1798135 +++

Description of problem:

In a long-running cluster, I noticed that newly deployed CatalogSource objects were not being reconciled at all. After some digging, I found the following in the catalog-operator pod logs:


$ oc logs catalog-operator-754858b4d7-gphgx -n openshift-operator-lifecycle-manager
time="2020-01-20T17:43:28Z" level=info msg="log level info"
time="2020-01-20T17:43:28Z" level=info msg="TLS keys set, using https for metrics"
time="2020-01-20T17:43:28Z" level=info msg="Using in-cluster kube client config"
time="2020-01-20T17:43:28Z" level=info msg="Using in-cluster kube client config"
time="2020-01-20T17:43:28Z" level=info msg="Using in-cluster kube client config"
time="2020-01-20T17:43:28Z" level=info msg="operator not ready: communicating with server failed: Get https://172.30.0.1:443/version?timeout=32s: dial tcp 172.30.0.1:443: connect: connection refused"



Version-Release number of selected component (if applicable):

Observed on a 4.2.14 cluster


How reproducible:

This only happens if there's an issue contacting the Kubernetes api servers when the catalog operator pod boots. If there is an issue, the error handling logic in the pod has a gap today where the pod still reports as healthy, the pod continues to run, but it never retries contacting the kubernetes api server nor does it ever start reconciling OLM objects.

Something around https://github.com/operator-framework/operator-lifecycle-manager/blob/7d6665d6585a733356c2fbc0919a047de244f59b/pkg/lib/queueinformer/queueinformer_operator.go#L193 is where the logic is letting things get in this hung state.


Steps to Reproduce:

I'm not sure how easy it will be to reproduce this on-demand. An error contacting the K8s api server needs to happen when the pod boots. An integration or unit test in the code of the catalog operator should be able to reproduce this at all, but that's not quite the same as reproducing it in a live cluster.

Actual results:

The catalog operator pod stays running but does not do its job. Once it gets in this state, no OLM objects managed by this operator get reconciled and thus new CatalogSources and such do not work.

Expected results:

The catalog operator pod should be able to recover from a failure contacting the kuberntes api server.


Additional info:
Comment 3 Bruno Andrade 2020-04-03 14:06:03 UTC 
After 21 hours, seeing catalog operator keeps running and healthy. Could add and remove operators without any issue. Marking as VERIFIED

OCP version: 4.2.0-0.nightly-2020-04-03-004103
OLM version: 0.11.0
git commit: 1aae23766f1f444916a01b18c34df8db32a87fc6

oc get pods -n openshift-operator-lifecycle-manager   
NAME                                READY   STATUS    RESTARTS   AGE
catalog-operator-64f79dfc88-ws2n5   1/1     Running   0          21h
olm-operator-7bf775b4d4-2b99x       1/1     Running   0          21h
packageserver-5ff6b7d5b6-fmqm7      1/1     Running   0          21h
packageserver-5ff6b7d5b6-x7ct4      1/1     Running   0          21h
Comment 5 errata-xmlrpc 2020-04-14 11:58:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1398