Bug 1803232
Summary: | Keepalived: Ingress VIP Cluster password collisions | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Antoni Segura Puimedon <asegurap> |
Component: | Machine Config Operator | Assignee: | Antoni Segura Puimedon <asegurap> |
Status: | CLOSED ERRATA | QA Contact: | Victor Voronkov <vvoronko> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.4 | CC: | amurdaca, bperkins, smilner, vvoronko |
Target Milestone: | --- | ||
Target Release: | 4.5.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause:
The Ingress Virtual IP management configuration was using a fixed string for its password
Consequence:
If two VRRP keepalived instances in separate clusters had the same Virtual Router ID they would have the same password and potentially join the clusters having the Virtual IP fall where it shouldn't.
Fix:
Make the password change depending on cluster configuration
Result:
Different cluster Ingress Virtual IPs will have a different password.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-07-13 17:15:32 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1810996 |
Description
Antoni Segura Puimedon
2020-02-14 18:30:38 UTC
in process of deploying OCP 4.5, hope to get it today Verified on 4.5.0-0.nightly-2020-03-18-115438 [core@master-0 ~]$ cat /etc/keepalived/keepalived.conf | grep auth_pass auth_pass vvoron-cluster_api_vip auth_pass vvoron-cluster_dns_vip auth_pass vvoron-cluster_ingress_vip Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409 |