Bug 1930791
Summary: | WMCO patch pub-key-hash annotation to Linux node | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | gaoshang <sgao> | |
Component: | Windows Containers | Assignee: | Sebastian Soto <ssoto> | |
Status: | CLOSED ERRATA | QA Contact: | gaoshang <sgao> | |
Severity: | high | Docs Contact: | ||
Priority: | medium | |||
Version: | 4.8 | CC: | aos-bugs, ssoto, team-winc | |
Target Milestone: | --- | |||
Target Release: | 4.8.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | If docs needed, set a value | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1934281 1945247 (view as bug list) | Environment: | ||
Last Closed: | 2021-08-03 20:29:16 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1934281, 1945247, 1945248 |
Description
gaoshang
2021-02-19 15:16:28 UTC
This bug has been verified on OCP 4.8.0-0.nightly-2021-03-06-055252 and passed, thanks. Version: WMCO commit: b0dd4992bf0fb4cdff2b433f6a9ece3960447842 OCP version: 4.8.0-0.nightly-2021-03-06-055252 Steps: After repeat steps in bug, found WMCO is not patching pub-key-hash annotation to Linux node anymore. # oc logs -f deployment.apps/windows-machine-config-operator ... 2021-03-09T02:41:26.532Z DEBUG secret_controller patched node object {"namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "node": "ip-10-0-145-235.us-east-2.compute.internal", "patch": "[{\"op\":\"add\",\"path\":\"/metadata/annotations/windowsmachineconfig.openshift.io~1pub-key-hash\",\"value\":\"\"}]"} 2021-03-09T02:41:26.532Z DEBUG windowsmachine-controller reconciling {"namespace": "openshift-machine-api", "name": "sgao-w886x-windows-worker-us-east-2a-9srsq"} 2021-03-09T02:41:26.540Z DEBUG secret_controller patched node object {"namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "node": "ip-10-0-147-105.us-east-2.compute.internal", "patch": "[{\"op\":\"add\",\"path\":\"/metadata/annotations/windowsmachineconfig.openshift.io~1pub-key-hash\",\"value\":\"\"}]"} 2021-03-09T02:41:26.540Z INFO secret_controller updating secret {"namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "namespace": "openshift-windows-machine-config-operator", "name": "cloud-private-key", "name": "windows-user-data"} Also verified annotations applied by previous versions of WMCO will be removed. Steps: Version: WMCO commit: b0dd4992bf0fb4cdff2b433f6a9ece3960447842 OCP version: 4.8.0-0.nightly-2021-03-06-055252 1, Patch pub-key-hash annotation to Linux node # oc patch node ip-10-0-130-66.us-east-2.compute.internal -p '{"metadata":{"annotations":{"windowsmachineconfig.openshift.io/pub-key-hash":""}}}' node/ip-10-0-130-66.us-east-2.compute.internal patched # oc describe node ip-10-0-130-66.us-east-2.compute.internal | grep -A 20 Annotation Annotations: csi.volume.kubernetes.io/nodeid: {"ebs.csi.aws.com":"i-007263ab6e26bb9eb"} k8s.ovn.org/hybrid-overlay-distributed-router-gateway-mac: 0a:58:0a:80:02:03 k8s.ovn.org/l3-gateway-config: {"default":{"mode":"shared","interface-id":"br-ex_ip-10-0-130-66.us-east-2.compute.internal","mac-address":"02:a2:e6:76:68:36","ip-address... k8s.ovn.org/node-chassis-id: b8cd6f57-7606-41bf-97f7-a31f55e1aa5b k8s.ovn.org/node-local-nat-ip: {"default":["169.254.0.168"]} k8s.ovn.org/node-mgmt-port-mac-address: 2a:b1:8c:ff:42:2c k8s.ovn.org/node-primary-ifaddr: {"ipv4":"10.0.130.66/19"} k8s.ovn.org/node-subnets: {"default":"10.128.2.0/23"} machine.openshift.io/machine: openshift-machine-api/sgao-w886x-worker-us-east-2a-d4zm9 machineconfiguration.openshift.io/currentConfig: rendered-worker-e19e58fb3bc1d744149c30405a03bd64 machineconfiguration.openshift.io/desiredConfig: rendered-worker-e19e58fb3bc1d744149c30405a03bd64 machineconfiguration.openshift.io/reason: machineconfiguration.openshift.io/state: Done volumes.kubernetes.io/controller-managed-attach-detach: true --------------------------------------------------------------------------------------------------- windowsmachineconfig.openshift.io/pub-key-hash: --------------------------------------------------------------------------------------------------- CreationTimestamp: Sun, 07 Mar 2021 23:37:19 -0500 Taints: <none> Unschedulable: false Lease: 2, Restart WMCO by deleting pod, check after WMCO restarted, pub-key-hash annotation on Linux node will be removed. # oc delete pod/windows-machine-config-operator-865cc5d78c-9ghqw pod "windows-machine-config-operator-865cc5d78c-9ghqw" deleted # oc describe node ip-10-0-130-66.us-east-2.compute.internal | grep -A 20 Annotation Annotations: csi.volume.kubernetes.io/nodeid: {"ebs.csi.aws.com":"i-007263ab6e26bb9eb"} k8s.ovn.org/hybrid-overlay-distributed-router-gateway-mac: 0a:58:0a:80:02:03 k8s.ovn.org/l3-gateway-config: {"default":{"mode":"shared","interface-id":"br-ex_ip-10-0-130-66.us-east-2.compute.internal","mac-address":"02:a2:e6:76:68:36","ip-address... k8s.ovn.org/node-chassis-id: b8cd6f57-7606-41bf-97f7-a31f55e1aa5b k8s.ovn.org/node-local-nat-ip: {"default":["169.254.0.168"]} k8s.ovn.org/node-mgmt-port-mac-address: 2a:b1:8c:ff:42:2c k8s.ovn.org/node-primary-ifaddr: {"ipv4":"10.0.130.66/19"} k8s.ovn.org/node-subnets: {"default":"10.128.2.0/23"} machine.openshift.io/machine: openshift-machine-api/sgao-w886x-worker-us-east-2a-d4zm9 machineconfiguration.openshift.io/currentConfig: rendered-worker-e19e58fb3bc1d744149c30405a03bd64 machineconfiguration.openshift.io/desiredConfig: rendered-worker-e19e58fb3bc1d744149c30405a03bd64 machineconfiguration.openshift.io/reason: machineconfiguration.openshift.io/state: Done volumes.kubernetes.io/controller-managed-attach-detach: true CreationTimestamp: Sun, 07 Mar 2021 23:37:19 -0500 Taints: <none> Unschedulable: false Lease: HolderIdentity: ip-10-0-130-66.us-east-2.compute.internal AcquireTime: <unset> *** Bug 1945247 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Red Hat OpenShift Container Platform for Windows Containers 3.0.0 security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3001 |