Bug 2265124

Summary: [4.15] Move cephFS fencing under a new flag to trigger networkFence
Product: [Red Hat Storage] Red Hat OpenShift Data Foundation Reporter: Subham Rai <srai>
Component: rookAssignee: Subham Rai <srai>
Status: CLOSED ERRATA QA Contact: Joy John Pinto <jopinto>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 4.15CC: ebenahar, mrajanna, muagarwa, odf-bz-bot, tnielsen
Target Milestone: ---   
Target Release: ODF 4.15.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 4.15.0-149 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-03-19 15:32:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2262070, 2259668    
Bug Blocks:    

Comment 7 Joy John Pinto 2024-02-28 10:37:40 UTC 
Verified with OCP 4.15(4.15.0-0.nightly-2024-02-27-181650) and ODF 4.15.0-150

Created a cephfs deployment pod and upon adding taint label with command 'oc adm taint nodes <node> node.kubernetes.io/out-of-service=nodeshutdown:NoExecute', networkfence is not created

[jopinto@jopinto ceph-csi]$ oc get pods -o wide
NAME                               READY   STATUS    RESTARTS   AGE   IP            NODE        NOMINATED NODE   READINESS GATES
logwriter-cephfs-76fbfb679-srdm2   1/1     Running   0          13s   10.129.2.41   compute-1   <none>           <none>

[jopinto@jopinto ceph-csi]$ oc adm taint nodes compute-1 node.kubernetes.io/out-of-service=nodeshutdown:NoExecute
node/compute-1 tainted
[jopinto@jopinto ceph-csi]$ oc get networkfences.csiaddons.openshift.io  
No resources found
[jopinto@jopinto ceph-csi]$ oc get networkfences.csiaddons.openshift.io  
No resources found
[jopinto@jopinto ceph-csi]$ oc get networkfences.csiaddons.openshift.io  
No resources found
[jopinto@jopinto ceph-csi]$ oc get networkfences.csiaddons.openshift.io  
No resources found
[jopinto@jopinto ceph-csi]$ oc adm taint nodes compute-1 node.kubernetes.io/out-of-service=nodeshutdown:NoExecute-
node/compute-1 untainted


Also tried same scenario with rbd deployment pod, upon tainting the node, network fence gets created and upon untainting it gets removed.

[jopinto@jopinto ceph-csi]$ oc get pods -o wide
NAME                               READY   STATUS    RESTARTS   AGE     IP            NODE        NOMINATED NODE   READINESS GATES
logwriter-cephfs-76fbfb679-7r5kn   1/1     Running   0          23m     10.131.0.36   compute-0   <none>           <none>
logwriter-rbd-new-0                1/1     Running   0          5m55s   10.129.2.51   compute-1   <none>           <none>
[jopinto@jopinto ceph-csi]$ oc adm taint nodes compute-1 node.kubernetes.io/out-of-service=nodeshutdown:NoExecute
node/compute-1 tainted
[jopinto@jopinto ceph-csi]$ oc get networkfences.csiaddons.openshift.io  
NAME                              DRIVER                               CIDRS               FENCESTATE   AGE   RESULT
compute-1-rbd-openshift-storage   openshift-storage.rbd.csi.ceph.com   ["100.64.0.7/32"]   Fenced       19m   Succeeded
[jopinto@jopinto ceph-csi]$ oc adm taint nodes compute-1 node.kubernetes.io/out-of-service=nodeshutdown:NoExecute-
node/compute-1 untainted
[jopinto@jopinto ceph-csi]$ oc get networkfences.csiaddons.openshift.io  
No resources found
Comment 10 errata-xmlrpc 2024-03-19 15:32:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.15.0 security, enhancement, & bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:1383