Bug 1310572 - Routes cannot be synced to F5 router
Routes cannot be synced to F5 router
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Routing (Show other bugs)
3.2.0
All All
high Severity medium
: ---
: ---
Assigned To: Eric Paris
zhaozhanqi
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-02-22 04:29 EST by zhaozhanqi
Modified: 2017-01-14 01:46 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-05-12 12:29:43 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 1 Eric Paris 2016-02-23 11:04:36 EST
QA: I believe this is fixed by running `oadm policy reconcile-cluster-roles` after you updated the cluster.

Clayton, didn't you just do something for this? We need to build a new F5 image?
Comment 2 Eric Paris 2016-02-23 11:53:44 EST
Troy, what is the latest ose-f5-router that QA should be trying? I know you recently rebuild the ha-proxy container for clayton's fix to this issue.

QA, you want to try to latest container BEFORE you run the reconcile. As the newest container 'should' work even though you did not upgrade the cluster properly.
Comment 3 Troy Dawson 2016-02-23 12:00:45 EST
The image built yesterday (which is the latest) is
openshift3/ose-f5-router:v3.1.1.905

If there is a reason the fix wasn't in there, we will be building another one tomorrow, which should be openshift3/ose-f5-router:v3.1.1.905
Comment 4 zhaozhanqi 2016-02-23 23:26:05 EST
Tested using the latest images :openshift3/ose-f5-router:v3.1.1.905, the routes can be synced to F5 server. 

but there still has error message in F5 router pod:
E0223 23:18:59.762128       1 status.go:163] Unable to write router status - please ensure you reconcile your system policy or grant this router access to update route status: User "system:openshift-router" cannot update routes/status in project "zzhao"
Comment 5 Eric Paris 2016-02-24 08:43:20 EST
now that we know the new image is working, can you run the reconcile command to see if it fixes the log spam?  reconcile should be run automatically when updating using ansible, as I understand it, but you have to run it yourself when you update things by hand...
Comment 6 Scott Dodson 2016-02-24 09:43:36 EST
(In reply to Eric Paris from comment #5)
> now that we know the new image is working, can you run the reconcile command
> to see if it fixes the log spam?  reconcile should be run automatically when
> updating using ansible, as I understand it, but you have to run it yourself
> when you update things by hand...

That's correct.
Comment 7 zhaozhanqi 2016-02-24 22:04:25 EST
Thanks Eric

After I run 'oadm policy reconcile-cluster-roles --additive-only --confirm'
the error message will disappear.

Could you please help set the state to 'ON_QA', I will verify this bug.
Comment 8 zhaozhanqi 2016-02-24 23:56:40 EST
Verified this bug with openshift3/ose-f5-router:v3.1.1.905 image
Comment 10 errata-xmlrpc 2016-05-12 12:29:43 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2016:1064
Comment 11 Paualsh112 2017-01-14 01:46:37 EST
As nitass says the forwarding vs is the answer. remember also that when you are running the F5 as the router you need to think about your security and application dependencis such as idle timeout, arb-mac timeout....
What I mean is that you should setup at least 2 forwarding ws IMHO.
<a href="https://productriver.com/best-wireless-routers">best 4 wireless routers</a>

Note You need to log in before you can comment on or make changes to this bug.