1310572 – Routes cannot be synced to F5 router

Bug 1310572 - Routes cannot be synced to F5 router

Summary: Routes cannot be synced to F5 router

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	3.2.0
Hardware:	All
OS:	All
Priority:	high
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Eric Paris
QA Contact:	zhaozhanqi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-02-22 09:29 UTC by zhaozhanqi
Modified:	2022-08-04 22:20 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-05-12 16:29:43 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:1064	0	normal	SHIPPED_LIVE	Important: Red Hat OpenShift Enterprise 3.2 security, bug fix, and enhancement update	2016-05-12 20:19:17 UTC

Comment 1 Eric Paris 2016-02-23 16:04:36 UTC

QA: I believe this is fixed by running `oadm policy reconcile-cluster-roles` after you updated the cluster.

Clayton, didn't you just do something for this? We need to build a new F5 image?

Comment 2 Eric Paris 2016-02-23 16:53:44 UTC

Troy, what is the latest ose-f5-router that QA should be trying? I know you recently rebuild the ha-proxy container for clayton's fix to this issue.

QA, you want to try to latest container BEFORE you run the reconcile. As the newest container 'should' work even though you did not upgrade the cluster properly.

Comment 3 Troy Dawson 2016-02-23 17:00:45 UTC

The image built yesterday (which is the latest) is
openshift3/ose-f5-router:v3.1.1.905

If there is a reason the fix wasn't in there, we will be building another one tomorrow, which should be openshift3/ose-f5-router:v3.1.1.905

Comment 4 zhaozhanqi 2016-02-24 04:26:05 UTC

Tested using the latest images :openshift3/ose-f5-router:v3.1.1.905, the routes can be synced to F5 server. 

but there still has error message in F5 router pod:
E0223 23:18:59.762128       1 status.go:163] Unable to write router status - please ensure you reconcile your system policy or grant this router access to update route status: User "system:openshift-router" cannot update routes/status in project "zzhao"

Comment 5 Eric Paris 2016-02-24 13:43:20 UTC

now that we know the new image is working, can you run the reconcile command to see if it fixes the log spam?  reconcile should be run automatically when updating using ansible, as I understand it, but you have to run it yourself when you update things by hand...

Comment 6 Scott Dodson 2016-02-24 14:43:36 UTC

(In reply to Eric Paris from comment #5)
> now that we know the new image is working, can you run the reconcile command
> to see if it fixes the log spam?  reconcile should be run automatically when
> updating using ansible, as I understand it, but you have to run it yourself
> when you update things by hand...

That's correct.

Comment 7 zhaozhanqi 2016-02-25 03:04:25 UTC

Thanks Eric

After I run 'oadm policy reconcile-cluster-roles --additive-only --confirm'
the error message will disappear.

Could you please help set the state to 'ON_QA', I will verify this bug.

Comment 8 zhaozhanqi 2016-02-25 04:56:40 UTC

Verified this bug with openshift3/ose-f5-router:v3.1.1.905 image

Comment 10 errata-xmlrpc 2016-05-12 16:29:43 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2016:1064

Comment 11 Paualsh112 2017-01-14 06:46:37 UTC

As nitass says the forwarding vs is the answer. remember also that when you are running the F5 as the router you need to think about your security and application dependencis such as idle timeout, arb-mac timeout....
What I mean is that you should setup at least 2 forwarding ws IMHO.
<a href="https://productriver.com/best-wireless-routers">best 4 wireless routers</a>

Note You need to log in before you can comment on or make changes to this bug.