QA: I believe this is fixed by running `oadm policy reconcile-cluster-roles` after you updated the cluster. Clayton, didn't you just do something for this? We need to build a new F5 image?
Troy, what is the latest ose-f5-router that QA should be trying? I know you recently rebuild the ha-proxy container for clayton's fix to this issue. QA, you want to try to latest container BEFORE you run the reconcile. As the newest container 'should' work even though you did not upgrade the cluster properly.
The image built yesterday (which is the latest) is openshift3/ose-f5-router:v3.1.1.905 If there is a reason the fix wasn't in there, we will be building another one tomorrow, which should be openshift3/ose-f5-router:v3.1.1.905
Tested using the latest images :openshift3/ose-f5-router:v3.1.1.905, the routes can be synced to F5 server. but there still has error message in F5 router pod: E0223 23:18:59.762128 1 status.go:163] Unable to write router status - please ensure you reconcile your system policy or grant this router access to update route status: User "system:openshift-router" cannot update routes/status in project "zzhao"
now that we know the new image is working, can you run the reconcile command to see if it fixes the log spam? reconcile should be run automatically when updating using ansible, as I understand it, but you have to run it yourself when you update things by hand...
(In reply to Eric Paris from comment #5) > now that we know the new image is working, can you run the reconcile command > to see if it fixes the log spam? reconcile should be run automatically when > updating using ansible, as I understand it, but you have to run it yourself > when you update things by hand... That's correct.
Thanks Eric After I run 'oadm policy reconcile-cluster-roles --additive-only --confirm' the error message will disappear. Could you please help set the state to 'ON_QA', I will verify this bug.
Verified this bug with openshift3/ose-f5-router:v3.1.1.905 image
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2016:1064
As nitass says the forwarding vs is the answer. remember also that when you are running the F5 as the router you need to think about your security and application dependencis such as idle timeout, arb-mac timeout.... What I mean is that you should setup at least 2 forwarding ws IMHO. <a href="https://productriver.com/best-wireless-routers">best 4 wireless routers</a>