Bug 1589929 - CFME httpd pod fail to get started after deployed on ocp-3.9
Summary: CFME httpd pod fail to get started after deployed on ocp-3.9
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.9.0
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ---
: 3.9.z
Assignee: Scott Dodson
QA Contact: Gaoyun Pei
URL:
Whiteboard:
Depends On: 1587825
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-06-11 16:47 UTC by mmariyan
Modified: 2018-07-18 09:19 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
The latest versions of container-selinux prevent pods from running systemd unless container_manage_cgroup is set to true. The installer now sets this boolean to true at install time ensuring that pods with systemd run as expected.
Clone Of: 1587825
Environment:
Last Closed: 2018-07-18 09:18:55 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:2213 None None None 2018-07-18 09:19:28 UTC

Comment 1 Vadim Rutkovsky 2018-06-18 12:33:05 UTC
Fixed by https://github.com/openshift/openshift-ansible/pull/8423, fix is available in  openshift-ansible-3.10.0-0.69.0

Comment 5 Gaoyun Pei 2018-06-19 10:03:55 UTC
We're planning to use PR https://github.com/openshift/openshift-ansible/pull/8684 to address this issue, right? 

But I see the proposed PR for 3.10 and 3.9 both not merged yet.
https://github.com/openshift/openshift-ansible/pull/8838/
https://github.com/openshift/openshift-ansible/pull/8839/

So how about leave this bug tracking for 3.9, and reopen BZ#1587825 tracking for the new PR for 3.10.

Pls correct me if I made something wrong, thanks.

Comment 6 Vadim Rutkovsky 2018-06-19 12:11:35 UTC
(In reply to Gaoyun Pei from comment #5)
> We're planning to use PR
> https://github.com/openshift/openshift-ansible/pull/8684 to address this
> issue, right? 

PR #8684 would enable this setting for all containers - however httpd pod for CFME already has it enabled by https://github.com/openshift/openshift-ansible/pull/8423, so the bug is actually testable now.

Moving back to ON_QA

Comment 7 Gaoyun Pei 2018-06-21 06:39:31 UTC
(In reply to Vadim Rutkovsky from comment #6)
> (In reply to Gaoyun Pei from comment #5)
> > We're planning to use PR
> > https://github.com/openshift/openshift-ansible/pull/8684 to address this
> > issue, right? 
> 
> PR #8684 would enable this setting for all containers - however httpd pod
> for CFME already has it enabled by
> https://github.com/openshift/openshift-ansible/pull/8423, so the bug is
> actually testable now.
> 
> Moving back to ON_QA

Ok, actually the verification of https://github.com/openshift/openshift-ansible/pull/8423 on ocp-3.10 was already done in https://bugzilla.redhat.com/show_bug.cgi?id=1587825#c6. 

This bug was cloned specially for 3.9, so I think it should be verified on ocp-3.9. PR https://github.com/openshift/openshift-ansible/pull/8839/ already merged into release-3.9 branch, waiting for new 3.9 openshift-ansible rpm package to verify it.

Comment 8 Brenton Leanhardt 2018-06-21 12:10:40 UTC
Moving to modified until a new build is ready.

Comment 12 Gaoyun Pei 2018-07-11 03:12:31 UTC
Verify this bug with openshift-ansible-3.9.33-1.git.56.19ba16e.el7.noarch.

After fresh installation, container_manage_cgroup sebool was set to "on" on nodes.
[root@ip-172-18-3-148 ~]# getsebool -a |grep container_manage_cgroup
container_manage_cgroup --> on

Run CFME deployment playbook, all the pods could run well.
[root@ip-172-18-10-128 ~]# oc get pod -n openshift-management
NAME                 READY     STATUS    RESTARTS   AGE
cloudforms-0         1/1       Running   0          10m
httpd-1-fjsd7        1/1       Running   0          9m
memcached-1-gprh8    1/1       Running   0          10m
postgresql-1-pfrk7   1/1       Running   0          10m

CloudForm-4.6 web-console is also available. Move this bug to verified.

Comment 14 errata-xmlrpc 2018-07-18 09:18:55 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2213


Note You need to log in before you can comment on or make changes to this bug.