1686336 – [3.10] Failed to mount iscsi on atomic host

Bug 1686336 - [3.10] Failed to mount iscsi on atomic host

Summary: [3.10] Failed to mount iscsi on atomic host

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Storage
Sub Component:
Version:	3.10.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	3.10.z
Assignee:	Jan Safranek
QA Contact:	Liang Xia
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1686266
TreeView+	depends on / blocked

Reported:	2019-03-07 09:47 UTC by Liang Xia
Modified:	2019-06-11 09:31 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	The node system container did not properly mount /var/lib/iscsi rw, now it does avoiding problems mounting iscsi volumes.
Clone Of:
Environment:
Last Closed:	2019-06-11 09:30:48 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2019:0786	0	None	None	None	2019-06-11 09:30:59 UTC

Description Liang Xia 2019-03-07 09:47:37 UTC

Description of problem:
Set up OCP with atomic host, trying to use iscsi in the pod.
Pod failed with below error:
  Warning  FailedMount             10s (x6 over 26s)  kubelet, qe-lxia-310node-2  MountVolume.WaitForAttach failed for volume "pv-iscsi-zojca" : failed to get any path for iscsi disk, last err seen:
iscsi: failed to sendtargets to portal 172.30.109.235:3260 output: iscsiadm: Could not make dir /var/lib/iscsi/send_targets/172.30.109.235,3260 err 30
iscsiadm: Could not open /var/lib/iscsi/send_targets/172.30.109.235,3260: Read-only file system
iscsiadm: Could not add new discovery record.
, err exit status 6


Version-Release number of selected component (if applicable):
oc v3.10.119
kubernetes v1.10.0+b81c8f8
features: Basic-Auth GSSAPI Kerberos SPNEGO

# cat /etc/redhat-release 
Red Hat Enterprise Linux Atomic Host release 7.5

# cat /etc/os-release 
NAME="Red Hat Enterprise Linux Atomic Host"
VERSION="7.5.3"
ID="rhel"
ID_LIKE="fedora"
VARIANT="Atomic Host"
VARIANT_ID=atomic.host
VERSION_ID="7.5"
PRETTY_NAME="Red Hat Enterprise Linux Atomic Host 7.5.3"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:7.5:GA:atomic-host"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 7"
REDHAT_BUGZILLA_PRODUCT_VERSION="7.5"
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="7.5"
OSTREE_VERSION=7.5.3


How reproducible:
Always

Steps to Reproduce:
1. Setup OCP with RHEL atomic host.
2. Try to create a pod with iscsi.
3. Check the pod.

Actual results:
# oc get pod -n zojca 
NAME          READY     STATUS              RESTARTS   AGE
iscsi-zojca   0/1       ContainerCreating   0          3m

# oc describe iscsi-zojca pod -n zojca 
error: the server doesn't have a resource type "iscsi-zojca"
[root@qe-lxia-310master-etcd-1 ~]# oc describe pod iscsi-zojca  -n zojca 
Name:         iscsi-zojca
Namespace:    zojca
Node:         qe-lxia-310node-2/10.240.0.181
Start Time:   Thu, 07 Mar 2019 09:40:36 +0000
Labels:       name=iscsi
Annotations:  openshift.io/scc=privileged
Status:       Pending
IP:           
Containers:
  iscsi:
    Container ID:   
    Image:          jhou/hello-openshift
    Image ID:       
    Port:           <none>
    Host Port:      <none>
    State:          Waiting
      Reason:       ContainerCreating
    Ready:          False
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /mnt/iscsi from iscsi (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-gfbf8 (ro)
Conditions:
  Type           Status
  Initialized    True 
  Ready          False 
  PodScheduled   True 
Volumes:
  iscsi:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  pvc-iscsi-zojca
    ReadOnly:   false
  default-token-gfbf8:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-gfbf8
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  node-role.kubernetes.io/compute=true
Tolerations:     <none>
Events:
  Type     Reason                  Age              From                        Message
  ----     ------                  ----             ----                        -------
  Normal   Scheduled               4m               default-scheduler           Successfully assigned iscsi-zojca to qe-lxia-310node-2
  Normal   SuccessfulAttachVolume  4m               attachdetach-controller     AttachVolume.Attach succeeded for volume "pv-iscsi-zojca"
  Warning  FailedMount             2m               kubelet, qe-lxia-310node-2  Unable to mount volumes for pod "iscsi-zojca_zojca(0f99db82-40bd-11e9-ba5a-42010af000b2)": timeout expired waiting for volumes to attach or mount for pod "zojca"/"iscsi-zojca". list of unmounted volumes=[iscsi]. list of unattached volumes=[iscsi default-token-gfbf8]
  Warning  FailedMount             1m (x9 over 4m)  kubelet, qe-lxia-310node-2  MountVolume.WaitForAttach failed for volume "pv-iscsi-zojca" : failed to get any path for iscsi disk, last err seen:
iscsi: failed to sendtargets to portal 172.30.109.235:3260 output: iscsiadm: Could not make dir /var/lib/iscsi/send_targets/172.30.109.235,3260 err 30
iscsiadm: Could not open /var/lib/iscsi/send_targets/172.30.109.235,3260: Read-only file system
iscsiadm: Could not add new discovery record.
, err exit status 6


Expected results:
Pod is up and running.

Comment 1 Liang Xia 2019-03-07 09:49:05 UTC

The issue exist on atomic host + system container, but does not exist on atomic host + docker container.

Comment 2 Liang Xia 2019-03-07 09:52:16 UTC

Related bug, https://bugzilla.redhat.com/show_bug.cgi?id=1598271

Comment 3 Jan Safranek 2019-03-11 12:53:05 UTC

Filled https://github.com/openshift/origin/pull/22289

In the meantime, can you please check that it really helps? Follow https://bugzilla.redhat.com/show_bug.cgi?id=1598271#c1 and report any issues. Jenkins has failed to give me 3.10 on Atomic Host.

Comment 4 Liang Xia 2019-03-12 01:42:49 UTC

PR https://github.com/openshift/origin/pull/22289 merged.

Comment 5 Liang Xia 2019-03-13 01:04:31 UTC

Build is ready,

Changelog 	
* Mon Mar 11 2019 AOS Automation Release Team <aos-team-art> 3.10.125-1
- Bindmount /var/lib/iscsi rw for iscsi attach (mawong)

Comment 6 Wenqi He 2019-03-22 06:43:03 UTC

Tested on below version:
openshift v3.10.127
kubernetes v1.10.0+b81c8f8

# uname -a
Linux ip-172-18-6-162.ec2.internal 3.10.0-862.11.6.el7.x86_64 #1 SMP Fri Aug 10 16:55:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

# cat /etc/redhat-release 
Red Hat Enterprise Linux Atomic Host release 7.5

ISCSI works well.

# oc get pods -n pxdtd
NAME          READY     STATUS    RESTARTS   AGE
iscsi-pxdtd   1/1       Running   0          16m

# oc exec -it iscsi-pxdtd -n pxdtd bash
bash-4.2$ ls /mnt/iscsi/
hello  iscsi_testfile  lost+found
bash-4.2$ touch /mnt/iscsi/wehe
bash-4.2$ ls /mnt/iscsi/
hello  iscsi_testfile  lost+found  wehe
bash-4.2$ exit

Comment 10 errata-xmlrpc 2019-06-11 09:30:48 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0786

Note You need to log in before you can comment on or make changes to this bug.