Bug 1817304 - [OCP V4.5] The `aggregator-pod` goes in CrashLoopBackOff status and reports "Could not create remediation objects: scan example-compliancescan has no role assignment" error
Summary: [OCP V4.5] The `aggregator-pod` goes in CrashLoopBackOff status and reports "...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Compliance Operator
Version: 4.5
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.6.0
Assignee: Jakub Hrozek
QA Contact: Prashant Dhamdhere
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-03-26 04:42 UTC by Prashant Dhamdhere
Modified: 2020-10-27 15:56 UTC (History)
4 users (show)

Fixed In Version: v0.1.10
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 15:56:40 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 15:56:56 UTC

Comment 6 Prashant Dhamdhere 2020-07-27 12:07:00 UTC
Verified on 4.6.0-0.nightly-2020-07-25-091217

The `aggregator-pod` does not report any error now. The compliancescan performed successfully and 
it is able to create remediation objects.

$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.6.0-0.nightly-2020-07-25-091217   True        False         7h20m   Cluster version is 4.6.0-0.nightly-2020-07-25-091217


$ oc get pods
NAME                                                         READY   STATUS      RESTARTS   AGE
aggregator-pod-worker-scan                                   0/1     Completed   0          2m39s
compliance-operator-6784f9b59c-6pkpt                         1/1     Running     0          5h11m
compliance-operator-6784f9b59c-fcrw6                         1/1     Running     0          5h11m
compliance-operator-6784f9b59c-j6lxg                         1/1     Running     0          5h11m
ocp4-pp-dcb8bc5b5-tdxg8                                      1/1     Running     0          5h10m
rhcos4-pp-58466496cf-wwnd6                                   1/1     Running     0          5h10m
worker-scan-ip-10-0-140-38.us-east-2.compute.internal-pod    0/2     Completed   0          5m39s
worker-scan-ip-10-0-162-121.us-east-2.compute.internal-pod   0/2     Completed   0          5m39s
worker-scan-ip-10-0-214-158.us-east-2.compute.internal-pod   0/2     Completed   0          5m39s

$ oc logs aggregator-pod-worker-scan -c log-collector |tail
{"level":"info","ts":1595851099.7756462,"logger":"cmd","msg":"Creating object","kind":"","name":"worker-scan-audit-rules-unsuccessful-file-modification-openat-o-creat"}
{"level":"info","ts":1595851099.8279018,"logger":"cmd","msg":"Getting ComplianceCheckResult","ComplianceCheckResult.Name":"worker-scan-audit-rules-privileged-commands-passwd","ComplianceCheckResult.Namespace":"openshift-compliance"}
{"level":"info","ts":1595851099.8746994,"logger":"cmd","msg":"Creating object","kind":"","name":"worker-scan-audit-rules-privileged-commands-passwd"}
{"level":"info","ts":1595851099.927724,"logger":"cmd","msg":"Getting ComplianceRemediation","ComplianceRemediation.Name":"worker-scan-audit-rules-privileged-commands-passwd","ComplianceRemediation.Namespace":"openshift-compliance"}
{"level":"info","ts":1595851099.933761,"logger":"cmd","msg":"Creating object","kind":"","name":"worker-scan-audit-rules-privileged-commands-passwd"}
{"level":"info","ts":1595851099.9426033,"logger":"cmd","msg":"Getting ComplianceCheckResult","ComplianceCheckResult.Name":"worker-scan-wireless-disable-in-bios","ComplianceCheckResult.Namespace":"openshift-compliance"}
{"level":"info","ts":1595851099.9757414,"logger":"cmd","msg":"Creating object","kind":"","name":"worker-scan-wireless-disable-in-bios"}
{"level":"info","ts":1595851100.0286891,"logger":"cmd","msg":"Getting ComplianceCheckResult","ComplianceCheckResult.Name":"worker-scan-configure-usbguard-auditbackend","ComplianceCheckResult.Namespace":"openshift-compliance"}
{"level":"info","ts":1595851100.0747726,"logger":"cmd","msg":"Creating object","kind":"","name":"worker-scan-configure-usbguard-auditbackend"}
{"level":"info","ts":1595851100.128469,"logger":"cmd","msg":"Annotating ConfigMaps"}

]$ oc get compliancescan
NAME          PHASE   RESULT
worker-scan   DONE    NON-COMPLIANT

Comment 8 errata-xmlrpc 2020-10-27 15:56:40 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.