1861303 – The rmholdoff toggle pod should not be created in file integrity operator

Bug 1861303 - The rmholdoff toggle pod should not be created in file integrity operator

Summary: The rmholdoff toggle pod should not be created in file integrity operator

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	File Integrity Operator
Sub Component:
Version:	4.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.6.0
Assignee:	Juan Antonio Osorio
QA Contact:	xiyuan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-07-28 09:15 UTC by xiyuan
Modified:	2020-10-27 16:21 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-10-27 16:17:40 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift file-integrity-operator pull 104	0	None	closed	Bug 1861303: Migrate holdoff logic to daemonset	2021-01-05 06:25:27 UTC
Red Hat Product Errata	RHBA-2020:4196	0	None	None	None	2020-10-27 16:21:06 UTC

Description xiyuan 2020-07-28 09:15:58 UTC

Description:
The rmholdoff toggle pod should not create in file integrity operator as re-init and holdoff actions should be handled by AIDE daemonset

Version-Release number of selected component (if applicable):
4.6.0-0.nightly-2020-07-25-091217

How reproducible:
Always

Steps:
1.  Deploy File integrity operator(https://github.com/openshift/file-integrity-operator) by below step:
$ oc create -f file-integrity-operator/deploy/ns.yaml
$ oc project openshift-file-integrity
$ for l in `ls -1 file-integrity-operator/deploy/crds/*crd.yaml`; do oc create -f $l; done
$ oc create -f file-integrity-operator/deploy/
$ oc create -f file-integrity-operator/deploy/crds/fileintegrity.openshift.io_v1alpha1_fileintegrity_cr.yaml

Actual result:
The rmholdoff toggle pods are getting created in file integrity operator
$ oc get all
NAME                                                       READY   STATUS            RESTARTS   AGE
pod/aide-ds-example-fileintegrity-9tnrt                    0/2     PodInitializing   0          39s
pod/aide-ds-example-fileintegrity-ggkfs                    0/2     Init:0/1          0          39s
pod/aide-ds-example-fileintegrity-j5n7m                    0/2     Init:0/1          0          39s
pod/aide-ds-example-fileintegrity-nl67l                    0/2     Init:0/1          0          39s
pod/aide-ds-example-fileintegrity-txfgt                    0/2     Init:0/1          0          40s
pod/aide-ds-example-fileintegrity-vwxl8                    0/2     PodInitializing   0          39s
pod/file-integrity-operator-7467f6fd47-wlxkt               1/1     Running           0          63s
pod/ip-10-0-132-151.us-east-2.compute.internal-rmholdoff   0/1     Completed         0          39s
pod/ip-10-0-134-244.us-east-2.compute.internal-rmholdoff   0/1     Completed         0          39s
pod/ip-10-0-187-160.us-east-2.compute.internal-rmholdoff   0/1     Completed         0          39s
pod/ip-10-0-190-198.us-east-2.compute.internal-rmholdoff   0/1     Completed         0          39s
pod/ip-10-0-203-130.us-east-2.compute.internal-rmholdoff   0/1     Completed         0          39s
pod/ip-10-0-219-96.us-east-2.compute.internal-rmholdoff    0/1     Completed         0          40s

Expect result:
According to https://issues.redhat.com/browse/CMP-629, the re-init and holdoff actions should be collapsed with the logcollector into a sidecar for the AIDE daemonset. The "rmholdoff" toggle pod should not be created as re-init and holdoff actions should be handled by AIDE daemonset

Comment 2 Juan Antonio Osorio 2020-08-17 11:19:31 UTC

This is a valid concern; And, additionally, we could have the issue that some node is tainted and the rmholdoff can't be executed. We need to re-think this feature.

Comment 9 errata-xmlrpc 2020-10-27 16:17:40 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196

Comment 10 errata-xmlrpc 2020-10-27 16:21:04 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196

Note You need to log in before you can comment on or make changes to this bug.