Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1861303

Summary: The rmholdoff toggle pod should not be created in file integrity operator
Product: OpenShift Container Platform Reporter: xiyuan
Component: File Integrity OperatorAssignee: Juan Antonio Osorio <josorior>
Status: CLOSED ERRATA QA Contact: xiyuan
Severity: medium Docs Contact:
Priority: medium    
Version: 4.6CC: jhrozek, josorior, nkinder, pdhamdhe
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-27 16:17:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description xiyuan 2020-07-28 09:15:58 UTC
Description:
The rmholdoff toggle pod should not create in file integrity operator as re-init and holdoff actions should be handled by AIDE daemonset

Version-Release number of selected component (if applicable):
4.6.0-0.nightly-2020-07-25-091217

How reproducible:
Always

Steps:
1.  Deploy File integrity operator(https://github.com/openshift/file-integrity-operator) by below step:
$ oc create -f file-integrity-operator/deploy/ns.yaml
$ oc project openshift-file-integrity
$ for l in `ls -1 file-integrity-operator/deploy/crds/*crd.yaml`; do oc create -f $l; done
$ oc create -f file-integrity-operator/deploy/
$ oc create -f file-integrity-operator/deploy/crds/fileintegrity.openshift.io_v1alpha1_fileintegrity_cr.yaml

Actual result:
The rmholdoff toggle pods are getting created in file integrity operator
$ oc get all
NAME                                                       READY   STATUS            RESTARTS   AGE
pod/aide-ds-example-fileintegrity-9tnrt                    0/2     PodInitializing   0          39s
pod/aide-ds-example-fileintegrity-ggkfs                    0/2     Init:0/1          0          39s
pod/aide-ds-example-fileintegrity-j5n7m                    0/2     Init:0/1          0          39s
pod/aide-ds-example-fileintegrity-nl67l                    0/2     Init:0/1          0          39s
pod/aide-ds-example-fileintegrity-txfgt                    0/2     Init:0/1          0          40s
pod/aide-ds-example-fileintegrity-vwxl8                    0/2     PodInitializing   0          39s
pod/file-integrity-operator-7467f6fd47-wlxkt               1/1     Running           0          63s
pod/ip-10-0-132-151.us-east-2.compute.internal-rmholdoff   0/1     Completed         0          39s
pod/ip-10-0-134-244.us-east-2.compute.internal-rmholdoff   0/1     Completed         0          39s
pod/ip-10-0-187-160.us-east-2.compute.internal-rmholdoff   0/1     Completed         0          39s
pod/ip-10-0-190-198.us-east-2.compute.internal-rmholdoff   0/1     Completed         0          39s
pod/ip-10-0-203-130.us-east-2.compute.internal-rmholdoff   0/1     Completed         0          39s
pod/ip-10-0-219-96.us-east-2.compute.internal-rmholdoff    0/1     Completed         0          40s

Expect result:
According to https://issues.redhat.com/browse/CMP-629, the re-init and holdoff actions should be collapsed with the logcollector into a sidecar for the AIDE daemonset. The "rmholdoff" toggle pod should not be created as re-init and holdoff actions should be handled by AIDE daemonset

Comment 2 Juan Antonio Osorio 2020-08-17 11:19:31 UTC
This is a valid concern; And, additionally, we could have the issue that some node is tainted and the rmholdoff can't be executed. We need to re-think this feature.

Comment 9 errata-xmlrpc 2020-10-27 16:17:40 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196

Comment 10 errata-xmlrpc 2020-10-27 16:21:04 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196