Bug 1873070
| Summary: | [OCP v46] The profileparser pods are reporting error while deploying Compliance Operator | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Prashant Dhamdhere <pdhamdhe> |
| Component: | Compliance Operator | Assignee: | Juan Antonio Osorio <josorior> |
| Status: | CLOSED ERRATA | QA Contact: | Prashant Dhamdhere <pdhamdhe> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 4.6 | CC: | josorior, mrogers, xiyuan |
| Target Milestone: | --- | ||
| Target Release: | 4.6.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-27 16:34:36 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This looks good now, the profileparser pods do not report any error while deploying Compliance Operator.
Verified on : 4.6.0-0.nightly-2020-09-07-224533
$ oc get pods
NAME READY STATUS RESTARTS AGE
compliance-operator-869646dd4f-klhcq 1/1 Running 0 5m12s
ocp4-pp-6786c5f5b-4pbg2 1/1 Running 0 4m24s
rhcos4-pp-78c8cc9d44-x9bhb 1/1 Running 0 4m24s
$ oc logs ocp4-pp-6786c5f5b-4pbg2 -c profileparser |grep error
$ oc logs ocp4-pp-6786c5f5b-4pbg2 -c profileparser |head
{"level":"info","ts":1599543423.9099543,"logger":"cmd","msg":"Go Version: go1.13.4"}
{"level":"info","ts":1599543423.9100416,"logger":"cmd","msg":"Go OS/Arch: linux/amd64"}
{"level":"info","ts":1599543423.9100838,"logger":"cmd","msg":"Version of operator-sdk: v0.18.2"}
I0908 05:37:05.022177 1 request.go:621] Throttling request took 1.039057969s, request: GET:https://172.30.0.1:443/apis/autoscaling.openshift.io/v1?timeout=32s
{"level":"info","ts":1599543427.0578494,"logger":"profileparser","msg":"Parsing CPE","cpe ID":"cpe:/a:redhat:openshift_container_platform:4.1"}
{"level":"info","ts":1599543427.0580106,"logger":"profileparser","msg":"exploded CPE","cpePieces":["a","redhat","openshift_container_platform","4.1"]}
{"level":"info","ts":1599543427.0580444,"logger":"profileparser","msg":"CPE part","part":"a"}
{"level":"info","ts":1599543427.0650835,"logger":"profileparser","msg":"Found profile","id":"xccdf_org.ssgproject.content_profile_cis"}
{"level":"info","ts":1599543427.0652366,"logger":"profileparser","msg":"Platform info","type":"Platform","name":"redhat_openshift_container_platform_4.1"}
{"level":"info","ts":1599543427.0664577,"logger":"profileparser","msg":"Creating object","kind":"Profile","key":{"namespace":"openshift-compliance","name":"ocp4-cis"}}
$ oc logs rhcos4-pp-78c8cc9d44-x9bhb -c profileparser |head
{"level":"info","ts":1599543423.9144714,"logger":"cmd","msg":"Go Version: go1.13.4"}
{"level":"info","ts":1599543423.914607,"logger":"cmd","msg":"Go OS/Arch: linux/amd64"}
{"level":"info","ts":1599543423.9146533,"logger":"cmd","msg":"Version of operator-sdk: v0.18.2"}
I0908 05:37:05.026074 1 request.go:621] Throttling request took 1.030710519s, request: GET:https://172.30.0.1:443/apis/samples.operator.openshift.io/v1?timeout=32s
{"level":"info","ts":1599543431.8001614,"logger":"profileparser","msg":"Parsing CPE","cpe ID":"cpe:/o:redhat:enterprise_linux_coreos:4"}
{"level":"info","ts":1599543431.8004062,"logger":"profileparser","msg":"exploded CPE","cpePieces":["o","redhat","enterprise_linux_coreos","4"]}
{"level":"info","ts":1599543431.800469,"logger":"profileparser","msg":"CPE part","part":"o"}
{"level":"info","ts":1599543431.8855088,"logger":"profileparser","msg":"Found profile","id":"xccdf_org.ssgproject.content_profile_e8"}
{"level":"info","ts":1599543431.8856418,"logger":"profileparser","msg":"Platform info","type":"Node","name":"redhat_enterprise_linux_coreos_4"}
{"level":"info","ts":1599543431.886903,"logger":"profileparser","msg":"Creating object","kind":"Profile","key":{"namespace":"openshift-compliance","name":"rhcos4-e8"}}
$ oc get profile.compliance
NAME AGE
ocp4-cis 5m6s
ocp4-e8 5m6s
ocp4-moderate 5m6s
ocp4-ncp 5m6s
rhcos4-e8 5m2s
rhcos4-moderate 5m1s
rhcos4-ncp 5m1s
$ oc get profilebundles
NAME CONTENTIMAGE STATUS
ocp4 quay.io/complianceascode/ocp4:latest VALID
rhcos4 quay.io/complianceascode/ocp4:latest VALID
$ oc get rules |grep rhcos4|head
rhcos4-account-disable-post-pw-expiration 5m13s
rhcos4-account-unique-name 5m13s
rhcos4-account-use-centralized-automated-auth 5m13s
rhcos4-accounts-logon-fail-delay 5m12s
rhcos4-accounts-max-concurrent-login-sessions 5m12s
rhcos4-accounts-maximum-age-login-defs 5m13s
rhcos4-accounts-minimum-age-login-defs 5m13s
rhcos4-accounts-no-uid-except-zero 5m13s
rhcos4-accounts-password-all-shadowed 5m13s
rhcos4-accounts-password-minlen-login-defs 5m13s
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |
Description of problem: The profileparser pods are reporting the below error while deploying Compliance Operator. $ oc get pods NAME READY STATUS RESTARTS AGE compliance-operator-869646dd4f-jvhkk 1/1 Running 0 2m11s ocp4-pp-7f89f556cc-jg99r 1/1 Running 0 91s rhcos4-pp-7c44999587-pc8cz 0/1 Init:1/2 0 91s $ oc get pods NAME READY STATUS RESTARTS AGE compliance-operator-869646dd4f-jvhkk 1/1 Running 0 2m23s ocp4-pp-7f89f556cc-jg99r 1/1 Running 0 103s rhcos4-pp-7c44999587-pc8cz 0/1 PodInitializing 0 103s $ oc logs rhcos4-pp-7c44999587-pc8cz -c profileparser |grep error |head -1 {"level":"error","ts":1598519627.3027525,"logger":"profileparser","msg":"Could not register NIST-800-53 reference parser","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/go/src/github.com/openshift/compliance-operator/vendor/github.com/go-logr/zapr/zapr.go:128\ngithub.com/openshift/compliance-operator/pkg/profileparser.newStandardParser\n\t/go/src/github.com/openshift/compliance-operator/pkg/profileparser/profileparser.go:646\ngithub.com/openshift/compliance-operator/pkg/profileparser.ParseBundle\n\t/go/src/github.com/openshift/compliance-operator/pkg/profileparser/profileparser.go:55\nmain.runProfileParser\n\t/go/src/github.com/openshift/compliance-operator/cmd/manager/profileparser.go:151\ngithub.com/spf13/cobra.(*Command).execute\n\t/go/src/github.com/openshift/compliance-operator/vendor/github.com/spf13/cobra/command.go:846\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\t/go/src/github.com/openshift/compliance-operator/vendor/github.com/spf13/cobra/command.go:950\ngithub.com/spf13/cobra.(*Command).Execute\n\t/go/src/github.com/openshift/compliance-operator/vendor/github.com/spf13/cobra/command.go:887\nmain.main\n\t/go/src/github.com/openshift/compliance-operator/cmd/manager/main.go:34\nruntime.main\n\t/usr/lib/golang/src/runtime/proc.go:203"} $ oc logs rhcos4-pp-7c44999587-pc8cz -c profileparser |grep error |head -1 {"level":"error","ts":1598519627.3027525,"logger":"profileparser","msg":"Could not register NIST-800-53 reference parser","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/go/src/github.com/openshift/compliance-operator/vendor/github.com/go-logr/zapr/zapr.go:128\ngithub.com/openshift/compliance-operator/pkg/profileparser.newStandardParser\n\t/go/src/github.com/openshift/compliance-operator/pkg/profileparser/profileparser.go:646\ngithub.com/openshift/compliance-operator/pkg/profileparser.ParseBundle\n\t/go/src/github.com/openshift/compliance-operator/pkg/profileparser/profileparser.go:55\nmain.runProfileParser\n\t/go/src/github.com/openshift/compliance-operator/cmd/manager/profileparser.go:151\ngithub.com/spf13/cobra.(*Command).execute\n\t/go/src/github.com/openshift/compliance-operator/vendor/github.com/spf13/cobra/command.go:846\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\t/go/src/github.com/openshift/compliance-operator/vendor/github.com/spf13/cobra/command.go:950\ngithub.com/spf13/cobra.(*Command).Execute\n\t/go/src/github.com/openshift/compliance-operator/vendor/github.com/spf13/cobra/command.go:887\nmain.main\n\t/go/src/github.com/openshift/compliance-operator/cmd/manager/main.go:34\nruntime.main\n\t/usr/lib/golang/src/runtime/proc.go:203"} Version-Release number of selected component (if applicable): 4.6.0-0.nightly-2020-08-27-005538 How reproducible: Always Steps to Reproduce: 1 clone compliance-operator git repo $ git clone https://github.com/openshift/compliance-operator.git $ git show d6f15c1ccd27403a73d6597349cd5dcffd4a9b11 commit d6f15c1ccd27403a73d6597349cd5dcffd4a9b11 (HEAD -> master, origin/release-4.7, origin/release-4.6, origin/master, origin/HEAD) Merge: e816223 ef8752c Author: Juan Osorio Robles <jaosorior> Date: Tue Aug 25 21:59:32 2020 +0300 Merge pull request #415 from openshift/release-v0.1.14 Release v0.1.14 2 Create 'openshift-compliance' namespace $ oc create -f compliance-operator/deploy/ns.yaml 3 Switch to 'openshift-compliance' namespace $ oc project openshift-compliance 4 Deploy CustomResourceDefinition. $ for f in $(ls -1 compliance-operator/deploy/crds/*crd.yaml); do oc create -f $f; done 5. Deploy compliance-operator. $ oc create -f compliance-operator/deploy/ 6. Monitor pods status $ oc get pods -w 7. The pods are reporting error, Check profileparser logs. $ oc logs rhcos4-pp-7c44999587-pc8cz -c profileparser |grep error |head -1 $ oc logs rhcos4-pp-7c44999587-pc8cz -c profileparser |grep error |head -1 Actual results: The profileparser pods are reporting subjected error while deploying Compliance Operator. Expected results: The profileparser pods should not report any error while deploying Compliance Operator. Additional info: This is not impacting operator behavior and the profile.compliance & profilebundles objects are able to parse profiles $ oc get profile.compliance NAME AGE ocp4-cis 5h16m ocp4-e8 5h16m ocp4-moderate 5h16m ocp4-ncp 5h16m rhcos4-e8 5h16m rhcos4-moderate 5h16m rhcos4-ncp 5h16m $ oc get profilebundles NAME CONTENTIMAGE STATUS ocp4 quay.io/complianceascode/ocp4:latest VALID rhcos4 quay.io/complianceascode/ocp4:latest VALID $ oc get rules |grep rhcos4|head rhcos4-account-disable-post-pw-expiration 5h18m rhcos4-account-unique-name 5h18m rhcos4-account-use-centralized-automated-auth 5h18m rhcos4-accounts-logon-fail-delay 5h18m rhcos4-accounts-max-concurrent-login-sessions 5h18m rhcos4-accounts-maximum-age-login-defs 5h18m rhcos4-accounts-minimum-age-login-defs 5h18m rhcos4-accounts-no-uid-except-zero 5h18m rhcos4-accounts-password-all-shadowed 5h18m rhcos4-accounts-password-minlen-login-defs 5h18m