Bug 1873593
| Summary: | MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | aaleman |
| Component: | Node | Assignee: | Qi Wang <qiwan> |
| Node sub component: | CRI-O | QA Contact: | MinLi <minmli> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | low | ||
| Priority: | unspecified | CC: | alchan, aos-bugs, jokerman, kgarriso, minmli, prdeshpa, tsweeney, umohnani |
| Version: | 4.5 | Keywords: | UpcomingSprint |
| Target Milestone: | --- | ||
| Target Release: | 4.7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-02-24 15:16:47 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The name length issue has been fixed in 4.6, and I think the plan was to not backport it to 4.5, but I will double check. Will look into why the finalizer error is not showing up in the ctrcfg status while other errors show up. This is not a release blocker, so setting severity to low. Reassigning to Qi to take a look at why the errors are not showing up correctly in the status. - the issue description "There is a useless condition", so the error like "not valid yaml" is expected, rather than silently ignores error: name > 63 characters? - why it is useless condition ? I saw the definition here? https://github.com/openshift/machine-config-operator/blob/ca283c2500df8cdc787600e8fcbd311b99859538/install/0000_80_machine-config-operator_01_containerruntimeconfig.crd.yaml#L140 verified on version : 4.7.0-0.nightly-2021-01-19-095812
[lyman@localhost env]$ oc get ctrcfg -o yaml
apiVersion: v1
items:
- apiVersion: machineconfiguration.openshift.io/v1
kind: ContainerRuntimeConfig
metadata:
creationTimestamp: "2021-01-20T07:29:52Z"
finalizers:
- 99-worker-generated-containerruntime
generation: 4
managedFields:
- apiVersion: machineconfiguration.openshift.io/v1
fieldsType: FieldsV1
...
manager: oc
operation: Update
time: "2021-01-20T08:20:58Z"
name: pthread-debug
resourceVersion: "100015"
selfLink: /apis/machineconfiguration.openshift.io/v1/containerruntimeconfigs/pthread-debug
uid: babc70c4-57bb-437a-b65d-52aff7b0abe8
spec:
containerRuntimeConfig:
pidsLimit: 2048
machineConfigPoolSelector:
matchLabels:
pthread-debug: "true"
status:
conditions:
- lastTransitionTime: "2021-01-20T08:20:58Z"
message: Success
status: "True"
type: Success
observedGeneration: 4
sh-4.4# chroot /host
sh-4.4# crio config | grep "pids_limit"
INFO[0000] Starting CRI-O, version: 1.20.0-0.rhaos4.7.gitd9f17c8.el8.42, git: ()
INFO Using default capabilities: CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_FSETID, CAP_FOWNER, CAP_SETGID, CAP_SETUID, CAP_SETPCAP, CAP_NET_BIND_SERVICE, CAP_KILL
pids_limit = 2048
sh-4.4#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633 |
Description of problem: Version-Release number of selected component (if applicable): Server Version: 4.5.6 How reproducible: 100% Steps to Reproduce: 1. Create a containerruntime config like this: ``` apiVersion: machineconfiguration.openshift.io/v1 kind: ContainerRuntimeConfig metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"machineconfiguration.openshift.io/v1","kind":"ContainerRuntimeConfig","metadata":{"annotations":{},"name":"pthread-debug"},"spec":{"containerRuntimeConfig":{"pidsLimit":0},"machineConfigPoolSelector":{"matchLabels":{"pthread-debug":"true"}}}} creationTimestamp: "2020-08-28T16:45:41Z" generation: 1 manager: machine-config-controller operation: Update time: "2020-08-28T17:25:43Z" name: pthread-debug resourceVersion: "58399299" selfLink: /apis/machineconfiguration.openshift.io/v1/containerruntimeconfigs/pthread-debug uid: 21ac7f13-eaaf-403b-a33f-b3250eedf5ff spec: containerRuntimeConfig: pidsLimit: 0 machineConfigPoolSelector: matchLabels: pthread-debug: "true" status: conditions: - lastTransitionTime: "2020-08-28T16:45:41Z" message: 'could not add finalizers to ContainerRuntimeConfig: could not add finalizers to ContainerRuntimeConfig: %v' status: "False" type: Failure observedGeneration: 1 ``` Actual results: * There is a useless condition like this on the containerruntimeconfig: ``` conditions: - lastTransitionTime: "2020-08-28T16:45:41Z" message: 'could not add finalizers to ContainerRuntimeConfig: could not add finalizers to ContainerRuntimeConfig: %v' ``` The machine config operator logs: ``` I0828 15:49:12.750465 1 container_runtime_config_controller.go:352] Error syncing containerruntimeconfig pthread-debug: ContainerRuntimeConfig.machineconfiguration.openshift.io "pthread-debug" is invalid: metadata.finalizers: Invalid value: "99-pthread-debug-53728114-21bf-4af7-a0bc-3fe4ee908d6d-containerruntime": name part must be no more than 63 characters ``` Expected results: * The condition contains the error and not an unresolved format string * The controller shortens the name until its short enough or uses something else there (I guess this ends up in a label value? If yes, maybe use the first 63 chars of the UUID?) Additional info: