Bug 1873593 - MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters
Summary: MCO fails to cope with ContainerRuntimeConfig thas has a name > 63 characters
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Node
Version: 4.5
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: 4.7.0
Assignee: Qi Wang
QA Contact: MinLi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-08-28 17:29 UTC by aaleman
Modified: 2021-02-24 15:17 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-02-24 15:16:47 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift machine-config-operator pull 2339 0 None closed Bug 1873593: fix error args paring causing unresolved string 2021-01-19 13:55:56 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:17:27 UTC

Description aaleman 2020-08-28 17:29:04 UTC
Description of problem:


Version-Release number of selected component (if applicable): Server Version: 4.5.6



How reproducible: 100%


Steps to Reproduce:
1. Create a containerruntime config like this:
```
apiVersion: machineconfiguration.openshift.io/v1
kind: ContainerRuntimeConfig
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"machineconfiguration.openshift.io/v1","kind":"ContainerRuntimeConfig","metadata":{"annotations":{},"name":"pthread-debug"},"spec":{"containerRuntimeConfig":{"pidsLimit":0},"machineConfigPoolSelector":{"matchLabels":{"pthread-debug":"true"}}}}
  creationTimestamp: "2020-08-28T16:45:41Z"
  generation: 1
    manager: machine-config-controller
    operation: Update
    time: "2020-08-28T17:25:43Z"
  name: pthread-debug
  resourceVersion: "58399299"
  selfLink: /apis/machineconfiguration.openshift.io/v1/containerruntimeconfigs/pthread-debug
  uid: 21ac7f13-eaaf-403b-a33f-b3250eedf5ff
spec:
  containerRuntimeConfig:
    pidsLimit: 0
  machineConfigPoolSelector:
    matchLabels:
      pthread-debug: "true"
status:
  conditions:
  - lastTransitionTime: "2020-08-28T16:45:41Z"
    message: 'could not add finalizers to ContainerRuntimeConfig: could not add finalizers
      to ContainerRuntimeConfig: %v'
    status: "False"
    type: Failure
  observedGeneration: 1

```


Actual results:

* There is a useless condition like this on the containerruntimeconfig:
```
  conditions:
  - lastTransitionTime: "2020-08-28T16:45:41Z"
    message: 'could not add finalizers to ContainerRuntimeConfig: could not add finalizers
      to ContainerRuntimeConfig: %v'
```

The machine config operator logs:
```
I0828 15:49:12.750465       1 container_runtime_config_controller.go:352] Error syncing containerruntimeconfig pthread-debug: ContainerRuntimeConfig.machineconfiguration.openshift.io "pthread-debug" is invalid: metadata.finalizers: Invalid value: "99-pthread-debug-53728114-21bf-4af7-a0bc-3fe4ee908d6d-containerruntime": name part must be no more than 63 characters
```


Expected results:

* The condition contains the error and not an unresolved format string
* The controller shortens the name until its short enough or uses something else there (I guess this ends up in a label value? If yes, maybe use the first 63 chars of the UUID?)


Additional info:

Comment 2 Urvashi Mohnani 2020-08-31 14:45:15 UTC
The name length issue has been fixed in 4.6, and I think the plan was to not backport it to 4.5, but I will double check. Will look into why the finalizer error is not showing up in the ctrcfg status while other errors show up. This is not a release blocker, so setting severity to low.

Comment 10 Urvashi Mohnani 2020-12-04 20:08:43 UTC
Reassigning to Qi to take a look at why the errors are not showing up correctly in the status.

Comment 11 Qi Wang 2020-12-23 19:46:15 UTC
- the issue description "There is a useless condition", so the error like "not valid yaml" is expected, rather than silently ignores error: name > 63 characters?

- why it is useless condition ? I saw the definition here? https://github.com/openshift/machine-config-operator/blob/ca283c2500df8cdc787600e8fcbd311b99859538/install/0000_80_machine-config-operator_01_containerruntimeconfig.crd.yaml#L140

Comment 14 MinLi 2021-01-20 08:40:05 UTC
verified on version : 4.7.0-0.nightly-2021-01-19-095812

[lyman@localhost env]$ oc get ctrcfg -o yaml 
apiVersion: v1
items:
- apiVersion: machineconfiguration.openshift.io/v1
  kind: ContainerRuntimeConfig
  metadata:
    creationTimestamp: "2021-01-20T07:29:52Z"
    finalizers:
    - 99-worker-generated-containerruntime
    generation: 4
    managedFields:
    - apiVersion: machineconfiguration.openshift.io/v1
      fieldsType: FieldsV1
...
      manager: oc
      operation: Update
      time: "2021-01-20T08:20:58Z"
    name: pthread-debug
    resourceVersion: "100015"
    selfLink: /apis/machineconfiguration.openshift.io/v1/containerruntimeconfigs/pthread-debug
    uid: babc70c4-57bb-437a-b65d-52aff7b0abe8
  spec:
    containerRuntimeConfig:
      pidsLimit: 2048
    machineConfigPoolSelector:
      matchLabels:
        pthread-debug: "true"
  status:
    conditions:
    - lastTransitionTime: "2021-01-20T08:20:58Z"
      message: Success
      status: "True"
      type: Success
    observedGeneration: 4

sh-4.4# chroot /host 
sh-4.4# crio config | grep "pids_limit"
INFO[0000] Starting CRI-O, version: 1.20.0-0.rhaos4.7.gitd9f17c8.el8.42, git: () 
INFO Using default capabilities: CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_FSETID, CAP_FOWNER, CAP_SETGID, CAP_SETUID, CAP_SETPCAP, CAP_NET_BIND_SERVICE, CAP_KILL 
pids_limit = 2048
sh-4.4#

Comment 17 errata-xmlrpc 2021-02-24 15:16:47 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633


Note You need to log in before you can comment on or make changes to this bug.