Bug 1957609 - [aws]Machine tags should have precedence over Infrastructure
Summary: [aws]Machine tags should have precedence over Infrastructure
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Compute
Version: 4.8
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: 4.9.0
Assignee: Joel Speed
QA Contact: sunzhaohua
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-05-06 06:58 UTC by sunzhaohua
Modified: 2021-10-18 17:31 UTC (History)
0 users

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-18 17:31:01 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift machine-api-operator pull 869 0 None open Bug 1957609: Warn when an AWS tag name is duplicated 2021-05-26 16:09:24 UTC
Red Hat Product Errata RHSA-2021:3759 0 None None None 2021-10-18 17:31:03 UTC

Description sunzhaohua 2021-05-06 06:58:55 UTC
Description of problem:
If the tag is defined on both MS and Infra, but the values differ, the value from MS should take precedence. Now the result is the first found value from machineset gets precedence. 

Version-Release number of selected component (if applicable):
4.8.0-0.nightly-2021-04-30-154520

How reproducible:
always

Steps to Reproduce:
1. Set up an ipi aws cluster with usertags:
1)$ ./openshift-install create install-config --dir tagtest
2) update install-config.yaml
platform:
  aws:
    region: us-east-2
    experimentalPropagateUserTags: true
    userTags:
      adminContact: zhsun


2. Add machineset tags with same name but different value with user-defined tags.
$ oc edit machineset zhsuntag-thmsw-worker-us-east-2c
          tags:
          - name: kubernetes.io/cluster/zhsuntag-thmsw
            value: owned
          - name: adminContact
            value: zhsun
          - name: adminContact
            value: zhsun1

3. Scale up machinset

Actual results:
The first found value from machineset gets precedence. Check from aws GUI, the tag adminContact's value is zhsun.
$ oc get infrastructure.config.openshift.io  cluster -o yaml
status:
  platform: AWS
  platformStatus:
    aws:
      region: us-east-2
      resourceTags:
      - key: adminContact
        value: zhsun

$ oc get machine zhsuntag2-cn9js-worker-us-east-2c-l7ttd -o yaml
      tags:
      - name: kubernetes.io/cluster/zhsuntag2-cn9js
        value: owned
      - name: adminContact
        value: zhsun
      - name: adminContact
        value: zhsun1

Expected results:
Machine tags should have precedence over Infrastructure, the tag adminContact's value is zhsun1.

Additional info:

Comment 1 Joel Speed 2021-05-06 09:49:12 UTC
This is somewhat intentional data, we expect the name key to be unique in the list of tags on any machine/machineset, but we don't have any validation for this.

My suggestion would be that we don't change the behaviour here, but add a warning or error using validating webhooks to notify the user that only the first value for a given name will be copied to the EC2 instance

Comment 2 Joel Speed 2021-06-07 14:12:03 UTC
Still keen to merge this for 4.8, in need of reviews. I think this should be able to go in this week but will re-evaluate based on review feedback

Comment 5 sunzhaohua 2021-09-03 06:53:53 UTC
Verified
clusterversion: 4.9.0-0.nightly-2021-09-01-193941

I0903 05:51:51.430817       1 controller.go:59] controllers/MachineSet "msg"="Reconciling" "machineset"="zhsun93tag-dvbjd-worker-us-east-2c" "namespace"="openshift-machine-api"
I0903 05:51:51.444660       1 deleg.go:130] KubeAPIWarningLogger "msg"="providerSpec.tags: duplicated tag names (adminContact): only the first value will be used."
I0903 05:51:51.466948       1 controller.go:174] zhsun93tag-dvbjd-worker-us-east-2c-7qpq2: reconciling Machine
I0903 05:51:51.485831       1 controller.go:174] zhsun93tag-dvbjd-worker-us-east-2c-7qpq2: reconciling Machine
I0903 05:51:51.485853       1 actuator.go:104] zhsun93tag-dvbjd-worker-us-east-2c-7qpq2: actuator checking if machine exists
I0903 05:51:51.542515       1 reconciler.go:265] zhsun93tag-dvbjd-worker-us-east-2c-7qpq2: Instance does not exist
I0903 05:51:51.542541       1 controller.go:357] zhsun93tag-dvbjd-worker-us-east-2c-7qpq2: setting phase to Provisioning and requeuing

      tags:
      - name: kubernetes.io/cluster/zhsun93tag-dvbjd
        value: owned
      - name: adminContact
        value: zhsun
      - name: adminContact
        value: zhsun1
Check from aws GUI, the tag adminContact's value is the first value zhsun.

Comment 8 errata-xmlrpc 2021-10-18 17:31:01 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759


Note You need to log in before you can comment on or make changes to this bug.