1982766 – [on-prem] Make ingress keepalived check more tolerant to failures

Bug 1982766 - [on-prem] Make ingress keepalived check more tolerant to failures

Summary: [on-prem] Make ingress keepalived check more tolerant to failures

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	4.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	4.9.0
Assignee:	Martin André
QA Contact:	Udi Shkalim
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-07-15 16:16 UTC by Martin André
Modified:	2021-10-18 17:40 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Ingress check for keepalived didn't include fall and raise directives. Consequence: A single failed check would cause the ingress VIP failover, which can be an issue on busy platforms where the check can legitimately fails due to timeout. Fix: Use fall and raise directives to prevent VIP flapping between nodes, similar to the API VIP. Result: Single failed check no longer trigger Ingress VIP failover.
Clone Of:
Environment:
Last Closed:	2021-10-18 17:39:54 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift machine-config-operator pull 2679	0	None	open	Bug 1982766: [on-prem] Make ingress VIP more tolerant to failures	2021-07-19 10:44:49 UTC
Red Hat Product Errata	RHSA-2021:3759	0	None	None	None	2021-10-18 17:40:08 UTC

Description Martin André 2021-07-15 16:16:24 UTC

Description of problem: We've noticed that the ingress VIP could be flapping in some environments where the keepalived check fails due to timeout. We should make the ingress check more resilient to errors and start using `fall` and `raise` to mitigate flapping as we did for the API checks.

We're seeing this issue regularly on OpenStack deployments in PSI.

Comment 4 Udi Shkalim 2021-08-10 14:38:43 UTC

Verified on: 4.9.0-0.nightly-2021-07-30-014522

Comment 7 errata-xmlrpc 2021-10-18 17:39:54 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759

Note You need to log in before you can comment on or make changes to this bug.