Bug 2035015 - ClusterLogForwarding CR remains stuck remediating forever
Summary: ClusterLogForwarding CR remains stuck remediating forever
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Telco Edge
Version: 4.10
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.10.0
Assignee: Jim Ramsay
QA Contact: yliu1
URL:
Whiteboard:
Depends On:
Blocks: 2050762
TreeView+ depends on / blocked
 
Reported: 2021-12-22 17:49 UTC by Ian Miller
Modified: 2022-03-12 04:40 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-03-12 04:39:45 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
The enforce version of the policy. (2.65 KB, text/plain)
2021-12-22 17:49 UTC, Ian Miller 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Github openshift-kni cnf-features-deploy pull 908 0 None open Bug 2035015: ztp: Do not specify openshift namespaces in the ClusterLogForwarder CR 2022-01-14 17:28:48 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-12 04:40:00 UTC

Description Ian Miller 2021-12-22 17:49:15 UTC 
Created attachment 1847387 [details]
The enforce version of the policy.

Description of problem:
The inform Policy which applies the DU configuration for ClusterLogForwarding never resolves to the Compliant state. This inform policy is copied to create an enforce policy which is used to apply the configuration to the cluster. The enforce version of the Policy goes compliant but the inform version of the Policy remains NotCompliant.

The inform policy (enforce copy attached)
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
  annotations:
    policy.open-cluster-management.io/categories: CM Configuration Management
    policy.open-cluster-management.io/controls: CM-2 Baseline Configuration
    policy.open-cluster-management.io/standards: NIST SP 800-53
    ran.openshift.io/ztp-deploy-wave: "10"
  labels:
    app.kubernetes.io/instance: policies
  name: group-cnfocto1-log-forwarder-policy
  namespace: ztp-group-cnfocto1
spec:
  disabled: false
  policy-templates:
  - objectDefinition:
      apiVersion: policy.open-cluster-management.io/v1
      kind: ConfigurationPolicy
      metadata:
        name: group-cnfocto1-log-forwarder-policy-config
      spec:
        namespaceselector:
          exclude:
          - kube-*
          include:
          - '*'
        object-templates:
        - complianceType: musthave
          objectDefinition:
            apiVersion: logging.openshift.io/v1
            kind: ClusterLogForwarder
            metadata:
              annotations:
                ran.openshift.io/ztp-deploy-wave: "10"
              name: instance
              namespace: openshift-logging
            spec:
              inputs:
              - infrastructure:
                  namespaces:
                  - openshift-apiserver
                  - openshift-cluster-version
                  - openshift-etcd
                  - openshift-kube-scheduler
                  - openshift-monitoring
                  - openshift-performance-addon
                  - openshift-ptp
                  - openshift-machine-config-operator
                  - open-cluster-management-agent
                  - open-cluster-management-agent-addon
                name: infra-logs
              outputs:
              - name: kafka-open
                type: kafka
                url: tcp://10.1.2.3:9092/test
              pipelines:
              - inputRefs:
                - audit
                name: audit-logs
                outputRefs:
                - kafka-open
              - inputRefs:
                - infrastructure
                name: infrastructure-logs
                outputRefs:
                - kafka-open
        remediationAction: inform
        severity: low
  remediationAction: inform


The applied ClusterLogForwarder configuration continues to grow in size as additional content is continually added to the spec.

apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  annotations:
    ran.openshift.io/ztp-deploy-wave: "10"
  creationTimestamp: "2021-12-22T15:21:53Z"
  generation: 839
  name: instance
  namespace: openshift-logging
  resourceVersion: "419157"
  uid: 9101269b-f222-4f83-a36f-cb1cb0648749
spec:
  inputs:
  - infrastructure: {}
    name: infra-logs
  - infrastructure: {}
    name: infra-logs
  - infrastructure: {}
    name: infra-logs
<snip 840 additional identical entries>


Version-Release number of selected component (if applicable): 4.10


How reproducible: Always


Steps to Reproduce:
1. Deploy cluster using gitops ZTP configured for inform policies
2. Use Topology Aware Lifecycle Operator to remediate those policies to cluster
3.

Actual results:
ClusterLogForwarder inform policy does not go compliant but the enforce policy does. ClusterLogForwarder CR on the cluster continues to grow.

Expected results:
Both policies go compliant. ClusterLogForwarder gets desired content.

Additional info:
Comment 2 yliu1 2022-02-01 18:19:45 UTC 
ZTP install with TALO succeeded using ztp site generate image built from master branch.
Comment 5 errata-xmlrpc 2022-03-12 04:39:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056
Note You need to log in before you can comment on or make changes to this bug.