New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1888301: Add check for iptables rule to keepalived-monitor #105
Bug 1888301: Add check for iptables rule to keepalived-monitor #105
Conversation
In order to have keepalived use the loadbalanced api endpoint, we need to know whether the iptables rule to redirect traffic to haproxy is present. Since the keepalived container doesn't have the necessary bits to work with iptables itself, we can instead do it in the monitor container and just use a file to indicate whether the rule is present. This also allows us to reuse the haproxy-monitor code for inspecting iptables, which means it should be less likely to get out of sync. This backports openshift#70 to release-4.5.
We're now rendering templates that are executable scripts so we have to keep the permission of those files. However for some reasons, the template file for keepalived.conf has the executable bit set and keepalived refuses to start when its configuration file is executable bit.
@mandre: This pull request references Bugzilla bug 1888301, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 6 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/test e2e-openstack |
@mandre: The specified target(s) for
Use In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/test e2e-metal-ipi |
/retest |
@@ -34,6 +34,27 @@ func RenderFile(renderPath, templatePath string, cfg interface{}) error { | |||
} | |||
defer renderFile.Close() | |||
|
|||
// NOTE For some reason, the template file for keepalived.conf has the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIRC, this was because of a bug in MCO. They were hard-coding permissions that included executable for no apparent reason.
/test e2e-metal-ipi |
1 similar comment
/test e2e-metal-ipi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/lgtm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
\o/ ci is working again!
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cybertron, EmilienM, Fedosin, mandre The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/bugzilla refresh This is now labeled as a test-blocker in Bugzilla. |
@pierreprinetti: This pull request references Bugzilla bug 1888301, which is valid. 6 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@mandre: All pull requests linked via external trackers have merged: Bugzilla bug 1888301 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Manual backport of #70 to release-4.5.
I squashed all the commits from #70 into one and added a new commit on top of it to deal with the difference between the branches and how the new behavior affects keepalived when the executable bit is set on its config file.
This PR was missed when backporting openshift/machine-config-operator#2110 for OpenStack platform.