Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug 1888301: Add check for iptables rule to keepalived-monitor #105

Merged

Conversation

mandre
Copy link
Member

@mandre mandre commented Oct 15, 2020

Manual backport of #70 to release-4.5.

I squashed all the commits from #70 into one and added a new commit on top of it to deal with the difference between the branches and how the new behavior affects keepalived when the executable bit is set on its config file.

This PR was missed when backporting openshift/machine-config-operator#2110 for OpenStack platform.

In order to have keepalived use the loadbalanced api endpoint, we need
to know whether the iptables rule to redirect traffic to haproxy is
present. Since the keepalived container doesn't have the necessary bits
to work with iptables itself, we can instead do it in the monitor
container and just use a file to indicate whether the rule is present.
This also allows us to reuse the haproxy-monitor code for inspecting
iptables, which means it should be less likely to get out of sync.

This backports openshift#70
to release-4.5.
We're now rendering templates that are executable scripts so we have to
keep the permission of those files. However for some reasons, the
template file for keepalived.conf has the executable bit set and
keepalived refuses to start when its configuration file is executable
bit.
@openshift-ci-robot openshift-ci-robot added bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels Oct 15, 2020
@openshift-ci-robot
Copy link
Contributor

@mandre: This pull request references Bugzilla bug 1888301, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.z) matches configured target release for branch (4.5.z)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 1875005 is in the state VERIFIED, which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA))
  • dependent Bugzilla bug 1875005 targets the "4.6.0" release, which is one of the valid target releases: 4.6.0, 4.6.z
  • bug has dependents

In response to this:

Bug 1888301: Add check for iptables rule to keepalived-monitor

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@mandre
Copy link
Member Author

mandre commented Oct 15, 2020

/test e2e-openstack

@openshift-ci-robot
Copy link
Contributor

@mandre: The specified target(s) for /test were not found.
The following commands are available to trigger jobs:

  • /test e2e-metal-ipi
  • /test gofmt
  • /test govet
  • /test images
  • /test unit

Use /test all to run all jobs.

In response to this:

/test e2e-openstack

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@mandre
Copy link
Member Author

mandre commented Oct 15, 2020

/test e2e-metal-ipi

@cybertron
Copy link
Member

/retest

@@ -34,6 +34,27 @@ func RenderFile(renderPath, templatePath string, cfg interface{}) error {
}
defer renderFile.Close()

// NOTE For some reason, the template file for keepalived.conf has the
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIRC, this was because of a bug in MCO. They were hard-coding permissions that included executable for no apparent reason.

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 15, 2020
@mandre
Copy link
Member Author

mandre commented Oct 20, 2020

/test e2e-metal-ipi

1 similar comment
@mandre
Copy link
Member Author

mandre commented Oct 23, 2020

/test e2e-metal-ipi

Copy link

@Fedosin Fedosin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Oct 23, 2020
@EmilienM
Copy link
Member

/lgtm

Copy link
Member

@cybertron cybertron left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

\o/ ci is working again!

@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cybertron, EmilienM, Fedosin, mandre

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@pierreprinetti
Copy link
Member

/bugzilla refresh

This is now labeled as a test-blocker in Bugzilla.

@openshift-ci-robot openshift-ci-robot removed the bugzilla/severity-medium Referenced Bugzilla bug's severity is medium for the branch this PR is targeting. label Oct 26, 2020
@openshift-ci-robot
Copy link
Contributor

@pierreprinetti: This pull request references Bugzilla bug 1888301, which is valid.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.z) matches configured target release for branch (4.5.z)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 1875005 is in the state RELEASE_PENDING, which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA))
  • dependent Bugzilla bug 1875005 targets the "4.6.0" release, which is one of the valid target releases: 4.6.0, 4.6.z
  • bug has dependents

In response to this:

/bugzilla refresh

This is now labeled as a test-blocker in Bugzilla.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the bugzilla/severity-urgent Referenced Bugzilla bug's severity is urgent for the branch this PR is targeting. label Oct 26, 2020
@sdodson sdodson added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Oct 28, 2020
@openshift-merge-robot openshift-merge-robot merged commit 952b86b into openshift:release-4.5 Oct 28, 2020
@openshift-ci-robot
Copy link
Contributor

@mandre: All pull requests linked via external trackers have merged:

Bugzilla bug 1888301 has been moved to the MODIFIED state.

In response to this:

Bug 1888301: Add check for iptables rule to keepalived-monitor

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-urgent Referenced Bugzilla bug's severity is urgent for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

8 participants