New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CMP-1097 FIO 1.3.1 bug fix and enhancement #61261
Conversation
🤖 Updated build preview is available at: Build log: https://circleci.com/gh/ocpdocs-previewbot/openshift-docs/21775 |
/label hold |
@GroceryBoyJr: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like a great start! I have a few comments.
security/file_integrity_operator/file-integrity-operator-release-notes.adoc
Show resolved
Hide resolved
security/file_integrity_operator/file-integrity-operator-release-notes.adoc
Show resolved
Hide resolved
security/file_integrity_operator/file-integrity-operator-release-notes.adoc
Outdated
Show resolved
Hide resolved
security/file_integrity_operator/file-integrity-operator-release-notes.adoc
Outdated
Show resolved
Hide resolved
security/file_integrity_operator/file-integrity-operator-release-notes.adoc
Outdated
Show resolved
Hide resolved
security/file_integrity_operator/file-integrity-operator-release-notes.adoc
Outdated
Show resolved
Hide resolved
9fd14a6
to
26a0e3b
Compare
security/file_integrity_operator/file-integrity-operator-release-notes.adoc
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
05e16a1
to
7ec8011
Compare
@xiaojiey PTAL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
ty
…On Fri, Jun 16, 2023 at 1:26 PM Lance Bragstad ***@***.***> wrote:
***@***.**** commented on this pull request.
/lgtm
—
Reply to this email directly, view it on GitHub
<#61261 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ASABLFAJEHT6ILMKANWVJQ3XLSJLVANCNFSM6AAAAAAZG6COLI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
@xiaojiey PTAL at FIO as well please, thanks! |
New changes are detected. LGTM label has been removed. |
@rhmdnd your SME approval requested please. PTAL, TY! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, adding peer review done label for now.
security/file_integrity_operator/file-integrity-operator-release-notes.adoc
Outdated
Show resolved
Hide resolved
|
||
* Previously, FIO would not clean up node status CRDs when nodes are removed from the cluster. FIO would also erroneously indicate that new nodes failed integrity checks. FIO has been updated to correctly clean up node status CRDs on node removal or when adding new nodes to the cluster. This provides correct node status notifications. (link:https://issues.redhat.com/browse/OCPBUGS-8502[*OCPBUGS-8502*]) | ||
|
||
* Previously, when FIO was reconciling File Integrity CRDs, it would pause scanning until the reconciliation was done. This caused an overly aggressive re-initiatization process on nodes not impacted by the reconciliation. This problem also resulted in unnecessary daemonsets for machine config pools which are unrelated to the file integrity being changed. FIO correctly handles these cases and only pauses AIDE scanning for nodes that are affected by file integrity changes. (link:https://issues.redhat.com/browse/CMP-1097[*CMP-1097*]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Better to update "reconciling File Integrity CRDs" to " FileIntegrity
CRDs"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was wondering if you could change "Previously, when FIO was reconciling File Integrity CRDs, it would pause scanning until the reconciliation was done. " to something like "Previously, during a node updates causing by MCP updates, it would pause scanning on all nodes until the update was done."
One more comment, could you please address https://issues.redhat.com/browse/OCPBUGS-8502? Thanks. |
@GroceryBoyJr is out of the office between now and the release date. I will be closing this PR in favor of #63648 because I added a known issues section. |
Version(s): 4.10+
Issue: https://issues.redhat.com/browse/CMP-2039
Link to docs preview:
https://61261--docspreview.netlify.app/openshift-enterprise/latest/security/file_integrity_operator/file-integrity-operator-release-notes.html
QE review:
Additional information: