Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-32756

[CNF-ZTP]: GitOps apps policies reporting Unknown state when using ACM CRs

XMLWordPrintable

    • Important
    • Yes
    • CNF Ran Sprint 253, CNF Ran Sprint 254
    • 2
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      GitOps apps policies reporting "Unknown" state when using ACM CRs to template a policy and observed comparison error.

The problem was that a rhel9 ACM PG executable/image was being copied while the gitops image is based on rhel8.

      Version-Release number of selected component (if applicable):

      Hub Cluster:-
OCP: 4.16.0-0.nightly-2024-04-16-195622
ACM: 2.10.2
GitOps: 1.12.0
TALM: 4.14.5-11

Spoke Cluster:-
OCP: 4.14.22
ZTP container image: 4.14.5-9

      How reproducible:

          Always

      Steps to Reproduce:

          1. Deploy 4.14 OCP SNO cluster with DU profile operator images from stage index
    2. Use ACM PolicyGenerator resources for site specific configurations, example in
http://registry.kni-qe-0.lab.eng.rdu2.redhat.com:3000/kni-qe/ztp-site-configs/src/workers-4.14/policygentemplates/ztp-test/acm-crs
    3. ACM PGT referenced in GitOps apps policies using custom source path
    4. Observed GitOps apps policies reporting "Unknown" state (not in Synced)  with comparison error.    

      Actual results:

              Failed to load target state: failed to generate manifest for source 1 of 1: rpc error: code = Unknown desc = Manifest generation error (cached): `kustomize build <path to cached source>/policygentemplates/ztp-test/acm-crs --enable-alpha-plugins` failed exit status 1: /.config/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator/PolicyGenerator: /lib64/libc.so.6: version `GLIBC_2.32' not found (required by /.config/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator/PolicyGenerator) /.config/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator/PolicyGenerator: /lib64/libc.so.6: version `GLIBC_2.34' not found (required by /.config/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator/PolicyGenerator) Error: failure in plugin configured via /tmp/kust-plugin-config-339301390; exit status 1: exit status 1

      Expected results:

              GitOps apps policies shoud be in "Synced" state after referencing ACM CRs to template a policy.

      Additional info:

      Below test case failed due to above stated issue. 
OCP-54236
https://gitlab.cee.redhat.com/cnf/cnf-gotests/-/blob/master/test/ran/ztp/tests/ztp_argocd_acm_crs.go?ref_type=heads#L151-260


Root of the problem:-
Fix needs to be back ported to latest 4.14.z ZTP container image.
ACM Policy Generator container image referenced in a file "ztp/gitops-subscriptions/argocd/deployment/argocd-openshift-gitops-patch.json" (line 53)  is rhel9 ACM PolicyGenerator image was being copied while the gitops image (1.12.0) is based on rhel8.

Work around:-
used line 48 from https://github.com/openshift-kni/cnf-features-deploy/pull/1805/files#diff-8ce728c9d79f1cb76a0e77264b6de0f6eda0d76bb35ae5816ea0a3a112a702f3 
to copy the universal ACM PG executable/image instead of the rhel9 one.

Quick Manual Test Logs after applying a work around: (Test case : PASS)
https://docs.google.com/document/d/131FWudOhiMF3Krg2T6fw2Vyal2gfW5EWV99oBGPVSds/edit?usp=sharing

Original argocd-openshift-gitops-patch-org.json file (comes from 4.14.z ztp container):-

{
  "spec": {
    "controller": {
      "resources": {
        "limits": {
          "cpu": "16",
          "memory": "32Gi"
        },
        "requests": {
          "cpu": "1",
          "memory": "2Gi"
        }
      }
    },
    "kustomizeBuildOptions": "--enable-alpha-plugins",
    "repo": {
      "volumes": [
        {
          "name": "kustomize",
          "emptyDir": {}
        }
      ],
      "initContainers": [
        {
          "resources": {
          },
          "terminationMessagePath": "/dev/termination-log",
          "name": "kustomize-plugin",
          "command": [
            "/exportkustomize.sh"
          ],
          "args": [
            "/.config"
          ],
          "imagePullPolicy": "Always",
          "volumeMounts": [
            {
              "name": "kustomize",
              "mountPath": "/.config"
            }
          ],
          "terminationMessagePolicy": "File",
          "image": "registry.kni-qe-16.lab.eng.rdu2.redhat.com:5000/ztp/ztp-site-generator:v4.14.5-9"
        },
        {
          "args": [
            "-c",
            "mkdir -p /.config/kustomize/plugin/ && cp -r /etc/kustomize/plugin/policy.open-cluster-management.io /.config/kustomize/plugin/"
          ],
          "command": [
            "/bin/bash"
          ],
          "image": "registry.redhat.io/rhacm2/multicluster-operators-subscription-rhel9@sha256:e8d3308a746813a4397e29b51f0715d40629a4a8362c5d19a6948de688285dbf",
          "name": "policy-generator-install",
          "imagePullPolicy": "Always",
          "volumeMounts": [
            {
              "mountPath": "/.config",
              "name": "kustomize"
            }
          ]
        }
      ],
      "volumeMounts": [
        {
          "name": "kustomize",
          "mountPath": "/.config"
        }
      ],
      "env": [
        {
          "name": "ARGOCD_EXEC_TIMEOUT",
          "value": "360s"
        },
        {
          "name": "KUSTOMIZE_PLUGIN_HOME",
          "value": "/.config/kustomize/plugin"
        }
      ],
      "resources": {
        "limits": {
          "cpu": "8",
          "memory": "16Gi"
        },
        "requests": {
          "cpu": "1",
          "memory": "2Gi"
        }
      }
    }
  }
}

            deliedit@redhat.com David Elie-Dit-Cosaque
            rh-ee-pmohanra Periyamaruthu Mohanraj
            Periyamaruthu Mohanraj Periyamaruthu Mohanraj
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: