Details
-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
4.13
-
Important
-
No
-
CNF RAN Sprint 234
-
1
-
False
-
Description
Description of problem:
Version-Release number of selected component (if applicable):
CoreOS 413.92.202303061740-0
How reproducible:
Always
Steps to Reproduce:
1. Hub Cluster running OCP 4.13, TALM 4.13 2. Managed spoke cluster installed with latest OCP 4.13 nightly build which runs CoreOS 9.2 3. Create a change to the managed cluster config in Git which causes a policy to become noncompliant. 4. Create a CGU on the hub cluster specifying the target spoke cluster and managedPolicy 5. Set backup: true in CGU 6. Enable CGU
Actual results:
CGU will fail with "Unrecoverable error".
The managed clusters backup pod log will show the following errors:
-----
snapshot db and kube resources are successfully saved to /var/recovery/cluster
[sender] readlink_stat("/etc/adjtime") failed: Permission denied (13)
[sender] readlink_stat("/etc/aliases") failed: Permission denied (13)
[sender] readlink_stat("/etc/chrony.keys") failed: Permission denied (13)
[sender] readlink_stat("/etc/exports") failed: Permission denied (13)
[sender] readlink_stat("/etc/gshadow") failed: Permission denied (13)
-----
This error is due to selinux configuration. Setting selinux to "permissive" on the managed cluster fixes this problem.
Expected results:
Backup is successful. CGU is successful.
Additional info:
Hub Cluster Must-Gather: https://drive.google.com/file/d/1Lu4CWRUsJcOYfoxBZyq76UoNPt7djdTF/view?usp=sharing Spoke Cluster journalctl logs https://drive.google.com/file/d/1VtKsyNlnLZVHM1ztq2wR0M8bZtlEhlbz/view?usp=sharing TALM Pod Log: https://drive.google.com/file/d/1_ezCqOb06tjHCxP38gUhXx5Q1e0Boqax/view?usp=sharing
Attachments
Issue Links
- blocks
-
-
- Closed
-
- is cloned by
-
-
- Closed
-
- links to
