Loading...

Type: Bug
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.10
Component/s: Compliance Operator
Labels:
None

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Important
Regression:
No

Target Backport Versions:
None
Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Review Complete:
PX Priority Data:
PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem: Post compliance scan in Azure cluster, the MCP gets paused and does not un-pause to complete the operation. There appears to be a previous bug (https://bugzilla.redhat.com/show_bug.cgi?id=1975358) that resulted in (https://access.redhat.com/solutions/6136562) which eluded to upgrading the compliance operator, but the CU is using the v1.0.0 version, so it should work.

Version-Release number of selected component (if applicable): v1.0.0

How reproducible: Consistent

Steps to Reproduce:{code:none}
1.  Change scan setting / scan setting binding
2.
3.

Actual results:

$ oc get compliancescan
NAME PHASE RESULT
ocp4-cis DONE NON-COMPLIANT
ocp4-cis-node-master DONE INCONSISTENT
ocp4-cis-node-worker AGGREGATING NOT-AVAILABLE
$

And we also see all the app pods are recycling.

Expected results: Change is applied with Phase at "Done" with a decision on RESULT field.

Additional info: SF Related case 03551835
inspects of the openshift-compliance namespace along with must-gathers of the environment can be found here.

In the last inspect, I can see the compliance operator "pausing" the pool, but I don't see the subsequent attempts to un-pause it;

$ omg logs -n openshift-compliance pod/compliance-operator-54cdfd9858-2wt2j | grep -i paus
2023-07-10T22:17:52.066596533Z

{"level":"info","ts":"2023-07-10T22:17:52.066Z","logger":"suitectrl","msg":"Pausing pool","Request.Namespace":"openshift-compliance","Request.Name":"ocp4-cis-cibc","MachineConfigPool.Name":"master"}

2023-07-11T01:00:09.005821947Z

{"level":"info","ts":"2023-07-11T01:00:09.005Z","logger":"suitectrl","msg":"Pausing pool","Request.Namespace":"openshift-compliance","Request.Name":"ocp4-cis-cibc","MachineConfigPool.Name":"master"}

These logs can also be found in the case. Below is the related logs to the events above;

2023-07-10T22:17:46.300577073Z I0710 22:17:46.300510 1 request.go:690] Waited for 1.018769376s due to client-side throttling, not priority and fairness, request: GET:https://10.101.96.1:443/apis/dynatrace.com/v1beta1?timeout=32s
2023-07-11T01:00:58.715565548Z

{"level":"error","ts":"2023-07-11T01:00:58.715Z","logger":"scanctrl","msg":"Cannot retrieve pod","Request.Namespace":"openshift-compliance","Request.Name":"ocp4-cis-node-master","Pod.Name":"aggregator-pod-ocp4-cis-node-master","error":"Pod \"aggregator-pod-ocp4-cis-node-master\" not found","stacktrace":"github.com/ComplianceAsCode/compliance-operator/pkg/controller/compliancescan.isPodRunning\n\tgithub.com/ComplianceAsCode/compliance-operator/pkg/controller/compliancescan/compliancescan_controller.go:772\ngithub.com/ComplianceAsCode/compliance-operator/pkg/controller/compliancescan.isAggregatorRunning\n\tgithub.com/ComplianceAsCode/compliance-operator/pkg/controller/compliancescan/aggregator.go:143\ngithub.com/ComplianceAsCode/compliance-operator/pkg/controller/compliancescan.(*ReconcileComplianceScan).phaseAggregatingHandler\n\tgithub.com/ComplianceAsCode/compliance-operator/pkg/controller/compliancescan/compliancescan_controller.go:509\ngithub.com/ComplianceAsCode/compliance-operator/pkg/controller/compliancescan.(*ReconcileComplianceScan).Reconcile\n\tgithub.com/ComplianceAsCode/compliance-operator/pkg/controller/compliancescan/compliancescan_controller.go:199\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\tsigs.k8s.io/controller-runtime@v0.14.5/pkg/internal/controller/controller.go:122\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\tsigs.k8s.io/controller-runtime@v0.14.5/pkg/internal/controller/controller.go:323\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\tsigs.k8s.io/controller-runtime@v0.14.5/pkg/internal/controller/controller.go:274\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\tsigs.k8s.io/controller-runtime@v0.14.5/pkg/internal/controller/controller.go:235"}

2023-07-12T01:00:09.912034185Z

{"level":"error","ts":"2023-07-12T01:00:09.911Z","logger":"suitectrl","msg":"Could not update scan status","Request.Namespace":"openshift-compliance","Request.Name":"ocp4-cis-cibc","error":"Operation cannot be fulfilled on compliancesuites.compliance.openshift.io \"ocp4-cis-cibc\": the object has been modified; please apply your changes to the latest version and try again","stacktrace":"github.com/ComplianceAsCode/compliance-operator/pkg/controller/compliancesuite.(*ReconcileComplianceSuite).reconcileScanStatus\n\tgithub.com/ComplianceAsCode/compliance-operator/pkg/controller/compliancesuite/compliancesuite_controller.go:293\ngithub.com/ComplianceAsCode/compliance-operator/pkg/controller/compliancesuite.(*ReconcileComplianceSuite).reconcileScans\n\tgithub.com/ComplianceAsCode/compliance-operator/pkg/controller/compliancesuite/compliancesuite_controller.go:270\ngithub.com/ComplianceAsCode/compliance-operator/pkg/controller/compliancesuite.(*ReconcileComplianceSuite).Reconcile\n\tgithub.com/ComplianceAsCode/compliance-operator/pkg/controller/compliancesuite/compliancesuite_controller.go:180\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\tsigs.k8s.io/controller-runtime@v0.14.5/pkg/internal/controller/controller.go:122\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\tsigs.k8s.io/controller-runtime@v0.14.5/pkg/internal/controller/controller.go:323\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\tsigs.k8s.io/controller-runtime@v0.14.5/pkg/internal/controller/controller.go:274\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\tsigs.k8s.io/controller-runtime@v0.14.5/pkg/internal/controller/controller.go:235"}

2023-07-12T01:00:09.912034185Z

{"level":"error","ts":"2023-07-12T01:00:09.912Z","logger":"suitectrl","msg":"Retriable error","Request.Namespace":"openshift-compliance","Request.Name":"ocp4-cis-cibc","error":"Operation cannot be fulfilled on compliancesuites.compliance.openshift.io \"ocp4-cis-cibc\": the object has been modified; please apply your changes to the latest version and try again","stacktrace":"github.com/ComplianceAsCode/compliance-operator/pkg/controller/common.ReturnWithRetriableError\n\tgithub.com/ComplianceAsCode/compliance-operator/pkg/controller/common/errors.go:117\ngithub.com/ComplianceAsCode/compliance-operator/pkg/controller/compliancesuite.(*ReconcileComplianceSuite).Reconcile\n\tgithub.com/ComplianceAsCode/compliance-operator/pkg/controller/compliancesuite/compliancesuite_controller.go:182\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\tsigs.k8s.io/controller-runtime@v0.14.5/pkg/internal/controller/controller.go:122\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\tsigs.k8s.io/controller-runtime@v0.14.5/pkg/internal/controller/controller.go:323\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\tsigs.k8s.io/controller-runtime@v0.14.5/pkg/internal/controller/controller.go:274\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\tsigs.k8s.io/controller-runtime@v0.14.5/pkg/internal/controller/controller.go:235"}

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates