-
Bug
-
Resolution: Not a Bug
-
Normal
-
None
-
4.14
-
None
-
No
-
ShiftStack Sprint 248
-
1
-
False
-
Description of problem:
The following is needed to renew OSP credentials in RHOCP, however it should be enough to only roll out the kube-controller-manager and additional restarts should not be needed or should be automatically handled:
oc annotate secret openstack-credentials -n kube-system cloudcredential.openshift.io/mode=passthrough oc set data -n kube-system secret/openstack-credentials clouds.yaml="$(<~/clouds.yaml)" clouds.conf="$(<~/clouds.conf)" oc delete pod --namespace openshift-cluster-csi-drivers -l app=openstack-cinder-csi-driver-controller oc delete pod --namespace openshift-cluster-csi-drivers -l app=openstack-cinder-csi-driver-node oc delete pod --namespace openshift-cluster-csi-drivers -l name=openstack-cinder-csi-driver-operator oc delete pod --namespace openshift-cluster-csi-drivers -l name=manila-csi-driver-operator oc delete pod --namespace openshift-cloud-controller-manager -l k8s-app=openstack-cloud-controller-manager oc delete pod --namespace openshift-cloud-controller-manager-operator -l k8s-app=cloud-manager-operator oc delete pod --namespace openshift-cloud-credential-operator -l app=cloud-credential-operator oc delete pod --namespace openshift-cloud-network-config-controller -l app=cloud-network-config-controller oc patch kubecontrollermanager cluster -p='{"spec": {"forceRedeploymentReason": "recovery-'"$( date --rfc-3339=ns )"'"}}' --type=merge oc get pods -A | grep -iE 'csi-driver|openshift-cloud|openshift-kube-controller-manager'
Version-Release number of selected component (if applicable):
4.12
How reproducible:
Update OSP credentials and proceed with the change in RHOCP. Check in Keystone at OSP side that accounts gets locked if we only restart KCM:
Error:
2023-11-13 08:32:25.868 34 WARNING keystone.common.wsgi [req-562e45ba-e75f-4921-aaf1-41a68c50a03c - - - - -] Authorization failed. The account is locked for user: 6ef09046c9994316b8e5119d720d4ae5. fromAccountLocked: The account is locked for user: 6ef09046c9994316b8e5119d720d4ae5.
Actual results:
We need to restart every component. In other cloud providers, this is enough. In OSP, additional steps are required.
Expected results:
To only need to restart KCM.
Additional info: