Details
-
Bug
-
Resolution: Not a Bug
-
Normal
-
None
-
4.12
-
Important
-
No
-
False
-
Description
Description of problem:
Installation of OpenShift SNO (different version from 4.12 and newer fail on my recently installed Fedora 39 host. The following cluster operators are degraded: authentication, console ingress
Version-Release number of selected component (if applicable):
How reproducible:
always
Steps to Reproduce:
1.Create cluster at https://console.redhat.com/openshift/assisted-installer/clusters/~new 2. download "full ISO image (with LVM)" 3. start installation
Actual results:
$ oc get co | awk 'NF > 6 {print $0}' NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE authentication 4.15.3 False False True 7m27s OAuthServerRouteEndpointAccessibleControllerAvailable: Get "https://oauth-openshift.apps.ocpa.ocp.internal/healthz": context deadline exceeded (Client.Timeout exceeded while awaiting headers) console 4.15.3 False True True 97m RouteHealthAvailable: failed to GET route (https://console-openshift-console.apps.ocpa.ocp.internal): Get "https://console-openshift-console.apps.ocpa.ocp.internal": context deadline exceeded (Client.Timeout exceeded while awaiting headers) ingress 4.15.3 True False True 3h48m The "default" ingress controller reports Degraded=True: DegradedConditions: One or more other status conditions indicate a degraded state: CanaryChecksSucceeding=False (CanaryChecksRepetitiveFailures: Canary route checks for the default ingress controller are failing)
Expected results:
working cluster
Additional info:
https://access.redhat.com/solutions/5891131 did not resolve the issue The following is the output of the commands in https://access.redhat.com/solutions/5891131 $ SVC_IP=$(oc get svc -n openshift-ingress-canary -ojsonpath={..clusterIP}) $ for i in `oc get po -n openshift-ingress-operator | grep -v NAME| awk '{print $1}' ` ; do oc exec -n openshift-ingress-operator -c ingress-operator $i – curl http://${SVC_IP}:8080 -s -D - ; done HTTP/1.1 200 OK X-Request-Port: 8080 Date: Thu, 28 Mar 2024 20:25:43 GMT Content-Length: 22 Content-Type: text/plain; charset=utf-8 Healthcheck requested $ ROUTE=$(oc get route -n openshift-ingress-canary -ojsonpath={..host}) $ for i in `oc get po -n openshift-ingress-operator | grep -v NAME| awk '{print $1}' ` ; do oc exec -n openshift-ingress-operator -c ingress-operator $i – curl http://${ROUTE} -sS -k -D - ; done HTTP/1.1 302 Found content-length: 0 location: https://canary-openshift-ingress-canary.apps.ocpa.ocp.internal/ cache-control: no-cache $ ROUTE=$(oc get route -n openshift-ingress-canary -ojsonpath={..host}) $ for i in `oc get po -n openshift-ingress-operator | grep -v NAME| awk '{print $1}' ` ; do oc exec -n openshift-ingress-operator -c ingress-operator $i – dig ${ROUTE} +nocmd +noall +answer ; done canary-openshift-ingress-canary.apps.ocpa.ocp.internal. 5 IN A 192.168.122.150 $ oc get pods -o wide -n openshift-ingress NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES router-default-5b4bf785f9-ln9gr 1/1 Running 0 25m 192.168.122.150 ocpa <none> <none> $ curl -kv --resolve ${ROUTE}:80:192.168.122.150 http://$ {ROUTE} * processing: http://canary-openshift-ingress-canary.apps.ocpa.ocp.internal * Added canary-openshift-ingress-canary.apps.ocpa.ocp.internal:80:192.168.122.150 to DNS cache * Hostname canary-openshift-ingress-canary.apps.ocpa.ocp.internal was found in DNS cache * Trying 192.168.122.150:80... * Connected to canary-openshift-ingress-canary.apps.ocpa.ocp.internal (192.168.122.150) port 80 > GET / HTTP/1.1 > Host: canary-openshift-ingress-canary.apps.ocpa.ocp.internal > User-Agent: curl/8.2.1 > Accept: / > < HTTP/1.1 302 Found < content-length: 0 < location: https://canary-openshift-ingress-canary.apps.ocpa.ocp.internal/ < cache-control: no-cache < * Connection #0 to host canary-openshift-ingress-canary.apps.ocpa.ocp.internal left intact $ curl -kv --resolve ${ROUTE}:443:192.168.122.150 https://${ROUTE} processing: https://canary-openshift-ingress-canary.apps.ocpa.ocp.internal Added canary-openshift-ingress-canary.apps.ocpa.ocp.internal:443:192.168.122.150 to DNS cache Hostname canary-openshift-ingress-canary.apps.ocpa.ocp.internal was found in DNS cache Trying 192.168.122.150:443... Connected to canary-openshift-ingress-canary.apps.ocpa.ocp.internal (192.168.122.150) port 443 ALPN: offers h2,http/1.1 TLSv1.3 (OUT), TLS handshake, Client hello (1): TLSv1.3 (IN), TLS handshake, Server hello (2): TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): TLSv1.3 (IN), TLS handshake, Certificate (11): TLSv1.3 (IN), TLS handshake, CERT verify (15): TLSv1.3 (IN), TLS handshake, Finished (20): TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): TLSv1.3 (OUT), TLS handshake, Finished (20): SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 ALPN: server did not agree on a protocol. Uses default. Server certificate: subject: CN=*.apps.ocpa.ocp.internal start date: Mar 28 16:27:46 2024 GMT expire date: Mar 28 16:27:47 2026 GMT issuer: CN=ingress-operator@1711643266 SSL certificate verify result: self-signed certificate in certificate chain (19), continuing anyway. using HTTP/1.x > GET / HTTP/1.1 > Host: canary-openshift-ingress-canary.apps.ocpa.ocp.internal > User-Agent: curl/8.2.1 > Accept: / > TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): old SSL session ID is stale, removing < HTTP/1.1 200 OK < x-request-port: 8080 < date: Thu, 28 Mar 2024 19:53:17 GMT < content-length: 22 < content-type: text/plain; charset=utf-8 < set-cookie: c6e529a6ab19a530fd4f1cceb91c08a9=b0cb1ae85d5d1fab68608cecda8bc167; path=/; HttpOnly; Secure; SameSite=None < Healthcheck requested Connection #0 to host canary-openshift-ingress-canary.apps.ocpa.ocp.internal left intact