Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-36171

BuildController does not build multiple MachineOSBuilds that use canonicalized secrets

XMLWordPrintable

    • No
    • MCO Sprint 255, MCO Sprint 256, MCO Sprint 257
    • 3
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, the build controller did not gracefully handle multiple `MachineOSBuild` objects that use the same secret. With this release, the build controller can handle these objects as expected. (link:https://issues.redhat.com/browse/OCPBUGS-36171[*OCPBUGS-36171*])
      Show
      * Previously, the build controller did not gracefully handle multiple `MachineOSBuild` objects that use the same secret. With this release, the build controller can handle these objects as expected. (link: https://issues.redhat.com/browse/OCPBUGS-36171 [* OCPBUGS-36171 *])
    • Bug Fix
    • Done

      This is a clone of issue OCPBUGS-33671. The following is the description of the original issue:

      Description of problem:

      If one attempts to create more than one MachineOSConfig at the same time that requires a canonicalized secret, only one will build. The rest will not build.

      Version-Release number of selected component (if applicable):

      4.16    

      How reproducible:

      Always

      Steps to Reproduce:

          1. Create multiple MachineConfigPools. Wait for the MachineConfigPool to get a rendered config.
          2. Create multiple MachineOSConfigs at the same time for each of the newly-created MachineConfigPools that uses a legacy Docker pull secret. A legacy Docker pull secret is one which does not have each of its secrets under a top-level auths key. One can use the builder-dockercfg secret in the MCO namespace for this purpose.
          3. Wait for the machine-os-builder pod to start.
      
          

      Actual results:

      Only one of the MachineOSBuilds begins building. The remaining MachineOSBuilds do not build nor do they get a status assigned to them. The root cause is because if they both attempt to use the same legacy Docker pull secret, one will create the canonicalized version of it. Subsequent requests that occur concurrently will fail because the canonicalized secret already exists.

      Expected results:

      Each MachineOSBuild should occur whenever it is created. It should also have some kind of status assigned to it as well.

      Additional info:

          

            zzlotnik@redhat.com Zack Zlotnik
            openshift-crt-jira-prow OpenShift Prow Bot
            Sergio Regidor de la Rosa Sergio Regidor de la Rosa
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: