Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-36503

[CNF-ZTP]: GitOps apps policies reporting Unknown state when using ACM CRs

XMLWordPrintable

    • Important
    • Yes
    • CNF RAN Sprint 258, CNF RAN Sprint 259
    • 2
    • False
    • Hide

      None

      Show
      None
    • This OCPBUG add clarifications on how to customize the ArgoCD patch used by ZTP with various release of Openshift and ACM.
    • Enhancement
    • In Progress

      Description of problem:

      GitOps apps policies reporting "Unknown" state when using ACM CRs to template a policy and observed comparison error.
      
      The problem was that a rhel9 ACM PG executable/image was being copied while the gitops image is based on rhel8.

      Version-Release number of selected component (if applicable):

      Hub Cluster:-
      OCP: 4.16.0-0.nightly-2024-04-16-195622
      ACM: 2.10.2
      GitOps: 1.12.0
      TALM: 4.14.5-11
      
      Spoke Cluster:-
      OCP: 4.14.22
      ZTP container image: 4.14.5-9

      How reproducible:

          Always

      Steps to Reproduce:

          1. Deploy 4.14 OCP SNO cluster with DU profile operator images from stage index
          2. Use ACM PolicyGenerator resources for site specific configurations, example in
      http://registry.kni-qe-0.lab.eng.rdu2.redhat.com:3000/kni-qe/ztp-site-configs/src/workers-4.14/policygentemplates/ztp-test/acm-crs
          3. ACM PGT referenced in GitOps apps policies using custom source path
          4. Observed GitOps apps policies reporting "Unknown" state (not in Synced)  with comparison error.     

      Actual results:

              Failed to load target state: failed to generate manifest for source 1 of 1: rpc error: code = Unknown desc = Manifest generation error (cached): `kustomize build <path to cached source>/policygentemplates/ztp-test/acm-crs --enable-alpha-plugins` failed exit status 1: /.config/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator/PolicyGenerator: /lib64/libc.so.6: version `GLIBC_2.32' not found (required by /.config/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator/PolicyGenerator) /.config/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator/PolicyGenerator: /lib64/libc.so.6: version `GLIBC_2.34' not found (required by /.config/kustomize/plugin/policy.open-cluster-management.io/v1/policygenerator/PolicyGenerator) Error: failure in plugin configured via /tmp/kust-plugin-config-339301390; exit status 1: exit status 1
      

      Expected results:

              GitOps apps policies shoud be in "Synced" state after referencing ACM CRs to template a policy.

      Additional info:

      Below test case failed due to above stated issue. 
      OCP-54236
      https://gitlab.cee.redhat.com/cnf/cnf-gotests/-/blob/master/test/ran/ztp/tests/ztp_argocd_acm_crs.go?ref_type=heads#L151-260
      
      
      Root of the problem:-
      Fix needs to be back ported to latest 4.14.z ZTP container image.
      ACM Policy Generator container image referenced in a file "ztp/gitops-subscriptions/argocd/deployment/argocd-openshift-gitops-patch.json" (line 53)  is rhel9 ACM PolicyGenerator image was being copied while the gitops image (1.12.0) is based on rhel8.
      
      Work around:-
      used line 48 from https://github.com/openshift-kni/cnf-features-deploy/pull/1805/files#diff-8ce728c9d79f1cb76a0e77264b6de0f6eda0d76bb35ae5816ea0a3a112a702f3 
      to copy the universal ACM PG executable/image instead of the rhel9 one.
      
      Quick Manual Test Logs after applying a work around: (Test case : PASS)
      https://docs.google.com/document/d/131FWudOhiMF3Krg2T6fw2Vyal2gfW5EWV99oBGPVSds/edit?usp=sharing
      
      Original argocd-openshift-gitops-patch-org.json file (comes from 4.14.z ztp container):-
      
      {
        "spec": {
          "controller": {
            "resources": {
              "limits": {
                "cpu": "16",
                "memory": "32Gi"
              },
              "requests": {
                "cpu": "1",
                "memory": "2Gi"
              }
            }
          },
          "kustomizeBuildOptions": "--enable-alpha-plugins",
          "repo": {
            "volumes": [
              {
                "name": "kustomize",
                "emptyDir": {}
              }
            ],
            "initContainers": [
              {
                "resources": {
                },
                "terminationMessagePath": "/dev/termination-log",
                "name": "kustomize-plugin",
                "command": [
                  "/exportkustomize.sh"
                ],
                "args": [
                  "/.config"
                ],
                "imagePullPolicy": "Always",
                "volumeMounts": [
                  {
                    "name": "kustomize",
                    "mountPath": "/.config"
                  }
                ],
                "terminationMessagePolicy": "File",
                "image": "registry.kni-qe-16.lab.eng.rdu2.redhat.com:5000/ztp/ztp-site-generator:v4.14.5-9"
              },
              {
                "args": [
                  "-c",
                  "mkdir -p /.config/kustomize/plugin/ && cp -r /etc/kustomize/plugin/policy.open-cluster-management.io /.config/kustomize/plugin/"
                ],
                "command": [
                  "/bin/bash"
                ],
                "image": "registry.redhat.io/rhacm2/multicluster-operators-subscription-rhel9@sha256:e8d3308a746813a4397e29b51f0715d40629a4a8362c5d19a6948de688285dbf",
                "name": "policy-generator-install",
                "imagePullPolicy": "Always",
                "volumeMounts": [
                  {
                    "mountPath": "/.config",
                    "name": "kustomize"
                  }
                ]
              }
            ],
            "volumeMounts": [
              {
                "name": "kustomize",
                "mountPath": "/.config"
              }
            ],
            "env": [
              {
                "name": "ARGOCD_EXEC_TIMEOUT",
                "value": "360s"
              },
              {
                "name": "KUSTOMIZE_PLUGIN_HOME",
                "value": "/.config/kustomize/plugin"
              }
            ],
            "resources": {
              "limits": {
                "cpu": "8",
                "memory": "16Gi"
              },
              "requests": {
                "cpu": "1",
                "memory": "2Gi"
              }
            }
          }
        }
      }
      
      
      

              deliedit@redhat.com David Elie-Dit-Cosaque
              rh-ee-pmohanra Periyamaruthu Mohanraj
              Periyamaruthu Mohanraj Periyamaruthu Mohanraj
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: