Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-36643

WMCO not falling back to using the VM hostname to determine if a CSR should be approved

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • 4.17.0
    • 4.17.0
    • Windows Containers
    • None
    • No
    • 3
    • WINC - Sprint 256, WINC - Sprint 257
    • 2
    • False
    • Hide

      None

      Show
      None
    • Hide
      Previously, if reverse DNS lookup failed due to an error, such as the reverse DNS lookup services being unavailable, the WMCO would not fall back to using the VM hostname to determine if a certificate signing requests (CSR) should be approved. As a consequence, Bring-Your-Own-Host (BYOH) Windows nodes configured with an IP address would not become available. With this fix, BYOH nodes are properly added if reverse DNS is not available. (link:https://issues.redhat.com/browse/OCPBUGS-36643[*OCPBUGS-36643])
      Show
      Previously, if reverse DNS lookup failed due to an error, such as the reverse DNS lookup services being unavailable, the WMCO would not fall back to using the VM hostname to determine if a certificate signing requests (CSR) should be approved. As a consequence, Bring-Your-Own-Host (BYOH) Windows nodes configured with an IP address would not become available. With this fix, BYOH nodes are properly added if reverse DNS is not available. (link: https://issues.redhat.com/browse/OCPBUGS-36643 [* OCPBUGS-36643 ])
    • Bug Fix
    • In Progress

      Description of problem:

      If reverse lookup fails due to an error, such as reverse lookup services being down, WMCO does not fall back to using the VM hostname to determine if a CSR should be approved.  

      Version-Release number of selected component (if applicable):

      How reproducible:

          Always

      Steps to Reproduce:

          1. Deploy WMCO in an environment without DNS reverse lookup
    2. Add a BYOH instance using an IP address in the windows-instances configmap

      Actual results:

          Node CSR is not approved, WMCO logs contain:

2024-07-03T20:46:59Z	ERROR	Reconciler error	{"controller": "certificatesigningrequest", "controllerGroup": "certificates.k8s.io", "controllerKind": "CertificateSigningRequest", "CertificateSigningRequest": {"name":"csr-bttwq"}, "namespace": "", "name": "csr-bttwq", "reconcileID": "35e34aa1-6946-4cfb-a8f0-84ee34eb31a1", "error": "WMCO CSR Approver could not approve CSR csr-bttwq: error determining if CSR csr-bttwq should be approved: error validating node name winhost-a6okf for CSR: csr-bttwq: unable to map node name to the addresses of Windows instances: failed to lookup DNS for IP 10.95.108.42: lookup 42.108.95.10.in-addr.arpa. on 172.30.0.10:53: no such host"}

      Expected results:

          Node CSR is approved, Windows node is schedulable

      Additional info:

      QE can test this with regression testing only.

              rh-ee-ssoto Sebastian Soto
              rh-ee-ssoto Sebastian Soto
              Aharon Rasouli Aharon Rasouli
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: