Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-38078

Abnormal values for 'router.openshift.io/haproxy.health.check.interval' annotation breaks the router-default pods

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • 3
    • Moderate
    • None
    • None
    • Rejected
    • NE Sprint 257, NE Sprint 258, NE Sprint 259, NE Sprint 260, NE Sprint 261, NE Sprint 262, NE Sprint 263, NE Sprint 264, NE Sprint 265
    • 9
    • Done
    • Bug Fix
    • Hide
      * Previously, the HAProxy router lacked out-of-bounds validation for the `router.openshift.io/haproxy.health.check.interval` annotation. If you set a value that exceeded the maximum value that the HAProxy router could handle, the `router-default` pod could not reach the `Ready` state. With this release, the router now validates the value for the annotation and excludes values that are out of bounds. The router now functions as expected. (link:https://issues.redhat.com/browse/OCPBUGS-38078[OCPBUGS-38078])
      Show
      * Previously, the HAProxy router lacked out-of-bounds validation for the `router.openshift.io/haproxy.health.check.interval` annotation. If you set a value that exceeded the maximum value that the HAProxy router could handle, the `router-default` pod could not reach the `Ready` state. With this release, the router now validates the value for the annotation and excludes values that are out of bounds. The router now functions as expected. (link: https://issues.redhat.com/browse/OCPBUGS-38078 [ OCPBUGS-38078 ])
    • None
    • None
    • None
    • None

      Description of problem:

      There is no clipValue function for the annotation router.openshift.io/haproxy.health.check.interval. Once any value with abnormal values, the router-default starts to report the following messages:
      
      [ALERT]    (50) : config : [/var/lib/haproxy/conf/haproxy.config:13791] : 'server be_secure:xxx:httpd-gateway-route/pod:xxx:xxx-gateway-service:pass-through-https:10.129.xx.xx:8243' : timer overflow in argument <50000d> to <inter> of server pod:xxx:xxx:pass-through-https:10.129.xx.xx:8243, maximum value is 2147483647 ms (~24.8 days)..
      
      In the above case, the value 50000d was passed to the route annotation router.openshift.io/haproxy.health.check.interval accidentally
      
      

      Version-Release number of selected component (if applicable):

          

      How reproducible:

      Easily

      Steps to Reproduce:

      1. Run the following script and this will break the cluster
      
      oc get routes -A | awk '{print $1 " " $2}' | tail -n+2 | while read line; do    
       read -r namespace routename <<<$(echo $line)   echo -n "NS: $namespace | "   echo "ROUTENAME: $routename"   
       CMD="oc annotate route -n $namespace $routename --overwrite router.openshift.io/haproxy.health.check.interval=50000d"   
       echo "Annotating route with:"   
       echo $CMD ; eval "$CMD"  
       echo "---" 
      done     

      Actual results:

          The alert messages are reported and the router-default pod never reaches the ready state.

      Expected results:

          Clip the value in order to prevent the issue

      Additional info:

          

              rh-ee-gpiotrow Grzegorz Piotrowski
              rhn-support-bgomes Bruno Gomes
              None
              None
              Ishmam Amin Ishmam Amin
              None
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: