-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
Quality / Stability / Reliability
-
False
-
-
False
-
-
-
Important
Description of problem:
Fileintegritynodestatus marked as failed for all the nodes after MCO update due to linkout changed for files /hostroot/etc/ipsec.d/openshift.conf and /hostroot/etc/mco/internal-registry-pull-secret.json
Version-Release number of selected component (if applicable):
4.17.0-0.nightly-2024-09-08-135628 + file-integrity-operator.v1.3.4
How reproducible:
Always
Steps to Reproduce:
1. Install file-integrity-operator.v1.3.4
2. Create fileintegrity
oc apply -f -<<EOF
apiVersion: fileintegrity.openshift.io/v1alpha1
kind: FileIntegrity
metadata:
name: example-fileintegrity
namespace: openshift-file-integrity
spec:
config: {}
debug: true
EOF
3. Create MCO
oc create -f - <<EOF
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
generation: 1
labels:
machineconfiguration.openshift.io/role: master
name: 50-testfileintegrity1
spec:
config:
ignition:
config: {}
security:
tls: {}
timeouts: {}
version: 2.2.0
networkd: {}
passwd: {}
storage:
files:
- contents:
source: data:,file-integrity-operator-was-here
verification: {}
filesystem: root
mode: 420
path: /etc/fi-test-file
systemd: {}
fips: false
kernelArguments: null
kernelType: ""
osImageURL: ""
EOF
4. Check fileintegritynodestatuses failed for all the nodes after MCP restart
$ oc get fileintegritynodestatuses.fileintegrity.openshift.io NAME NODE STATUS example-fileintegrity-bgudi-manual-dcldr-master-0 bgudi-manual-dcldr-master-0 Failed example-fileintegrity-bgudi-manual-dcldr-master-1 bgudi-manual-dcldr-master-1 Failed example-fileintegrity-bgudi-manual-dcldr-master-2 bgudi-manual-dcldr-master-2 Failed example-fileintegrity-bgudi-manual-dcldr-worker-westus-jgmwl bgudi-manual-dcldr-worker-westus-jgmwl Failed example-fileintegrity-bgudi-manual-dcldr-worker-westus-shcnf bgudi-manual-dcldr-worker-westus-shcnf Failed example-fileintegrity-bgudi-manual-dcldr-worker-westus-tmrpv bgudi-manual-dcldr-worker-westus-tmrpv Failed
Actual results:
fileintegritynodestatuses failed for all the nodes
Expected results:
fileintegritynodestatuses should succeed for all the nodes
Additional info:
$ oc extract cm/aide-example-fileintegrity-bgudi-manual-dcldr-master-2-failed --to=- # integritylog Start timestamp: 2024-09-10 13:59:39 +0000 (AIDE 0.16) AIDE found differences between database and filesystem!! Summary: Total number of entries: 36051 Added entries: 0 Removed entries: 0 Changed entries: 2 --------------------------------------------------- Changed entries: --------------------------------------------------- f ... .C... : /hostroot/etc/ipsec.d/openshift.conf f ... .C... : /hostroot/etc/mco/internal-registry-pull-secret.json --------------------------------------------------- Detailed information about changes: --------------------------------------------------- File: /hostroot/etc/ipsec.d/openshift.conf SHA512 : ZzXwXy1EOR/TmnMaSupn1HIz33zsMaT0 | fRpG2ovHjeQgl3lgUrS7xREeaP5BXu9a PFjk5hBhWdn839gn1exWZFr7wRbwpfns | YVzFQvNYoeYyPEd6K2QiHBaISbuWkmC/ mS83yYNII5ywTOj49zFnqA== | R0nELMsD+7szsQ1Z7o6ARg== File: /hostroot/etc/mco/internal-registry-pull-secret.json SHA512 : fIsFjcSRluVefQIFzNquV4euKgQI/iUp | XHQLgDGNhRJnH7QPnmTvRWdFWgrSXdzj pZbKDrer6L32qS96GqYs20EoYcy+g6nR | A9vIsNWoN1+GQ7OnTRHZQEt+W/tF/Ok3 D8tsKz/dPTuVUXGaI2UqUQ== | tTn0D8oJgUsB7VfCbel50g== --------------------------------------------------- The attributes of the (uncompressed) database(s): --------------------------------------------------- /hostroot/etc/kubernetes/aide.db.gz MD5 : PEYTt5OXOsY6Hz64SoP/hw== SHA1 : m4JrCvLHUopx0BTmSVC3MO7rwP4= RMD160 : 3q+D8MsmGkU9QRuyF3fdMITnwI0= TIGER : R+8efePWrxAP6IXKRjpv32Ezhe9iejQn SHA256 : C4pP5RkwhYo1IFOHAYgpvVZnkaaXWKXQ 0IF6Iy3yl+k= SHA512 : 2y9404blGV+S9jWYYo8pnMIxnbP4RE3+ Syuc6BPR8khWyrEherstqwZYIsvUG5mr hZBm9gJMjI8HPPAm6nYfug== End timestamp: 2024-09-10 14:00:24 +0000 (run time: 0m 45s)
