OPNET-296: blocked-edges/4.11.*: Declare KeepaliveDSkew

[wking]

Discussion in OPNET-296 has some details, but trying to unpack "all on-prem IPI except baremetal IPI" into specifics, this template is in an on-prem directory configuring keepalived, and it switches on onPremPlatformAPIServerInternalIP for enabled vs. disabled. onPremPlatformAPIServerInternalIP is true (enabling the keepalived configuration) for:

• BareMetal (4.10 and 4.11)
• oVirt (4.10 and 4.11)
• OpenStack (4.10 and 4.11)
• VSphere (4.10 and 4.11),
• KubeVirt (4.10, dropped in 4.11 Enable 4.9.55 in candidate channel #3084)
• Nutanix (new in 4.11 internal-channels/stable: Promote 4.8.55 #2942).

Before 4.11, ENABLE_UNICAST was conditional on onPremPlatformKeepalivedEnableUnicast, but since 4.11, it has always been yes. The platforms that were unicast on 4.10's onPremPlatformKeepalivedEnableUnicast were BareMetal and KubeVirt.

Putting this all together, AWS and other platforms that don't match the onPremPlatformAPIServerInternalIP logic aren't impacted, because they don't enable the keepalived configuration. BareMetal is not impacted by 4.10-to-4.11 updates, because any to-unicast transition issues will already have been resolved by 4.10. Remaining onPremPlatformAPIServerInternalIP platforms which occur in both 4.10 and 4.11 are interested, and I match them here.

Generated by writing the 4.11.0 declaration by hand, and then copying out to other 4.11 releases with:

$ curl -s 'https://api.openshift.com/api/upgrades_info/graph?channel=candidate-4.11' | jq -r '.nodes[].version' | grep '^4[.]11[.]' | grep -v '^4[.]11[.]0$' | while read V; do sed "s/4[.]11[.]0/${V}/g" blocked-edges/4.11.0-KeepalivedMulticastSkew.yaml > "blocked-edges/${V}-KeepalivedMulticastSkew.yaml"; done
$ git add blocked-edges/4.11.*KeepalivedMulticastSkew.yaml

[openshift-ci-robot]

@wking: This pull request references OPNET-296 which is a valid jira issue.

Details

In response to this:

Discussion in OPNET-296 has some details, but trying to unpack "all on-prem IPI except baremetal IPI" into specifics, this template is in an on-prem directory configuring keepalived, and it switches on onPremPlatformAPIServerInternalIP for enabled vs. disabled. onPremPlatformAPIServerInternalIP is true (enabling the keepalived configuration) for:

• BareMetal (4.10 and 4.11)
• oVirt (4.10 and 4.11)
• OpenStack (4.10 and 4.11)
• VSphere (4.10 and 4.11),
• KubeVirt (4.10, dropped in 4.11 Enable 4.9.55 in candidate channel #3084)
• Nutanix (new in 4.11 internal-channels/stable: Promote 4.8.55 #2942).

Before 4.11, ENABLE_UNICAST was conditional on onPremPlatformKeepalivedEnableUnicast, but since 4.11, it has always been yes. The platforms that were unicast on 4.10's onPremPlatformKeepalivedEnableUnicast were BareMetal and KubeVirt.

Putting this all together, AWS and other platforms that don't match the onPremPlatformAPIServerInternalIP logic aren't impacted, because they don't enable the keepalived configuration. BareMetal is not impacted by 4.10-to-4.11 updates, because any to-unicast transition issues will already have been resolved by 4.10. Remaining onPremPlatformAPIServerInternalIP platforms which occur in both 4.10 and 4.11 are interested, and I match them here.

Generated by writing the 4.11.0 declaration by hand, and then copying out to other 4.11 releases with:

$ curl -s 'https://api.openshift.com/api/upgrades_info/graph?channel=candidate-4.11' | jq -r '.nodes[].version' | grep '^4[.]11[.]' | grep -v '^4[.]11[.]0$' | while read V; do sed "s/4[.]11[.]0/${V}/g" blocked-edges/4.11.0-KeepalivedMulticastSkew.yaml > "blocked-edges/${V}-KeepalivedMulticastSkew.yaml"; done
$ git add blocked-edges/4.11.*KeepalivedMulticastSkew.yaml

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[wking]

Testing various PromQL in an launch 4.10.58 ovirt cluster-bot cluster:

Impacted infrastructure platform, has at least one machine-config-controlled compute node

Real query

max(
  cluster_infrastructure_provider{type=~"OpenStack|oVirt|VSphere"}
  or
  0 * cluster_infrastructure_provider
)
*
(
  group(topk by (node) (1, mcd_update_state{config!~"|rendered-master-.*"}))
  or
  0 * group(mcd_update_state)
)

shows the risk matching with a 1:

Other platforms

With oVirtNot, simulating an AWS or other non-impacted cluster, the query drops to zero as a non-match:

No MachineConfig compute

And with .* matching every MachineConfig to simulate a cluster with no MachineConfig-managed compute, the query drops to zero as a non-match:

[LalatenduMohanty]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: LalatenduMohanty, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [LalatenduMohanty,wking]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@wking: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.