OCPBUGS-14247: Remove setting ip forwarding via openshift profile

[trozet]

With openshift/machine-config-operator#3676 we removed globally setting ip forwarding in MCO. We should not be setting it in the default profile for OpenShift. We now set it on a per interface basis as needed. However, by setting proc/sys/net/ipv4/forward rather than (forwarding) it will reset all the values:

"This variable is special, its change resets all configuration parameters to their default state (RFC1122 for hosts, RFC1812 for routers)"

We suspect this causes upgrade to fail. NTO sets this to 1, which then resets all the per interface config that OVNK wrote. Then during upgrade when there is a tuned profile change, the config change is rolled back so forward is 0, and now there is no connectivity to kapi and upgrade fails.

[openshift-ci-robot]

@trozet: This pull request references Jira Issue OCPBUGS-14247, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.14.0) matches configured target version for branch (4.14.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @anuragthehatter

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

With openshift/machine-config-operator#3676 we removed globally setting ip forwarding in MCO. We should not be setting it in the default profile for OpenShift. We now set it on a per interface basis as needed. However, by setting proc/sys/net/ipv4/forward rather than (forwarding) it will reset all the values:

"This variable is special, its change resets all configuration parameters to their default state (RFC1122 for hosts, RFC1812 for routers)"

We suspect this causes upgrade to fail. NTO sets this to 1, which then resets all the per interface config that OVNK wrote. Then during upgrade when there is a tuned profile change, the config change is rolled back so forward is 0, and now there is no connectivity to kapi and upgrade fails.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[trozet]

/hold

[trozet]

/test

[openshift-ci]

@trozet: The /test command needs one or more targets.
The following commands are available to trigger required jobs:

• /test e2e-aws-operator
• /test e2e-aws-ovn
• /test e2e-gcp-pao
• /test e2e-gcp-pao-updating-profile
• /test e2e-hypershift
• /test e2e-no-cluster
• /test e2e-upgrade
• /test images
• /test unit
• /test verify
• /test vet

Use /test all to run all jobs.

Details

In response to this:

/test

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: trozet
Once this PR has been reviewed and has the lgtm label, please assign jmencak for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[trozet]

/hold cancel

[jmencak]

Thank you for the PR, @trozet. We'll need to change this in TuneD upstream. The settings in this repo are only used when building this project with Dockerfile, not Dockerfile.rhel8. If you do that, happy to LGTM in upstream TuneD project and then I can ask for a FDP (Fast Data Path) release of TuneD.

Since this will not help:
/hold

[trozet]

thanks @jmencak

Closing in favor of: redhat-performance/tuned#536

[openshift-ci-robot]

@trozet: This pull request references Jira Issue OCPBUGS-14247. The bug has been updated to no longer refer to the pull request using the external bug tracker. All external bug links have been closed. The bug has been moved to the NEW state.

Details

In response to this:

With openshift/machine-config-operator#3676 we removed globally setting ip forwarding in MCO. We should not be setting it in the default profile for OpenShift. We now set it on a per interface basis as needed. However, by setting proc/sys/net/ipv4/forward rather than (forwarding) it will reset all the values:

"This variable is special, its change resets all configuration parameters to their default state (RFC1122 for hosts, RFC1812 for routers)"

We suspect this causes upgrade to fail. NTO sets this to 1, which then resets all the per interface config that OVNK wrote. Then during upgrade when there is a tuned profile change, the config change is rolled back so forward is 0, and now there is no connectivity to kapi and upgrade fails.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci]

@trozet: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-gcp-pao	dee5e2a	link	true	/test e2e-gcp-pao
ci/prow/e2e-aws-ovn	dee5e2a	link	true	/test e2e-aws-ovn
ci/prow/e2e-aws-operator	dee5e2a	link	true	/test e2e-aws-operator
ci/prow/e2e-upgrade	dee5e2a	link	true	/test e2e-upgrade

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.