Initial implementation for CannotRetrieveUpdatesSRE

Author: anispate

pkg/investigations/cannotretrieveupdatessre/README.md

@@ -0,0 +1,13 @@
+# cannotretrieveupdatessre Investigation
+
+Investigates the CannotRetrieveUpdatesSRE alert by running network verifier and updating the notes with investigation details to the PagerDuty alert about the cluster version status.
+
+## Investigation Logic
+
+The `CannotRetrieveUpdatesSRE` investigation is designed to diagnose issues where an OpenShift cluster cannot retrieve updates from its configured channel. It performs two main checks:
+1. **Network Verification**: Uses the `networkverifier` package to ensure the cluster can reach required update endpoints.
+2. **ClusterVersion Check**: Examines the `ClusterVersion` resource for conditions indicating update retrieval failures, such as `VersionNotFound`.
+
+## Testing
+
+Refer to the [testing README](./testing/README.md) for instructions on testing this investigation

pkg/investigations/cannotretrieveupdatessre/cannotretrieveupdatessre.go

@@ -0,0 +1,136 @@
+package cannotretrieveupdatessre
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strings"
+
+	configv1 "github.com/openshift/api/config/v1"
+	"github.com/openshift/configuration-anomaly-detection/pkg/investigations/investigation"
+	k8sclient "github.com/openshift/configuration-anomaly-detection/pkg/k8s"
+	"github.com/openshift/configuration-anomaly-detection/pkg/logging"
+	"github.com/openshift/configuration-anomaly-detection/pkg/networkverifier"
+	"github.com/openshift/configuration-anomaly-detection/pkg/notewriter"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+const (
+	alertname       = "CannotRetrieveUpdatesSRE"
+	remediationName = "CannotRetrieveUpdatesSRE"
+)
+
+type Investigation struct{}
+
+// Run executes the investigation for the CannotRetrieveUpdatesSRE alert
+func (c *Investigation) Run(r *investigation.Resources) (investigation.InvestigationResult, error) {
+	result := investigation.InvestigationResult{}
+	notes := notewriter.New("CannotRetrieveUpdatesSRE", logging.RawLogger)
+	k8scli, err := k8sclient.New(r.Cluster.ID(), r.OcmClient, remediationName)
+	if err != nil {
+		return result, fmt.Errorf("unable to initialize k8s cli: %w", err)
+	}
+	defer func() {
+		logging.Infof("Cleaning up investigation resources for cluster %s", r.Cluster.ID())
+		deferErr := k8sclient.Cleanup(r.Cluster.ID(), r.OcmClient, remediationName)
+		if deferErr != nil {
+			logging.Error(deferErr)
+			err = errors.Join(err, deferErr)
+		} else {
+			logging.Infof("Cleanup completed successfully for cluster %s", r.Cluster.ID())
+		}
+	}()
+
+	// Run network verifier
+	verifierResult, failureReason, err := networkverifier.Run(r.Cluster, r.ClusterDeployment, r.AwsClient)
+	if err != nil {
+		notes.AppendWarning("NetworkVerifier failed to run:\n\t %s", err.Error())
+	} else {
+		switch verifierResult {
+		case networkverifier.Failure:
+			result.ServiceLogPrepared = investigation.InvestigationStep{Performed: true, Labels: nil}
+			notes.AppendWarning("NetworkVerifier found unreachable targets. \n \n Verify and send service log if necessary: \n osdctl servicelog post %s -t https://raw.githubusercontent.com/openshift/managed-notifications/master/osd/required_network_egresses_are_blocked.json -p URLS=%s", r.Cluster.ID(), failureReason)
+		case networkverifier.Success:
+			notes.AppendSuccess("Network verifier passed")
+		}
+	}
+
+	// Check ClusterVersion
+	clusterVersion, note, err := checkClusterVersion(k8scli, r.Cluster.ID())
+	if err != nil {
+		notes.AppendWarning("Failure checking ClusterVersion: %s", err.Error())
+		if note != "" {
+			notes.AppendWarning(note)
+		}
+	} else {
+		if note != "" {
+			notes.AppendWarning(note)
+		}
+		if clusterVersion != "" {
+			notes.AppendSuccess("ClusterVersion found: %s", clusterVersion)
+		}
+	}
+
+	notes.AppendWarning("Alert escalated to on-call primary for review.")
+	logging.Infof("Escalating incident with notes for cluster %s", r.Cluster.ID())
+	err = r.PdClient.EscalateIncidentWithNote(notes.String())
+	if err != nil {
+		logging.Errorf("Failed to escalate incident to PagerDuty: %v", err)
+		return result, fmt.Errorf("failed to escalate incident: %w", err)
+	}
+	logging.Infof("Investigation completed and escalated successfully for cluster %s", r.Cluster.ID())
+
+	return result, nil
+}
+
+// checkClusterVersion retrieves the cluster version
+func checkClusterVersion(k8scli client.Client, clusterID string) (version string, note string, err error) {
+	logging.Infof("Checking ClusterVersion for cluster %s", clusterID)
+	clusterVersion := &configv1.ClusterVersion{}
+	err = k8scli.Get(context.TODO(), client.ObjectKey{Name: "version"}, clusterVersion)
+	if err != nil {
+		return "", "Failed to get ClusterVersion: cluster access issues detected", fmt.Errorf("failed to get ClusterVersion: %w", err)
+	}
+	logging.Infof("ClusterVersion channel: %s", clusterVersion.Spec.Channel)
+	logging.Infof("ClusterVersion found: %s", clusterVersion.Status.Desired.Version)
+
+	for _, condition := range clusterVersion.Status.Conditions {
+		if condition.Type == "RetrievedUpdates" {
+			note, err = checkRetrievedUpdatesCondition(condition, clusterVersion.Status.Desired.Version, clusterVersion.Spec.Channel)
+			if err != nil {
+				return "", note, err
+			}
+			return clusterVersion.Status.Desired.Version, note, nil
+		}
+	}
+	return clusterVersion.Status.Desired.Version, "", nil
+}
+
+func checkRetrievedUpdatesCondition(condition configv1.ClusterOperatorStatusCondition, currentVersion, channel string) (string, error) {
+	if condition.Status == configv1.ConditionFalse {
+		if (condition.Reason == "VersionNotFound" || condition.Reason == "RemoteFailed") &&
+			strings.Contains(strings.TrimSpace(condition.Message), "Unable to retrieve available updates") {
+			logging.Warnf("Detected ClusterVersion issue: Reason=%s, Message=%s", condition.Reason, condition.Message)
+			note := fmt.Sprintf("ClusterVersion issue detected: %s. Current version %s not found in channel %s",
+				condition.Message, currentVersion, channel)
+			return note, fmt.Errorf("clusterversion has undesirable state: %s", condition.Reason)
+		}
+	}
+	return "", nil
+}
+
+func (i *Investigation) Name() string {
+	return alertname
+}
+
+func (i *Investigation) Description() string {
+	return fmt.Sprintf("Investigates '%s' alerts by running network verifier and checking ClusterVersion", alertname)
+}
+
+func (i *Investigation) ShouldInvestigateAlert(alert string) bool {
+	return strings.Contains(alert, alertname)
+}
+
+func (i *Investigation) IsExperimental() bool {
+	return true
+}

pkg/investigations/cannotretrieveupdatessre/cannotretrieveupdatessre_test.go

@@ -0,0 +1,139 @@
+package cannotretrieveupdatessre
+
+import (
+	"strings"
+	"testing"
+
+	configv1 "github.com/openshift/api/config/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes/scheme"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+)
+
+func newFakeClient(objs ...client.Object) (client.Client, error) {
+	s := scheme.Scheme
+	err := configv1.AddToScheme(s)
+	if err != nil {
+		return nil, err
+	}
+
+	client := fake.NewClientBuilder().WithScheme(s).WithObjects(objs...).Build()
+	return client, nil
+}
+
+func TestCheckClusterVersion(t *testing.T) {
+	tests := []struct {
+		name            string
+		clusterVersion  *configv1.ClusterVersion
+		expectedVersion string
+		expectError     bool
+		expectedNote    string
+	}{
+		{
+			name: "RemoteFailed condition",
+			clusterVersion: &configv1.ClusterVersion{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "version",
+				},
+				Spec: configv1.ClusterVersionSpec{
+					Channel:   "stable-4.18-test",
+					ClusterID: "d1ba89f3-fd3e-48d2-91c6-test",
+				},
+				Status: configv1.ClusterVersionStatus{
+					Desired: configv1.Release{Version: "4.18.10"},
+					Conditions: []configv1.ClusterOperatorStatusCondition{
+						{
+							Type:    "RetrievedUpdates",
+							Status:  "False",
+							Reason:  "RemoteFailed",
+							Message: "Unable to retrieve available updates",
+						},
+					},
+				},
+			},
+			expectedVersion: "",
+			expectError:     true,
+			expectedNote:    "ClusterVersion issue detected: Unable to retrieve available updates",
+		},
+		{
+			name: "VersionNotFound condition",
+			clusterVersion: &configv1.ClusterVersion{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "version",
+				},
+				Spec: configv1.ClusterVersionSpec{
+					Channel:   "stable-4.18-test",
+					ClusterID: "d1ba89f3-fd3e-48d2-91c6-test",
+				},
+				Status: configv1.ClusterVersionStatus{
+					Desired: configv1.Release{Version: "4.18.10"},
+					Conditions: []configv1.ClusterOperatorStatusCondition{
+						{
+							Type:    "RetrievedUpdates",
+							Status:  "False",
+							Reason:  "VersionNotFound",
+							Message: "Unable to retrieve available updates: version 4.18.10 not found in channel stable-4.18-test",
+						},
+					},
+				},
+			},
+			expectedVersion: "",
+			expectError:     true,
+			expectedNote:    "ClusterVersion issue detected: Unable to retrieve available updates: version 4.18.10 not found in channel stable-4.18-test.",
+		},
+		{
+			name: "Happy path",
+			clusterVersion: &configv1.ClusterVersion{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "version",
+				},
+				Spec: configv1.ClusterVersionSpec{
+					Channel:   "stable-4.18",
+					ClusterID: "d1ba89f3-fd3e-48d2-91c6-test",
+				},
+				Status: configv1.ClusterVersionStatus{
+					Desired: configv1.Release{Version: "4.18.10"},
+					Conditions: []configv1.ClusterOperatorStatusCondition{
+						{
+							Type:    "RetrievedUpdates",
+							Status:  "True",
+							Reason:  "UpdatesRetrieved",
+							Message: "Available updates retrieved successfully",
+						},
+					},
+				},
+			},
+			expectedVersion: "4.18.10",
+			expectError:     false,
+			expectedNote:    "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			k8scli, err := newFakeClient(tt.clusterVersion)
+			if err != nil {
+				t.Fatalf("failed to create a fake client: %v", err)
+			}
+			version, note, err := checkClusterVersion(k8scli, "test-cluster")
+
+			// Check version
+			if version != tt.expectedVersion {
+				t.Errorf("Expected version %q, got %q", tt.expectedVersion, version)
+			}
+
+			// Check note
+			if !strings.HasPrefix(note, tt.expectedNote) {
+				t.Errorf("Expected note to start with %q, got %q", tt.expectedNote, note)
+			}
+
+			// Check error
+			if tt.expectError && err == nil {
+				t.Errorf("Expected an error, got none")
+			} else if !tt.expectError && err != nil {
+				t.Errorf("Expected no error, got %v", err)
+			}
+		})
+	}
+}

pkg/investigations/CannotRetrieveUpdatesSRE/metadata.yaml renamed to pkg/investigations/cannotretrieveupdatessre/metadata.yaml

@@ -0,0 +1,5 @@
+# Testing CannotRetrieveUpdatesSRE Investigation
+
+TODO:
+- Add a test script or test objects to this  directory for future maintainers to use
+- Edit this README file and add detailed instructions on how to use the script/objects to recreate the conditions for the investigation. Be sure to include any assumptions or prerequisites about the environment (disable hive syncsetting, etc)

pkg/investigations/cannotretrieveupdatessre/testing/README.md

@@ -2,6 +2,7 @@ package investigations
 
 import (
 	"github.com/openshift/configuration-anomaly-detection/pkg/investigations/apierrorbudgetburn"
+	"github.com/openshift/configuration-anomaly-detection/pkg/investigations/cannotretrieveupdatessre"
 	"github.com/openshift/configuration-anomaly-detection/pkg/investigations/ccam"
 	"github.com/openshift/configuration-anomaly-detection/pkg/investigations/chgm"
 	"github.com/openshift/configuration-anomaly-detection/pkg/investigations/clustermonitoringerrorbudgetburn"
@@ -22,6 +23,7 @@ var availableInvestigations = []investigation.Investigation{
 	&insightsoperatordown.Investigation{},
 	&upgradeconfigsyncfailureover4hr.Investigation{},
 	&machinehealthcheckunterminatedshortcircuitsre.Investigation{},
+	&cannotretrieveupdatessre.Investigation{},
 }
 
 // GetInvestigation returns the first Investigation that applies to the given alert title.

pkg/investigations/registry.go

@@ -10,6 +10,7 @@ declare -A alert_mapping=(
     ["InsightsOperatorDown"]="InsightsOperatorDown"
     ["MachineHealthCheckUnterminatedShortCircuitSRE"]="MachineHealthCheckUnterminatedShortCircuitSRE CRITICAL (1)"
     ["ApiErrorBudgetBurn"]="api-ErrorBudgetBurn k8sgpt test CRITICAL (1)"
+    ["CannotRetrieveUpdatesSRE"]="CannotRetrieveUpdatesSRE"
 )
 
 # Function to print help message