Initial implementation for CannotRetrieveUpdatesSRE

Author: anispate

pkg/investigations/cannotretrieveupdatessre/README.md

@@ -0,0 +1,13 @@
+# cannotretrieveupdatessre Investigation
+
+Investigates the CannotRetrieveUpdatesSRE alert by running network verifier and updating the notes with investigation details to the PagerDuty alert about the cluster version status.
+
+## Investigation Logic
+
+The `CannotRetrieveUpdatesSRE` investigation is designed to diagnose issues where an OpenShift cluster cannot retrieve updates from its configured channel. It performs two main checks:
+1. **Network Verification**: Uses the `networkverifier` package to ensure the cluster can reach required update endpoints.
+2. **ClusterVersion Check**: Examines the `ClusterVersion` resource for conditions indicating update retrieval failures, such as `VersionNotFound`.
+
+## Testing
+
+Refer to the [testing README](./testing/README.md) for instructions on testing this investigation

pkg/investigations/cannotretrieveupdatessre/__debug_bin3611188633

@@ -0,0 +1,164 @@
+package cannotretrieveupdatessre
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strings"
+
+	configv1 "github.com/openshift/api/config/v1"
+	"github.com/openshift/configuration-anomaly-detection/pkg/investigations/investigation"
+	k8sclient "github.com/openshift/configuration-anomaly-detection/pkg/k8s"
+	"github.com/openshift/configuration-anomaly-detection/pkg/logging"
+	"github.com/openshift/configuration-anomaly-detection/pkg/networkverifier"
+	"github.com/openshift/configuration-anomaly-detection/pkg/notewriter"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+const (
+	alertname       = "CannotRetrieveUpdatesSRE"
+	remediationName = "CannotRetrieveUpdatesSRE"
+)
+
+type Investigation struct{}
+
+// Run executes the investigation for the CannotRetrieveUpdatesSRE alert
+func (c *Investigation) Run(r *investigation.Resources) (investigation.InvestigationResult, error) {
+	result := investigation.InvestigationResult{}
+	notes := notewriter.New("CannotRetrieveUpdatesSRE", logging.RawLogger)
+	k8scli, err := k8sclient.New(r.Cluster.ID(), r.OcmClient, remediationName)
+	if err != nil {
+		return result, fmt.Errorf("unable to initialize k8s cli: %w", err)
+	}
+	defer func() {
+		deferErr := k8sclient.Cleanup(r.Cluster.ID(), r.OcmClient, remediationName)
+		if deferErr != nil {
+			logging.Error(deferErr)
+			err = errors.Join(err, deferErr)
+		}
+	}()
+
+	defer func(r *investigation.Resources) {
+		logging.Infof("Cleaning up investigation resources for cluster %s", r.Cluster.ID())
+		if cleanupErr := k8sclient.Cleanup(r.Cluster.ID(), r.OcmClient, remediationName); cleanupErr != nil {
+			logging.Errorf("Failed to cleanup Kubernetes client: %v", cleanupErr)
+		} else {
+			logging.Infof("Cleanup completed successfully for cluster %s", r.Cluster.ID())
+		}
+	}(r)
+
+	verifierResult, failureReason, err := networkverifier.Run(r.Cluster, r.ClusterDeployment, r.AwsClient)
+	if err != nil {
+		logging.Error("Network verifier ran into an error: %s", err.Error())
+		notes.AppendWarning("NetworkVerifier failed to run:\n\t %s", err.Error())
+
+		err = r.PdClient.AddNote(notes.String())
+		if err != nil {
+			// We do not return as we want the alert to be escalated either no matter what.
+			logging.Error("could not add failure reason incident notes")
+		}
+	}
+
+	switch verifierResult {
+	case networkverifier.Failure:
+		logging.Infof("Network verifier reported failure: %s", failureReason)
+		// XXX: metrics.Inc(metrics.ServicelogPrepared, investigationName)
+		result.ServiceLogPrepared = investigation.InvestigationStep{Performed: true, Labels: nil}
+		notes.AppendWarning("NetworkVerifier found unreachable targets. \n \n Verify and send service log if necessary: \n osdctl servicelog post %s -t https://raw.githubusercontent.com/openshift/managed-notifications/master/osd/required_network_egresses_are_blocked.json -p URLS=%s", r.Cluster.ID(), failureReason)
+
+		// In the future, we want to send a service log in this case
+		err = r.PdClient.AddNote(notes.String())
+		if err != nil {
+			logging.Error("could not add issues to incident notes")
+		}
+	case networkverifier.Success:
+		notes.AppendSuccess("Network verifier passed")
+		err = r.PdClient.AddNote(notes.String())
+		if err != nil {
+			logging.Error("could not add passed message to incident notes")
+		}
+	}
+
+	// Check ClusterVersion
+	clusterVersion, note, err := checkClusterVersion(k8scli, r.Cluster.ID())
+	if err != nil {
+		notes.AppendWarning("Failure checking ClusterVersion: %s", err.Error())
+		notes.AppendWarning("Alert escalated to on-call primary for review.")
+		logging.Infof("Escalating incident with notes for cluster %s", r.Cluster.ID())
+		err = r.PdClient.EscalateIncidentWithNote(notes.String())
+		if err != nil {
+			logging.Errorf("Failed to escalate incident to PagerDuty: %v", err)
+			return result, fmt.Errorf("failed to escalate incident: %w", err)
+		}
+		return result, err
+	}
+	if note != "" {
+		notes.AppendWarning(note)
+		err = r.PdClient.AddNote(notes.String())
+		if err != nil {
+			logging.Error("could not add notes to the incident")
+		}
+	}
+	if clusterVersion != "" {
+		notes.AppendSuccess("ClusterVersion found: %s", clusterVersion)
+		err = r.PdClient.AddNote(notes.String())
+		if err != nil {
+			logging.Error("could not add passed message to incident notes")
+		}
+	}
+
+	notes.AppendWarning("Alert escalated to on-call primary for review.")
+	logging.Infof("Escalating incident with notes for cluster %s", r.Cluster.ID())
+	err = r.PdClient.EscalateIncidentWithNote(notes.String())
+	if err != nil {
+		logging.Errorf("Failed to escalate incident to PagerDuty: %v", err)
+		return result, fmt.Errorf("failed to escalate incident: %w", err)
+	}
+	logging.Infof("Investigation completed and escalated successfully for cluster %s", r.Cluster.ID())
+
+	return result, nil
+}
+
+// checkClusterVersion retrieves the cluster version
+func checkClusterVersion(k8scli client.Client, clusterID string) (version string, note string, err error) {
+	logging.Infof("Checking ClusterVersion for cluster %s", clusterID)
+	clusterVersion := &configv1.ClusterVersion{}
+	err = k8scli.Get(context.TODO(), client.ObjectKey{Name: "version"}, clusterVersion)
+	if err != nil {
+		return "", "Failed to get ClusterVersion: cluster access issues detected", fmt.Errorf("failed to get ClusterVersion: %w", err)
+	}
+	logging.Infof("ClusterVersion channel: %s", clusterVersion.Spec.Channel)
+	logging.Infof("ClusterVersion found: %s", clusterVersion.Status.Desired.Version)
+	logging.Debugf("ClusterVersion conditions: %+v", clusterVersion.Status.Conditions)
+
+	for _, condition := range clusterVersion.Status.Conditions {
+		logging.Debugf("Checking ClusterVersion condition: Type=%s, Status=%s, Reason=%s, Message=%q",
+			condition.Type, condition.Status, condition.Reason, condition.Message)
+		if condition.Type == "RetrievedUpdates" && condition.Status == "False" {
+			if (condition.Reason == "VersionNotFound" || condition.Reason == "RemoteFailed") &&
+				strings.Contains(strings.TrimSpace(condition.Message), "Unable to retrieve available updates") {
+				logging.Warnf("Detected ClusterVersion error: Reason=%s, Message=%s", condition.Reason, condition.Message)
+				return "", fmt.Sprintf("ClusterVersion error detected: %s. Current version %s not found in channel %s",
+						condition.Message, clusterVersion.Status.Desired.Version, clusterVersion.Spec.Channel),
+					fmt.Errorf("clusterversion validation failed: %s", condition.Reason)
+			}
+		}
+	}
+	return clusterVersion.Status.Desired.Version, "", nil
+}
+
+func (i *Investigation) Name() string {
+	return alertname
+}
+
+func (i *Investigation) Description() string {
+	return fmt.Sprintf("Investigates '%s' alerts by running network verifier and checking ClusterVersion", alertname)
+}
+
+func (i *Investigation) ShouldInvestigateAlert(alert string) bool {
+	return strings.Contains(alert, alertname)
+}
+
+func (i *Investigation) IsExperimental() bool {
+	return true
+}

pkg/investigations/cannotretrieveupdatessre/__debug_bin3937016846

@@ -0,0 +1,137 @@
+package cannotretrieveupdatessre
+
+import (
+	"strings"
+	"testing"
+
+	configv1 "github.com/openshift/api/config/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes/scheme"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/client/fake"
+)
+
+func newFakeClient(objs ...client.Object) (client.Client, error) {
+	s := scheme.Scheme
+	err := configv1.AddToScheme(s)
+	if err != nil {
+		return nil, err
+	}
+
+	client := fake.NewClientBuilder().WithScheme(s).WithObjects(objs...).Build()
+	return client, nil
+}
+
+func TestCheckClusterVersion(t *testing.T) {
+	tests := []struct {
+		name            string
+		clusterVersion  *configv1.ClusterVersion
+		expectedVersion string
+		expectError     bool
+		expectedNote    string
+	}{
+		{
+			name: "RemoteFailed condition",
+			clusterVersion: &configv1.ClusterVersion{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "version",
+				},
+				Spec: configv1.ClusterVersionSpec{
+					Channel:   "stable-4.18-test",
+					ClusterID: "d1ba89f3-fd3e-48d2-91c6-test",
+				},
+				Status: configv1.ClusterVersionStatus{
+					Desired: configv1.Release{Version: "4.18.10"},
+					Conditions: []configv1.ClusterOperatorStatusCondition{
+						{
+							Type:    "RetrievedUpdates",
+							Status:  "False",
+							Reason:  "RemoteFailed",
+							Message: `Unable to retrieve available updates:`,
+						},
+					},
+				},
+			},
+			expectedVersion: "",
+			expectError:     true,
+			expectedNote:    `ClusterVersion error detected: Unable to retrieve available updates`,
+		},
+		{
+			name: "VersionNotFound condition",
+			clusterVersion: &configv1.ClusterVersion{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "version",
+				},
+				Spec: configv1.ClusterVersionSpec{
+					Channel:   "stable-4.18-test",
+					ClusterID: "d1ba89f3-fd3e-48d2-91c6-test",
+				},
+				Status: configv1.ClusterVersionStatus{
+					Desired: configv1.Release{Version: "4.18.10"},
+					Conditions: []configv1.ClusterOperatorStatusCondition{
+						{
+							Type:    "RetrievedUpdates",
+							Status:  "False",
+							Reason:  "VersionNotFound",
+							Message: `Unable to retrieve available updates: version 4.18.10 not found in channel stable-4.18-test`,
+						},
+					},
+				},
+			},
+			expectedVersion: "",
+			expectError:     true,
+			expectedNote:    `ClusterVersion error detected: Unable to retrieve available updates: version 4.18.10 not found in channel stable-4.18-test.`,
+		},
+		{
+			name: "Happy path",
+			clusterVersion: &configv1.ClusterVersion{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "version",
+				},
+				Spec: configv1.ClusterVersionSpec{
+					Channel:   "stable-4.18",
+					ClusterID: "d1ba89f3-fd3e-48d2-91c6-test",
+				},
+				Status: configv1.ClusterVersionStatus{
+					Desired: configv1.Release{Version: "4.18.10"},
+					Conditions: []configv1.ClusterOperatorStatusCondition{
+						{
+							Type:    "RetrievedUpdates",
+							Status:  "True",
+							Reason:  "UpdatesRetrieved",
+							Message: "Available updates retrieved successfully",
+						},
+					},
+				},
+			},
+			expectedVersion: "4.18.10",
+			expectError:     false,
+			expectedNote:    "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			k8scli, err := newFakeClient(tt.clusterVersion)
+			if err != nil {
+				t.Fatalf("failed to create a fake client: %v", err)
+			}
+			version, note, err := checkClusterVersion(k8scli, "test-cluster")
+
+			if version != tt.expectedVersion {
+				if !strings.Contains(note, tt.expectedNote) {
+					t.Errorf("Expected note message: %s. Got %s", tt.expectedNote, note)
+				}
+				if !tt.expectError {
+					t.Errorf("Expected version %s, got %s", tt.expectedVersion, version)
+				}
+			}
+
+			if tt.expectError && err == nil {
+				t.Errorf("Expected an error, got none")
+			} else if !tt.expectError && err != nil {
+				t.Errorf("Expected no error, got %v", err)
+			}
+		})
+	}
+}

pkg/investigations/cannotretrieveupdatessre/cannotretrieveupdatessre.go

@@ -0,0 +1,5 @@
+# Testing CannotRetrieveUpdatesSRE Investigation
+
+TODO:
+- Add a test script or test objects to this  directory for future maintainers to use
+- Edit this README file and add detailed instructions on how to use the script/objects to recreate the conditions for the investigation. Be sure to include any assumptions or prerequisites about the environment (disable hive syncsetting, etc)

pkg/investigations/cannotretrieveupdatessre/cannotretrieveupdatessre_test.go

@@ -1,6 +1,7 @@
 package investigations
 
 import (
+	cannotretrieveupdatessre "github.com/openshift/configuration-anomaly-detection/pkg/investigations/cannotretrieveupdatessre"
 	"github.com/openshift/configuration-anomaly-detection/pkg/investigations/ccam"
 	"github.com/openshift/configuration-anomaly-detection/pkg/investigations/chgm"
 	"github.com/openshift/configuration-anomaly-detection/pkg/investigations/clustermonitoringerrorbudgetburn"
@@ -20,6 +21,7 @@ var availableInvestigations = []investigation.Investigation{
 	&insightsoperatordown.Investigation{},
 	&upgradeconfigsyncfailureover4hr.Investigation{},
 	&machinehealthcheckunterminatedshortcircuitsre.Investigation{},
+	&cannotretrieveupdatessre.Investigation{},
 }
 
 // GetInvestigation returns the first Investigation that applies to the given alert title.

pkg/investigations/CannotRetrieveUpdatesSRE/metadata.yaml renamed to pkg/investigations/cannotretrieveupdatessre/metadata.yaml

@@ -9,6 +9,7 @@ declare -A alert_mapping=(
     ["ClusterMonitoringErrorBudgetBurnSRE"]="ClusterMonitoringErrorBudgetBurnSRE Critical (1)"
     ["InsightsOperatorDown"]="InsightsOperatorDown"
     ["MachineHealthCheckUnterminatedShortCircuitSRE"]="MachineHealthCheckUnterminatedShortCircuitSRE CRITICAL (1)"
+    ["CannotRetrieveUpdatesSRE"]="CannotRetrieveUpdatesSRE"
 )
 
 # Function to print help message