Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-16655

[rhel 9] HyperShift cluster failed to create with "error loading seccomp filter: errno 524"

    XMLWordPrintable

Details

    • No
    • Rejected
    • False
    • Hide

      None

      Show
      None

    Description

      Description of problem:

      DPTP recently aware of random failure of tests. Those tests are all failed at creating hosted cluster with DPTP managed HyperShift deployment. We analysed and identified some failures are caused by failed to create `kube-apiserver` container ( https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/redhat-appstudio_infra-deployments/2127/pull-ci-redhat-appstudio-infra-deployments-main-appstudio-e2e-tests/1682435079629967360 )
      
      (venv3) [fedora@Bear-Work-RedHat ~]$ oc --context hive -n clusters-ded5f96a60c8e83b3c8c get pods
      NAME                                      READY   STATUS                 RESTARTS   AGE
      capi-provider-59c566fcd7-252gr            0/2     Init:0/1               0          55m
      cluster-api-6c9597b574-wqh5n              1/1     Running                0          55m
      cluster-autoscaler-5d6c85b744-qwwcl       0/1     Init:0/1               0          54m
      control-plane-operator-7b9fb954b6-v5f62   2/2     Running                0          55m
      etcd-0                                    2/2     Running                0          54m
      ignition-server-76566ffbf8-6cmc8          1/1     Running                0          54m
      konnectivity-agent-58fcdf9d8-5s7d5        1/1     Running                0          54m
      konnectivity-server-5799cc8669-ms7jj      1/1     Running                0          54m
      kube-apiserver-7f5c8f8759-chm97           2/5     CreateContainerError   0          54m
      machine-approver-799477bd54-wqhb2         0/1     Init:0/1               0          54m
      (venv3) [fedora@Bear-Work-RedHat ~]$
      
      Further investigation shows that the failure reason is
      
      (venv3) [fedora@Bear-Work-RedHat ~]$ oc --context hive -n clusters-ded5f96a60c8e83b3c8c describe pod kube-apiserver-7f5c8f8759-chm97
      Name:                 kube-apiserver-7f5c8f8759-chm97
      ...
        Warning  Failed          13m                   kubelet            Error: container create failed: time="2023-07-21T17:23:52Z" level=error msg="runc create failed: unable to start container process: unable to init seccomp: error loading seccomp filter into kernel: error loading seccomp filter: errno 524"
        Normal   Pulled          2m54s (x52 over 13m)  kubelet            Container image "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:55c40d6a7ce9644e21a372b93e0e1dc6a4d838e0905d2e394712535ee5deaeac" already present on machine
      
      The specific error is similar to https://bugzilla.redhat.com/show_bug.cgi?id=2140163 . However, in our cases, they are on amd64.
      
      

      Version-Release number of selected component (if applicable):

      4.13.4
      
      

      How reproducible:

      Random
      

      Steps to Reproduce:

      1.
      2.
      3.
      

      Actual results:

      
      

      Expected results:

      
      

      Additional info:

      
      

      Attachments

        Activity

          People

            mnguyen@redhat.com Michael Nguyen
            bechen@redhat.com Bear Chen
            Michael Nguyen Michael Nguyen
            Votes:
            0 Vote for this issue
            Watchers:
            32 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: