Loading...

XML

Word

Printable

Type: Bug
Resolution: Obsolete
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.8.z
Component/s: Networking / ovn-kubernetes
Labels:
- TestBlocker

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Important
Regression:
None

Target Backport Versions:
None
Target Version:

4.8.z
Release Blocker:
Rejected
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

# ogp -l=app=ovn-ipsec
NAME              READY   STATUS                  RESTARTS         AGE
ovn-ipsec-6nfhl   0/1     Init:CrashLoopBackOff   20 (4m18s ago)   84m
ovn-ipsec-b82hb   1/1     Running                 0                84m
ovn-ipsec-btcvr   0/1     Init:CrashLoopBackOff   18 (41s ago)     68m
ovn-ipsec-l4mxd   0/1     Init:CrashLoopBackOff   20 (3m53s ago)   84m
ovn-ipsec-m4wxv   0/1     Init:CrashLoopBackOff   18 (43s ago)     68m

# oc logs -n openshift-ovn-kubernetes ovn-ipsec-btcvr --all-containers | cut -b-100 | tail
Error from server (BadRequest): container "ovn-ipsec" in pod "ovn-ipsec-btcvr" is waiting to start: PodInitializing
certificatesigningrequest.certificates.k8s.io "worker-00.ipsec-debug7.qe.devcluster.openshift.com" d
+ cat
+ kubectl apply -f -
++ hostname
certificatesigningrequest.certificates.k8s.io/worker-00.ipsec-debug7.qe.devcluster.openshift.com cre
+ counter=0
+++ hostname
++ kubectl get csr/worker-00.ipsec-debug7.qe.devcluster.openshift.com -o 'jsonpath={.status.certific
+ '[' '!' -z ']'
+ (( counter++ ))
 
Mist-gather on 4.9 - http://shell.lab.bos.redhat.com/~anusaxen/must-gather.tar.gz 
Must-gather on 4.12 - http://shell.lab.bos.redhat.com/~anusaxen/must-gather-4_12.tar.gz

Version-Release number of selected component (if applicable):

4.9.51

How reproducible:

Always

Steps to Reproduce:

1.Bring OVNK cluster with IPsec enabled
2.
3.

Actual results:

cluster install failed

Expected results:

cluster install should be fine

Additional info:

 ovs-vsctl --retry -t 60 set Open_vSwitch . other_config:certificate=/etc/openvswitch/keys/ipsec-cert.pem \
                                                 other_config:private_key=/etc/openvswitch/keys/ipsec-privkey.pem \
                                                 other_config:ca_cert=/etc/openvswitch/keys/ipsec-cacert.pem
      
    State:       Waiting
      Reason:    CrashLoopBackOff
    Last State:  Terminated
      Reason:    Error
      Message:   k6Mzc6MzI6ZDQ6ZDc6MmI6YjI6YTM6ZDE6ZDU6OTk6CiAgICAgICAgIDk3OjgyOmE2OjhlCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCk1JSUM2akNDQWRJQ0FRQXdZekVMTUFrR0ExVUVCaE1DVlZNeEZqQVVCZ05WQkFvTURXOTJibXQxWW1WeWJtVjAKWlhNeERUQUxCZ05WQkFzTUJHdHBibVF4TFRBckJnTlZCQU1NSkdJMU5EVTFNakV4TFRKaE1UVXROREl5WXkxaQpPV0kzTFRWak4yVmhZVE5pWkRRek9EQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCCkFMSTZsczkzbjYyY3kwazVUa3Z5SWcrZk1jN2Z0anBPNkhaODlmMWJvMFlOU3dJbXN0dGhZbWhBd29rSzNwWm8KTUt0NHl2MnJ1NkNXbU9IUWlXTlprbGU5WGVMRGowNmZsN3EvSVlCQjJRbVVlajRGcUd0RHBXelNxNjNZelRJVApleHloZm0wUm1oWDR6YlBIeCtQd2o3M01ZWnlNK1EzVDZJVER2ejgrMElrSzBERkY3dlZUWFg5U3dHcGpOLzQzCmlhTUZNVUg3a09CK2E5RnFCVllBMWNRcS9tZUdQV0pqN1ZTMVVGWGRLZUZvNTBCQXp6czYrZXgyWVZUU1hkQkwKdTljV2JyaWw5MUp5TkF3TmVmRlVtR2p2elRoVS9MUGNaeHlEMFNERDV0VjBoS2Jyd0tycDZVWEpGR2lvT292Tgp1a3dJMkdCc1Q0QThwRjY2RHRIcEd1VUNBd0VBQWFCQ01FQUdDU3FHU0liM0RRRUpEakV6TURFd0x3WURWUjBSCkJDZ3dKb0lrWWpVME5UVXlNVEV0TW1FeE5TMDBNakpqTFdJNVlqY3ROV00zWldGaE0ySmtORE00TUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQ1NoMUNvd0JnTFJ6SUEvSHMyU3J0b0RicHE1ZDRRL2FoSFNCVDFSYWdxM0p1bAphVXlGVnZvYTV6RDBrSTJMeEgrMGpZWmVOVGNSVDhOMTlpNEU0TnhEeUg3UldKaHlLbHFicytCcXlCR0J4RnhrCndVOGNxWVNZQmtud0xvRmxiODZUVmRWNjJMQjYwNlpWRXNIZXZtaVlFVjBRYjE5KzVLSGU1U1pWZHBaWEVKUWMKQ0RGQW1TNDhxWkJoRFNKNUdPeXZZWmFmcURjbVpkZFlWU1lFR1QxblpqRVNpL0gzaTUyK29ZWlA2WWZxM3MrKwpldnRVVFZVdU52YjIwWi9uWnRtK21IbUMyb3R4TjQ3K2tiQ0x2MEdvaWUxYTJaMjg2U1RhdUEyS05jdS9GMWt4CllGejZMOFh5MWZwTFVPQXk3TUpCQ1RjeTFOY3JzcVBSMVptWGdxYU8KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
++ hostname
+ kubectl delete --ignore-not-found=true csr/worker-00.ipsec-debug7.qe.devcluster.openshift.com
certificatesigningrequest.certificates.k8s.io "worker-00.ipsec-debug7.qe.devcluster.openshift.com" deleted
+ cat
+ kubectl apply -f -
++ hostname
certificatesigningrequest.certificates.k8s.io/worker-00.ipsec-debug7.qe.devcluster.openshift.com created
+ counter=0
+++ hostname
++ kubectl get csr/worker-00.ipsec-debug7.qe.devcluster.openshift.com -o 'jsonpath={.status.certificate}'
+ '[' '!' -z ']'
+ (( counter++ ))

clones

OCPBUGS-3854 [4.9][Dual Stack] ovn-ipsec crashlooping due to cert signing issues

Closed

Assignee:: Andreas Karis

Reporter:: Anurag Saxena

Need Info From:: None

Contributors:: None

QA Contact:: Anurag Saxena

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022/11/17 9:11 PM

Updated:: 2025/07/28 5:48 PM

Resolved:: 2022/11/29 11:56 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates