-
Bug
-
Resolution: Obsolete
-
Undefined
-
None
-
4.8.z
-
Important
-
None
-
Rejected
-
False
-
Description of problem:
# ogp -l=app=ovn-ipsec NAME READY STATUS RESTARTS AGE ovn-ipsec-6nfhl 0/1 Init:CrashLoopBackOff 20 (4m18s ago) 84m ovn-ipsec-b82hb 1/1 Running 0 84m ovn-ipsec-btcvr 0/1 Init:CrashLoopBackOff 18 (41s ago) 68m ovn-ipsec-l4mxd 0/1 Init:CrashLoopBackOff 20 (3m53s ago) 84m ovn-ipsec-m4wxv 0/1 Init:CrashLoopBackOff 18 (43s ago) 68m # oc logs -n openshift-ovn-kubernetes ovn-ipsec-btcvr --all-containers | cut -b-100 | tail Error from server (BadRequest): container "ovn-ipsec" in pod "ovn-ipsec-btcvr" is waiting to start: PodInitializing certificatesigningrequest.certificates.k8s.io "worker-00.ipsec-debug7.qe.devcluster.openshift.com" d + cat + kubectl apply -f - ++ hostname certificatesigningrequest.certificates.k8s.io/worker-00.ipsec-debug7.qe.devcluster.openshift.com cre + counter=0 +++ hostname ++ kubectl get csr/worker-00.ipsec-debug7.qe.devcluster.openshift.com -o 'jsonpath={.status.certific + '[' '!' -z ']' + (( counter++ )) Mist-gather on 4.9 - http://shell.lab.bos.redhat.com/~anusaxen/must-gather.tar.gz Must-gather on 4.12 - http://shell.lab.bos.redhat.com/~anusaxen/must-gather-4_12.tar.gz
Version-Release number of selected component (if applicable):
4.9.51
How reproducible:
Always
Steps to Reproduce:
1.Bring OVNK cluster with IPsec enabled 2. 3.
Actual results:
cluster install failed
Expected results:
cluster install should be fine
Additional info:
ovs-vsctl --retry -t 60 set Open_vSwitch . other_config:certificate=/etc/openvswitch/keys/ipsec-cert.pem \ other_config:private_key=/etc/openvswitch/keys/ipsec-privkey.pem \ other_config:ca_cert=/etc/openvswitch/keys/ipsec-cacert.pem State: Waiting Reason: CrashLoopBackOff Last State: Terminated Reason: Error Message: k6Mzc6MzI6ZDQ6ZDc6MmI6YjI6YTM6ZDE6ZDU6OTk6CiAgICAgICAgIDk3OjgyOmE2OjhlCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCk1JSUM2akNDQWRJQ0FRQXdZekVMTUFrR0ExVUVCaE1DVlZNeEZqQVVCZ05WQkFvTURXOTJibXQxWW1WeWJtVjAKWlhNeERUQUxCZ05WQkFzTUJHdHBibVF4TFRBckJnTlZCQU1NSkdJMU5EVTFNakV4TFRKaE1UVXROREl5WXkxaQpPV0kzTFRWak4yVmhZVE5pWkRRek9EQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCCkFMSTZsczkzbjYyY3kwazVUa3Z5SWcrZk1jN2Z0anBPNkhaODlmMWJvMFlOU3dJbXN0dGhZbWhBd29rSzNwWm8KTUt0NHl2MnJ1NkNXbU9IUWlXTlprbGU5WGVMRGowNmZsN3EvSVlCQjJRbVVlajRGcUd0RHBXelNxNjNZelRJVApleHloZm0wUm1oWDR6YlBIeCtQd2o3M01ZWnlNK1EzVDZJVER2ejgrMElrSzBERkY3dlZUWFg5U3dHcGpOLzQzCmlhTUZNVUg3a09CK2E5RnFCVllBMWNRcS9tZUdQV0pqN1ZTMVVGWGRLZUZvNTBCQXp6czYrZXgyWVZUU1hkQkwKdTljV2JyaWw5MUp5TkF3TmVmRlVtR2p2elRoVS9MUGNaeHlEMFNERDV0VjBoS2Jyd0tycDZVWEpGR2lvT292Tgp1a3dJMkdCc1Q0QThwRjY2RHRIcEd1VUNBd0VBQWFCQ01FQUdDU3FHU0liM0RRRUpEakV6TURFd0x3WURWUjBSCkJDZ3dKb0lrWWpVME5UVXlNVEV0TW1FeE5TMDBNakpqTFdJNVlqY3ROV00zWldGaE0ySmtORE00TUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQ1NoMUNvd0JnTFJ6SUEvSHMyU3J0b0RicHE1ZDRRL2FoSFNCVDFSYWdxM0p1bAphVXlGVnZvYTV6RDBrSTJMeEgrMGpZWmVOVGNSVDhOMTlpNEU0TnhEeUg3UldKaHlLbHFicytCcXlCR0J4RnhrCndVOGNxWVNZQmtud0xvRmxiODZUVmRWNjJMQjYwNlpWRXNIZXZtaVlFVjBRYjE5KzVLSGU1U1pWZHBaWEVKUWMKQ0RGQW1TNDhxWkJoRFNKNUdPeXZZWmFmcURjbVpkZFlWU1lFR1QxblpqRVNpL0gzaTUyK29ZWlA2WWZxM3MrKwpldnRVVFZVdU52YjIwWi9uWnRtK21IbUMyb3R4TjQ3K2tiQ0x2MEdvaWUxYTJaMjg2U1RhdUEyS05jdS9GMWt4CllGejZMOFh5MWZwTFVPQXk3TUpCQ1RjeTFOY3JzcVBSMVptWGdxYU8KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== ++ hostname + kubectl delete --ignore-not-found=true csr/worker-00.ipsec-debug7.qe.devcluster.openshift.com certificatesigningrequest.certificates.k8s.io "worker-00.ipsec-debug7.qe.devcluster.openshift.com" deleted + cat + kubectl apply -f - ++ hostname certificatesigningrequest.certificates.k8s.io/worker-00.ipsec-debug7.qe.devcluster.openshift.com created + counter=0 +++ hostname ++ kubectl get csr/worker-00.ipsec-debug7.qe.devcluster.openshift.com -o 'jsonpath={.status.certificate}' + '[' '!' -z ']' + (( counter++ ))
- clones
-
OCPBUGS-3854 [4.9][Dual Stack] ovn-ipsec crashlooping due to cert signing issues
- Closed