-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.15.z, 4.17.z, 4.16.z, 4.18.z
-
Yes
-
False
-
The ovn-ipsec-host pod doesn't come up on the RHEL worker node and gets into CLBO with below error.
# oc logs ovn-ipsec-host-xsvfq -n openshift-ovn-kubernetes Defaulted container "ovn-ipsec" out of: ovn-ipsec, ovn-keys (init) + counter=0 + '[' -f /etc/cni/net.d/10-ovn-kubernetes.conf ']' ovnkube-node has configured node. + echo 'ovnkube-node has configured node.' + pgrep pluto 212090 + ip x s flush + ip x p flush + touch /etc/ipsec.d/cno.conf + grep -q narrowing=yes /etc/ipsec.d/cno.conf + chroot /proc/1/root ipsec restart Redirecting to: systemctl restart ipsec.service + ulimit -n 1024 + /usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig /usr/libexec/ipsec/addconn: error while loading shared libraries: libunbound.so.2: cannot open shared object file: No such file or directory
# oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.15.41 True False 8m8s Cluster version is 4.15.41
This is a regression caused by the PR https://github.com/openshift/cluster-network-operator/pull/2576 which mounts host binaries into container to fix libreswan version incompatibility issue between host and container.
It works for rhcos nodes, but it breaks with rhel node binaries while running it inside the container.
