Bug 1342933

Summary: IPtables not updates when one of the masters fails
Product: OpenShift Container Platform Reporter: Alexander Koksharov <akokshar>
Component: NetworkingAssignee: Ben Bennett <bbennett>
Status: CLOSED DUPLICATE QA Contact: Meng Bo <bmeng>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.1.0CC: aos-bugs
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-06 12:30:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alexander Koksharov 2016-06-06 07:13:28 UTC 
Description of problem:

Customer run multiple master OSE with proxy-mode set to iptables on nodes.
In case one master become unavailable, pods start failing during name resolution.

It turns out to be a failure to update iptables rules after master node goes down. iptables rule is not removed and some of the DNS requests are still routed to a failed node.
This issue probably affects not only DNS but also other services provided by then master.

Version-Release number of selected component (if applicable):
3.1

How reproducible:


Steps to Reproduce:
1.
start multiple-master OSE
2.
halt one master
3.
check iptables on a node

Actual results:
iptables still have failed master listed

Expected results:
only alive services do have corresponding records in iptables

Additional info:
Comment 1 Ben Bennett 2016-06-06 12:30:02 UTC 

*** This bug has been marked as a duplicate of bug 1300028 ***