Bug 1455655

Summary: iptables spams the logs with the rules every time iptables-restore is called
Product: OpenShift Container Platform Reporter: Ben Bennett <bbennett>
Component: NetworkingAssignee: Ben Bennett <bbennett>
Status: CLOSED ERRATA QA Contact: Meng Bo <bmeng>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.5.0CC: aos-bugs, ccoleman, eparis, jeder, pportant, smunilla, yadu
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: aos-scalability-36
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: We logged the iptables rules at too low of a log level. Consequence: The logs fill with iptables noise. Fix: Change the level at which they are logged. Result: Much more useful logs.
 Story Points: ---
Clone Of:
: 1455656 (view as bug list) Environment:
Last Closed: 2017-08-10 05:25:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1455656    

Description Ben Bennett 2017-05-25 17:16:13 UTC 
Description of problem:
At log level 3 OpenShift dumps the complete iptables rules to the log.

Version-Release number of selected component (if applicable):
3.5.0

How reproducible:
Every time log level is set to 3 or higher.

Steps to Reproduce:
1. Set the log level to 3
2. Start openshift
3. Watch the logs

Actual results:

Masses of iptables rules printed to the log.

Expected results:

No rules printed at reasonable log levels.
Comment 1 openshift-github-bot 2017-05-27 09:32:55 UTC 
Commit pushed to master at https://github.com/openshift/origin

https://github.com/openshift/origin/commit/ded5e8cab6918b51da35aa2f3a6654c817f8117e
UPSTREAM: <drop>: Set the log level for iptables rule dump to 5

PR 46201 (https://github.com/kubernetes/kubernetes/pull/46201) and
others recently have changed the log level at which the complete
iptables rules are printed out.  They were at log level 3, and
Kubernetes now logs them at 5.  This brings us in sync with that.

Fixes bug 1455655 (https://bugzilla.redhat.com/show_bug.cgi?id=1455655)
Comment 3 Yan Du 2017-06-01 07:49:23 UTC 
openshift v3.6.86
kubernetes v1.6.1+5115d708d7
etcd 3.1.0

No iptable rules printed in log when setting log level to 3 and rules printed to the log when log level is 5.
Comment 5 errata-xmlrpc 2017-08-10 05:25:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1716