Bug 1590589
| Summary: | Builds fail due to iptables lock 'iptables-restore: exit status 4' | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | emahoney |
| Component: | Networking | Assignee: | Casey Callendrello <cdc> |
| Networking sub component: | openshift-sdn | QA Contact: | zhaozhanqi <zzhao> |
| Status: | CLOSED DUPLICATE | Docs Contact: | |
| Severity: | urgent | ||
| Priority: | urgent | CC: | acavalla, aos-bugs, bbennett, bmeng, bpritche, clpereir, contact+rhelbugzilla, dcbw, ehabkost, emahoney, erich, jack.ottofaro, jpriddy, mirollin, misalunk, mruzicka, nschuetz, openshift-bugs-escalate, pasik, piqin, pslama, ptalbert, rbost, rhowe, rpuccini |
| Version: | 3.11.0 | ||
| Target Milestone: | --- | ||
| Target Release: | 3.11.z | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-09-26 20:31:57 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
If this is caused by running `iptables-restore --table=$TABLE` or `ip6tables-restore --table=$TABLE` it may be https://bugzilla.netfilter.org/show_bug.cgi?id=1271, which has a patch fixing the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1673305 may be a duplicate bug of this issue. *** This bug has been marked as a duplicate of bug 1734009 *** The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days |
Description of problem: Facing issues where builds are failing due to iptables lock: ~~~ Jun 12 19:18:42 opennode-66-40.hosted.a3.vary.redhat.com atomic-openshift-node[10569]: E0612 19:18:42.463911 10569 kubelet_pods.go:1121] Failed killing the pod "dashing-33-deploy": failed to "KillPodSandbox" for "1ea67f12-6e75-11e8-9c50-0a979bbb7299" with KillPodSandboxError: "rpc error: code = Unknown desc = NetworkPlugin cni failed to teardown pod \"dashing-33-deploy_it-marketing\" network: CNI request failed with status 400: 'Failed to execute iptables-restore: exit status 4 (Another app is currently holding the xtables lock. Perhaps you want to use the -w option?\n)\n'" ~~~ This looks quite a bit like a regression of the BZ below: https://bugzilla.redhat.com/show_bug.cgi?id=1514627 Version-Release number of selected component (if applicable): atomic-openshift-3.9.30-1.git.0.dec1ba7.el7.x86_64 atomic-openshift-node-3.9.30-1.git.0.dec1ba7.el7.x86_64 iptables-1.4.21-24.1.el7_5.x86_64 kernel-3.10.0-862.el7.x86_64 How reproducible: Have not been able to reproduce in lab. Steps to Reproduce: 1.n/a 2. 3. Actual results: Builds are failing due to iptables lock. Expected results: Builds succeed. Additional info: