Bug 1789124
Summary: | Router doesn't listen on ipv6 interfaces when cluster network config indicates ipv6 support | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Dan Mace <dmace> |
Component: | Networking | Assignee: | Dan Mace <dmace> |
Networking sub component: | router | QA Contact: | Marius Cornea <mcornea> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | medium | ||
Priority: | medium | CC: | aos-bugs, dhansen, hongli, jschluet |
Version: | 4.3.0 | ||
Target Milestone: | --- | ||
Target Release: | 4.3.z | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | ipv6 | ||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1789121 | Environment: | |
Last Closed: | 2020-02-19 05:39:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1789121, 1796618 | ||
Bug Blocks: |
Description
Dan Mace
2020-01-08 19:42:41 UTC
Removed PR 346. Superseded by PR 352. Assigning all 4.3.z IPv6 bugs to Marius Cornea for QA, as they are not yet QA-able in stock release-4.3 builds. Verified on 4.3.0-0.nightly-2020-02-10-055634(included in 4.3.0-0.nightly-2020-02-10-055634-ipv6.3) on a bare metal deployment Image used in local disconnected registry: [kni@provisionhost-0 ~]$ oc adm release info --image-for=cluster-ingress-operator -a ~/combined-secret.json registry.ocp-edge-cluster.qe.lab.redhat.com:5000/localimages/local-release-image:4.3.0-0.nightly-2020-02-10-055634-ipv6.3 quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:298fb2499ff98a3dab790436afb5da961c951a7d22b8357ad7d82e6739e0128f Image used in 4.3.0-0.nightly-2020-02-10-055634: [kni@provisionhost-0 ~]$ oc adm release info --image-for=cluster-ingress-operator -a ~/combined-secret.json registry.svc.ci.openshift.org/ocp/release:4.3.0-0.nightly-2020-02-10-055634 quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:298fb2499ff98a3dab790436afb5da961c951a7d22b8357ad7d82e6739e0128f [kni@provisionhost-0 ~]$ oc get co/ingress NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE ingress 4.3.0-0.nightly-2020-02-10-055634-ipv6.3 True False False 89m [kni@provisionhost-0 ~]$ oc get network/cluster -o yaml apiVersion: config.openshift.io/v1 kind: Network metadata: creationTimestamp: "2020-02-11T20:04:57Z" generation: 2 name: cluster resourceVersion: "1861" selfLink: /apis/config.openshift.io/v1/networks/cluster uid: 0cb632ca-766c-4959-8c66-187ecbb56579 spec: clusterNetwork: - cidr: fd01::/48 hostPrefix: 64 externalIP: policy: {} networkType: OVNKubernetes serviceNetwork: - fd02::/112 status: clusterNetwork: - cidr: fd01::/48 hostPrefix: 64 clusterNetworkMTU: 1400 networkType: OVNKubernetes serviceNetwork: - fd02::/112 Ingress hostname is reacheable: [kni@provisionhost-0 ~]$ curl -k https://test.apps.ocp-edge-cluster.qe.lab.redhat.com -I HTTP/1.0 503 Service Unavailable Pragma: no-cache Cache-Control: private, max-age=0, no-cache, no-store Connection: close Content-Type: text/html [kni@provisionhost-0 ~]$ curl -k https://test.apps.ocp-edge-cluster.qe.lab.redhat.com -I -v * Rebuilt URL to: https://test.apps.ocp-edge-cluster.qe.lab.redhat.com/ * Trying fd2e:6f44:5dd8:c956::10... * TCP_NODELAY set * Connected to test.apps.ocp-edge-cluster.qe.lab.redhat.com (fd2e:6f44:5dd8:c956::10) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server did not agree to a protocol * Server certificate: * subject: CN=*.apps.ocp-edge-cluster.qe.lab.redhat.com * start date: Feb 11 20:15:38 2020 GMT * expire date: Feb 10 20:15:39 2022 GMT * issuer: CN=ingress-operator@1581452136 * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway. > HEAD / HTTP/1.1 > Host: test.apps.ocp-edge-cluster.qe.lab.redhat.com > User-Agent: curl/7.61.1 > Accept: */* > * HTTP 1.0, assume close after body < HTTP/1.0 503 Service Unavailable HTTP/1.0 503 Service Unavailable < Pragma: no-cache Pragma: no-cache < Cache-Control: private, max-age=0, no-cache, no-store Cache-Control: private, max-age=0, no-cache, no-store < Connection: close Connection: close < Content-Type: text/html Content-Type: text/html < * Excess found in a non pipelined read: excess = 3131 url = / (zero-length body) * Closing connection 0 * TLSv1.2 (OUT), TLS alert, close notify Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0492 |