Bug 1914402

Summary: pluto IKE daemon not running on few ovn-ipsec containers degrading the cluster
Product: OpenShift Container Platform Reporter: Anurag saxena <anusaxen>
Component: NetworkingAssignee: Mark Gray <mark.d.gray>
Networking sub component: ovn-kubernetes QA Contact: Anurag saxena <anusaxen>
Status: CLOSED UPSTREAM Docs Contact:
Severity: medium    
Priority: medium CC: aconstan, anbhat, aos-bugs, bbennett, juzhao, kewang, mark.d.gray, mark.d.gray, mfojtik, mtleilia, rbrattai, xxia, zzhao
Version: 4.7   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1905730 Environment:
Last Closed: 2021-10-26 08:27:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1918935    
Bug Blocks:    

Comment 18 Mark Gray 2021-02-02 08:36:29 UTC 
Our current understanding of this is:

* It only triggers at cluster installation.
* It appears to be a libreswan issue: https://github.com/libreswan/libreswan/issues/390
* A liveness probe has been added at https://github.com/openshift/cluster-network-operator/pull/952. This will restart the container which fixes the problem.

As a result, we have reduced the severity to medium and it is no longer a blocker. We will continue to work with the libreswan team to resolve the underlying issue.
Comment 19 Mark Gray 2021-10-26 08:27:06 UTC 
This issue has been resolved in Libreswan.
Comment 20 Red Hat Bugzilla 2023-09-15 00:57:59 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days