Bug 1914975

Summary: Collect logs from openshift-sdn namespace
Product: OpenShift Container Platform Reporter: Serhii Zakharov <szakharo>
Component: Insights OperatorAssignee: Serhii Zakharov <szakharo>
Status: CLOSED ERRATA QA Contact: Pavel Šimovec <psimovec>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.7CC: aos-bugs, inecas, mklika, tremes
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Feature: sdn pods (in "openshift-sdn" namespace) can log some interesting messages, which should be helpful for network troubleshooting. The interesting messages are: - “Got OnEndpointsUpdate for unknown Endpoints” and* “"Got OnEndpointsDelete for unknown Endpoints”:* an event has been received to update some endpoints that don’t exist. It would indicate abnormal access to the API or too slow synchronization with it. - “Unable to update proxy firewall for policy”: SDN has internally requested the update of a policy that has not been found. Kind of a strange scenario, indicating bad or low performant access to API. - “Failed to update proxy firewall for policy: %v, Could not get EgressNetworkPolicies: %v”: Reason: Result:
 Story Points: ---
Clone Of:
: 1921554 (view as bug list) Environment:
Last Closed: 2021-02-24 15:51:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1921554    

Description Serhii Zakharov 2021-01-11 16:07:13 UTC 
sdn pods (in "openshift-sdn" namespace) can log some interesting messages, which should be helpful for network troubleshooting. The interesting messages are:

    “Got OnEndpointsUpdate for unknown Endpoints” and* “"Got OnEndpointsDelete for unknown Endpoints”:* an event has been received to update some endpoints that don’t exist. It would indicate abnormal access to the API or too slow synchronization with it.
    “Unable to update proxy firewall for policy”: SDN has internally requested the update of a policy that has not been found. Kind of a strange scenario, indicating bad or low performant access to API.
    “Failed to update proxy firewall for policy: %v, Could not get EgressNetworkPolicies: %v”:

As IO is gathered every 2hrs we want to gather latest occurrences of those errors in logs

This list was prepared by CEE SME Pablo Alonso Rodriguez who should be consulted if needed

Acceptance criteria:

    Gather and collect above messages from sdn pods

Contact if clarifications needed: CEE SME Pablo Alonso Rodriguez
Comment 2 Pavel Šimovec 2021-01-14 11:35:43 UTC 
Archive contains:
config/pod/openshift-sdn/sdn-controller-r6pn2.json

verified on commit with hash bbe71609b0135def20bf82880e60cc90545ace77
Comment 5 errata-xmlrpc 2021-02-24 15:51:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633