Bug 2090405
| Summary: | [tracker] weird port mapping with asymmetric traffic [rhel-8.6.0.z] | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Micah Abbott <miabbott> |
| Component: | RHCOS | Assignee: | Micah Abbott <miabbott> |
| Status: | CLOSED ERRATA | QA Contact: | Michael Nguyen <mnguyen> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 4.11 | CC: | acaringi, chorn, dornelas, egarver, fwestpha, jiji, jligon, miabbott, mrussell, network-qe, nmurray, nstielau, pgm-rhel-tools, sukulkar, yiche |
| Target Milestone: | --- | Keywords: | Triaged, ZStream |
| Target Release: | 4.11.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 2065266 | Environment: | |
| Last Closed: | 2022-08-10 11:14:11 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2065266 | ||
| Bug Blocks: | |||
|
Description
Micah Abbott
2022-05-25 16:54:52 UTC
Kernel errata has shipped and a superseding kernel is present in 4.11 nightlies. The dependent RHEL BZ was fixed as part of RHEL 8.6.0.1 with `kernel-4.18.0-372.13.1.el8_6`
Checking a 4.11 CI release-payload:
```
$ oc version
Client Version: 4.10.18
Server Version: 4.11.0-0.ci-2022-07-05-101838
Kubernetes Version: v1.24.0-2362+2dd8bb16eb2fd8-dirty
$ oc get nodes
NAME STATUS ROLES AGE VERSION
ci-ln-818wcgt-72292-fjchw-master-0 Ready master 19m v1.24.0+2dd8bb1
ci-ln-818wcgt-72292-fjchw-master-1 Ready master 19m v1.24.0+2dd8bb1
ci-ln-818wcgt-72292-fjchw-master-2 Ready master 20m v1.24.0+2dd8bb1
ci-ln-818wcgt-72292-fjchw-worker-a-nl42w Ready worker 12m v1.24.0+2dd8bb1
ci-ln-818wcgt-72292-fjchw-worker-b-9h9zr Ready worker 12m v1.24.0+2dd8bb1
ci-ln-818wcgt-72292-fjchw-worker-c-xz5rd Ready worker 12m v1.24.0+2dd8bb1
$ oc debug node/ci-ln-818wcgt-72292-fjchw-worker-a-nl42w
Warning: would violate PodSecurity "restricted:latest": host namespaces (hostNetwork=true, hostPID=true), privileged (container "container-00" must not set securityContext.privileged=true), allowPrivilegeEscalation != false (container "container-00" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "container-00" must set securityContext.capabilities.drop=["ALL"]), restricted volume types (volume "host" uses restricted volume type "hostPath"), runAsNonRoot != true (pod or container "container-00" must set securityContext.runAsNonRoot=true), runAsUser=0 (container "container-00" must not set runAsUser=0), seccompProfile (pod or container "container-00" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
Starting pod/ci-ln-818wcgt-72292-fjchw-worker-a-nl42w-debug ...
To use host binaries, run `chroot /host`
Pod IP: 10.0.128.2
If you don't see a command prompt, try pressing enter.
sh-4.4# chroot /host
sh-4.4# rpm-ostree status
State: idle
Deployments:
* pivot://registry.ci.openshift.org/ocp/4.11-2022-07-05-101838@sha256:04b54950ce296d73746f22b66ff6c5484c37be78cb34aaf352338359112fa241
CustomOrigin: Managed by machine-config-operator
Version: 411.86.202207011902-0 (2022-07-01T19:05:18Z)
0505ffc1c711903785f27570819e973f086f594a8daa3ec9dfe2a059586ac42f
Version: 411.86.202206301504-0 (2022-06-30T15:08:01Z)
sh-4.4# rpm -q kernel
kernel-4.18.0-372.13.1.el8_6.x86_64
```
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069 |