Bug 1455656 – [3.5] iptables spams the logs with the rules every time iptables-restore is called

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1455656 - [3.5] iptables spams the logs with the rules every time iptables-restore is called

Summary:	[3.5] iptables spams the logs with the rules every time iptables-restore is c...

Status:	CLOSED ERRATA

Aliases:	None

Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking (Show other bugs)
Sub Component:
Version:	3.5.0
Hardware:	All Linux

Priority	unspecified Severity high
Target Milestone:	---
Target Release:	3.5.z
Assigned To:	Ben Bennett
QA Contact:	Meng Bo
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:	1455655
Blocks:
	Show dependency tree / graph

Reported:	2017-05-25 13:21 EDT by Ben Bennett
Modified:	2017-08-10 01:25 EDT (History)
CC List:	5 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: We logged the iptables rules at too low of a log level. Consequence: The logs fill with iptables noise. Fix: Change the level at which they are logged. Result: Much more useful logs.
Story Points:	---
Clone Of:	1455655
Environment:
Last Closed:	2017-08-10 01:25:32 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Github	openshift/ose/pull/765	None	None	None	2017-05-25 13:30 EDT
Red Hat Product Errata	RHEA-2017:1716	normal	SHIPPED_LIVE	Red Hat OpenShift Container Platform 3.6 RPM Release Advisory	2017-08-10 05:02:50 EDT

Groups: None (edit)

Description Ben Bennett 2017-05-25 13:21:51 EDT

+++ This bug was initially created as a clone of Bug #1455655 +++

Description of problem:
At log level 3 OpenShift dumps the complete iptables rules to the log.

Version-Release number of selected component (if applicable):
3.5.0

How reproducible:
Every time log level is set to 3 or higher.

Steps to Reproduce:
1. Set the log level to 3
2. Start openshift
3. Watch the logs

Actual results:

Masses of iptables rules printed to the log.

Expected results:

No rules printed at reasonable log levels.

Comment 1 Ben Bennett 2017-05-31 09:44:23 EDT

PR https://github.com/openshift/ose/pull/765

Comment 5 Yan Du 2017-06-02 01:53:59 EDT

Test on OCP 3.5
openshift v3.5.5.21
kubernetes v1.5.2+43a9be4

No iptable rules printed in log when setting log level to 3 and rules printed to the log when log level is 5.

@Ben Could you please move bug to ON_QA, then QE could verify it.

Comment 7 errata-xmlrpc 2017-08-10 01:25:32 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1716

Note You need to log in before you can comment on or make changes to this bug.