Bug 1651436 - [3.9] [RHEL-7.6] Failed to execute iptables-restore: exit status 1 (iptables-restore: invalid option -- '5'
Summary: [3.9] [RHEL-7.6] Failed to execute iptables-restore: exit status 1 (iptables-...
Keywords:
Status: CLOSED DUPLICATE of bug 1616150
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.9.0
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: ---
Assignee: Casey Callendrello
QA Contact: Meng Bo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-20 05:29 UTC by Jaspreet Kaur
Modified: 2018-11-26 21:12 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-11-20 10:45:14 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Jaspreet Kaur 2018-11-20 05:29:40 UTC 
Description of problem: After o/s patching webconsole not reachable

Logs:

atomic-openshift-node[17023]: E1119 15:33:44.165558   17023 pod_workers.go:186] Error syncing pod 2f1b6758-e8c7-11e8-98e8-005056894e07 ("webconsole-c9cf7f469-dklht_openshift-web-console(2f1b6758-e8c7-11e8-98e8-005056894e07)"), skipping: error killing pod: failed to "KillPodSandbox" for "2f1b6758-e8c7-11e8-98e8-005056894e07" with KillPodSandboxError: "rpc error: code = Unknown desc = NetworkPlugin cni failed to teardown pod \"webconsole-c9cf7f469-dklht_openshift-web-console\" network: CNI request failed with status 400: 'Failed to execute iptables-restore: exit status 1 (iptables-restore: invalid option -- '5'\nTry `iptables-restore -h' for more information.\n)\n'"
~~~
atomic-openshift-node[17023]: I1119 15:33:44.066321   17023 kubelet.go:1882] SyncLoop (PLEG): "webconsole-c9cf7f469-dklht_openshift-web-console(2f1b6758-e8c7-11e8-98e8-005056894e07)", event: &pleg.PodLifecycleEvent{ID:"2f1b6758-e8c7-11e8-98e8-005056894e07", Type:"ContainerDied", Data:"8788bfa553242618d47cfc5ff49f09369f1f02621101631b29dc038b4d96ef61"}

atomic-openshift-node[17023]: E1119 15:33:44.165432   17023 remote_runtime.go:115] StopPodSandbox "d40f9a1684179a0a5a8132c21eaf3a643826f4948e131f1d5db06b92e88af836" from runtime service failed: rpc error: code = Unknown desc = NetworkPlugin cni failed to teardown pod "webconsole-c9cf7f469-dklht_openshift-web-console" network: CNI request failed with status 400: 'Failed to execute iptables-restore: exit status 1 (iptables-restore: invalid option -- '5'

atomic-openshift-node[17023]: E1119 15:33:44.165537   17023 kubelet.go:1522] error killing pod: failed to "KillPodSandbox" for "2f1b6758-e8c7-11e8-98e8-005056894e07" with KillPodSandboxError: "rpc error: code = Unknown desc = NetworkPlugin cni failed to teardown pod \"webconsole-c9cf7f469-dklht_openshift-web-console\" network: CNI request failed with status 400: 'Failed to execute iptables-restore: exit status 1 (iptables-restore: invalid option -- '5'\nTry `iptables-restore -h' for more information.\n)\n'"


Version-Release number of selected component (if applicable):

iptables-1.4.21-28.el7.x86_64                               Thu Nov 15 09:39:58 2018
iptables-services-1.4.21-28.el7.x86_64                      Thu Nov 15 09:44:16 2018


atomic-openshift-3.9.25-1.git.0.6bc473e.el7.x86_64          Wed Aug  8 19:32:38 2018
atomic-openshift-clients-3.9.25-1.git.0.6bc473e.el7.x86_64  Wed Aug  8 19:32:18 2018
atomic-openshift-docker-excluder-3.9.25-1.git.0.6bc473e.el7.noarch Wed Aug  8 19:33:37 2018
atomic-openshift-excluder-3.9.25-1.git.0.6bc473e.el7.noarch Wed Aug  8 19:33:43 2018
atomic-openshift-master-3.9.25-1.git.0.6bc473e.el7.x86_64   Wed Aug  8 19:34:19 2018
atomic-openshift-node-3.9.25-1.git.0.6bc473e.el7.x86_64     Wed Aug  8 19:40:50 2018
atomic-openshift-sdn-ovs-3.9.25-1.git.0.6bc473e.el7.x86_64  Wed Aug  8 19:40:57 2018
openshift-ansible-3.9.14-1.git.3.c62bc34.el7.noarch         Fri Jun  1 10:18:02 2018
openshift-ansible-docs-3.9.14-1.git.3.c62bc34.el7.noarch    Fri Jun  1 10:18:02 2018
openshift-ansible-playbooks-3.9.14-1.git.3.c62bc34.el7.noarch Fri Jun  1 10:18:02 2018
openshift-ansible-roles-3.9.14-1.git.3.c62bc34.el7.noarch   Fri Jun  1 10:18:02 2018


cat installed-rpms | grep kernel
abrt-addon-kerneloops-2.1.11-52.el7.x86_64                  Thu Nov 15 09:43:42 2018
kernel-3.10.0-862.11.6.el7.x86_64                           Thu Sep 13 09:40:53 2018
kernel-3.10.0-862.14.4.el7.x86_64                           Sat Oct  6 18:12:09 2018
kernel-3.10.0-957.el7.x86_64                                Thu Nov 15 09:43:49 2018
kernel-tools-3.10.0-957.el7.x86_64                          Thu Nov 15 09:44:22 2018
kernel-tools-libs-3.10.0-957.el7.x86_64                     Thu Nov 15 09:40:17 2018
texlive-l3kernel-svn29409.SVN_4469-43.el7.noarch            Thu Nov 15 09:43:45 2018


How reproducible: After o/s patching


Steps to Reproduce:
1.
2.
3.

Actual results: Webconsole not coming up because of the error below :

Error syncing pod 2f1b6758-e8c7-11e8-98e8-005056894e07 ("webconsole-c9cf7f469-dklht_openshift-web-console(2f1b6758-e8c7-11e8-98e8-005056894e07)"), skipping: error killing pod: failed to "KillPodSandbox" for "2f1b6758-e8c7-11e8-98e8-005056894e07" with KillPodSandboxError: "rpc error: code = Unknown desc = NetworkPlugin cni failed to teardown pod \"webconsole-c9cf7f469-dklht_openshift-web-console\" network: CNI request failed with status 400: 'Failed to execute iptables-restore: exit status 1 (iptables-restore: invalid option -- '5'\nTry `iptables-restore -h' for more information.\n)\n'"


Expected results: should have worked just fine without causing issues to webconsole coming up.


Additional info:
Comment 4 Ryan Howe 2018-11-26 21:12:03 UTC 
Fixed with OCP 3.9.51

https://access.redhat.com/errata/RHSA-2018:2908
Note You need to log in before you can comment on or make changes to this bug.