Bug 1653381 - [3.10] firewalld reload causes namespace wide egress IP to stop working
Summary: [3.10] firewalld reload causes namespace wide egress IP to stop working
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.10.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 3.10.z
Assignee: Dan Winship
QA Contact: Meng Bo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-26 17:01 UTC by Dan Winship
Modified: 2019-01-10 09:27 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Egress IP-related iptables rules were not recreated if they got deleted. Consequence: If a user restarted firewalld or iptables.service on a node that hosted egress IPs, then those egress IPs would stop working. (Traffic that should have used the egress IP would use the node's normal IP instead.) Fix: Egress IP iptables rules are now recreated if they are removed. Result: Egress IPs work reliably.
Clone Of: 1643304
Environment:
Last Closed: 2019-01-10 09:27:10 UTC
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Origin (Github) 21550 0 None None None 2018-11-26 17:12:19 UTC
Red Hat Product Errata RHBA-2019:0026 0 None None None 2019-01-10 09:27:16 UTC

Comment 1 Dan Winship 2018-11-26 17:12:19 UTC 
https://github.com/openshift/origin/pull/21550
Comment 2 Weibin Liang 2018-12-04 16:10:01 UTC 
Tested in v3.10.83 and the issue was fixed.
Comment 4 errata-xmlrpc 2019-01-10 09:27:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0026
Note You need to log in before you can comment on or make changes to this bug.