Description of problem: Pod creation fails with error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD) Version-Release number of selected component (if applicable): 4.7.0-0.nightly-2020-11-18-203317 How reproducible: always Steps to Reproduce: 1. oc new-project t1 2. oc create -f https://raw.githubusercontent.com/openshift/verification-tests/master/testdata/networking/aosqe-pod-for-ping.json 3. wait for pods Actual results: Warning FailedCreatePodSandBox 10s (x12 over 2m48s) kubelet, p5r8z-worker-c-8xs7p.c.openshift-qe.internal (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_hello-pod_07efm_7cf0c45d-e84e-430a-b554-c6e7b5e4f9b2_0(ad1ced5dbcf1f4ed69f936ffb1f7e95b1541ef344e9cb029b7d5ead48e509e1e): [07efm/hello-pod:ovn-kubernetes]: error adding container to network "ovn-kubernetes": CNI request failed with status 400: '[07efm/hello-pod ad1ced5dbcf1f4ed69f936ffb1f7e95b1541ef344e9cb029b7d5ead48e509e1e] [07efm/hello-pod ad1ced5dbcf1f4ed69f936ffb1f7e95b1541ef344e9cb029b7d5ead48e509e1e] failed to configure pod interface: error while waiting on flows for pod: OVS sandbox port ad1ced5dbcf1f4e is no longer active (probably due to a subsequent CNI ADD) ' Expected results: Pods are created Additional info:
For some reason OVS is adding quotes around certain iface-ids: external_ids : {attached_mac="0a:58:0a:80:02:11", iface-id="9hcck_test-rc-dxrdj", ip_addresses="10.128.2.17/23", sandbox="25367df8807fff0676589c1ce5184c09e9f9976471c59f6327464789f1365f83"} but when I create a pod with a similar name: external_ids : {attached_mac="0a:58:0a:80:02:39", iface-id=default_test-rc-dxrdj, ip_addresses="10.128.2.57/23", sandbox=cd0afe17d69b4dffda9210d49750e6076b34e6b1caf5998f720a2c8deaa7c592} I'm not sure why, but the obvious solution is to just trim out quotes when we run CNI ovs-vsctl commands.
Aniket pointed out that the quotes are added by ovsdb when the value starts with a number :)
Verified on 4.7.0-0.nightly-2020-11-22-204912 OVN feature tests passed. Able to create Pods in a project that starts with a digit. external_ids : {attached_mac="0a:58:0a:81:02:14", iface-id="1234_test-rc-sxrzm", ip_addresses="10.129.2.20/23", sandbox="3a5bf555f272342f290aa29d4034731302ace5b65ff1ffc58292891321dc2f35"} external_ids : {attached_mac="0a:58:0a:83:00:06", iface-id="1234_test-rc-nwfjd", ip_addresses="10.131.0.6/23", sandbox="6d89d0a5e45a916bcd5f5ed615e728983690bf929882be3e8782060642651452"} external_ids : {attached_mac="0a:58:0a:81:02:14", iface-id="1234_test-rc-sxrzm", ip_addresses="10.129.2.20/23", sandbox="3a5bf555f272342f290aa29d4034731302ace5b65ff1ffc58292891321dc2f35"} QE note: create a project that starts with a digit, then create pods. Check for iface-id="1234.*" in the iface-id.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633