Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1899746

Summary: [ovn] error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)
Product: OpenShift Container Platform Reporter: Ross Brattain <rbrattai>
Component: NetworkingAssignee: Tim Rozet <trozet>
Networking sub component: ovn-kubernetes QA Contact: Anurag saxena <anusaxen>
Status: CLOSED ERRATA Docs Contact:
Severity: urgent    
Priority: high CC: aconstan, asood, huirwang, mifiedle, trozet, weliang, zzhao
Version: 4.7   
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-24 15:35:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1888827    

Description Ross Brattain 2020-11-19 21:51:27 UTC 
Description of problem:

Pod creation fails with error while waiting on flows for pod: OVS sandbox port is no longer active (probably due to a subsequent CNI ADD)


Version-Release number of selected component (if applicable):

4.7.0-0.nightly-2020-11-18-203317

How reproducible:

always

Steps to Reproduce:
1. oc new-project t1
2. oc create -f https://raw.githubusercontent.com/openshift/verification-tests/master/testdata/networking/aosqe-pod-for-ping.json 
3. wait for pods

Actual results:

 Warning  FailedCreatePodSandBox  10s (x12 over 2m48s)  kubelet, p5r8z-worker-c-8xs7p.c.openshift-qe.internal  (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_hello-pod_07efm_7cf0c45d-e84e-430a-b554-c6e7b5e4f9b2_0(ad1ced5dbcf1f4ed69f936ffb1f7e95b1541ef344e9cb029b7d5ead48e509e1e): [07efm/hello-pod:ovn-kubernetes]: error adding container to network "ovn-kubernetes": CNI request failed with status 400: '[07efm/hello-pod ad1ced5dbcf1f4ed69f936ffb1f7e95b1541ef344e9cb029b7d5ead48e509e1e] [07efm/hello-pod ad1ced5dbcf1f4ed69f936ffb1f7e95b1541ef344e9cb029b7d5ead48e509e1e] failed to configure pod interface: error while waiting on flows for pod: OVS sandbox port ad1ced5dbcf1f4e is no longer active (probably due to a subsequent CNI ADD)
'

Expected results:

Pods are created

Additional info:
Comment 2 Tim Rozet 2020-11-20 20:00:30 UTC 
For some reason OVS is adding quotes around certain iface-ids:
external_ids        : {attached_mac="0a:58:0a:80:02:11", iface-id="9hcck_test-rc-dxrdj", ip_addresses="10.128.2.17/23", sandbox="25367df8807fff0676589c1ce5184c09e9f9976471c59f6327464789f1365f83"}

but when I create a pod with a similar name:
external_ids        : {attached_mac="0a:58:0a:80:02:39", iface-id=default_test-rc-dxrdj, ip_addresses="10.128.2.57/23", sandbox=cd0afe17d69b4dffda9210d49750e6076b34e6b1caf5998f720a2c8deaa7c592}

I'm not sure why, but the obvious solution is to just trim out quotes when we run CNI ovs-vsctl commands.
Comment 3 Tim Rozet 2020-11-21 00:54:19 UTC 
Aniket pointed out that the quotes are added by ovsdb when the value starts with a number :)
Comment 5 Ross Brattain 2020-11-23 15:18:42 UTC 
Verified on 4.7.0-0.nightly-2020-11-22-204912

OVN feature tests passed.

Able to create Pods in a project that starts with a digit.

external_ids        : {attached_mac="0a:58:0a:81:02:14", iface-id="1234_test-rc-sxrzm", ip_addresses="10.129.2.20/23", sandbox="3a5bf555f272342f290aa29d4034731302ace5b65ff1ffc58292891321dc2f35"}
external_ids        : {attached_mac="0a:58:0a:83:00:06", iface-id="1234_test-rc-nwfjd", ip_addresses="10.131.0.6/23", sandbox="6d89d0a5e45a916bcd5f5ed615e728983690bf929882be3e8782060642651452"}
external_ids        : {attached_mac="0a:58:0a:81:02:14", iface-id="1234_test-rc-sxrzm", ip_addresses="10.129.2.20/23", sandbox="3a5bf555f272342f290aa29d4034731302ace5b65ff1ffc58292891321dc2f35"}

QE note:
create a project that starts with a digit, then create pods.  Check for iface-id="1234.*" in the iface-id.
Comment 8 errata-xmlrpc 2021-02-24 15:35:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633