[Filing under multus, because it sounds most relevant, please move if wrong component/subcomponent] test: [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled is failing frequently in CI, see search results: https://search.ci.openshift.org/?maxAge=168h&context=1&type=bug%2Bjunit&name=&maxMatches=5&maxBytes=20971520&groupBy=job&search=%5C%5Bsig-network%5C%5D+multicast+when+using+one+of+the+plugins+%27redhat%2Fopenshift-ovs-multitenant%2C+redhat%2Fopenshift-ovs-networkpolicy%27+should+allow+multicast+traffic+in+namespaces+where+it+is+enabled https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-release-master-ocp-4.7-e2e-vsphere-upi/1331542098637230080 Seems to fail most often because of: [sig-instrumentation][sig-builds][Feature:Builds] Prometheus when installed on the cluster should start and expose a secured proxy and verify build metrics [Suite:openshift/conformance/parallel] [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled [Suite:openshift/conformance/parallel] Failure log from CI: : [sig-imageregistry][Feature:ImageLayers] Image layer subresource should return layers from tagged images [Suite:openshift/conformance/parallel] expand_more 17s : [sig-cli] Kubectl client Kubectl copy should copy a file from a running Pod [Suite:openshift/conformance/parallel] [Suite:k8s] expand_more 5m3s : [sig-cli] oc debug ensure it works with image streams [Suite:openshift/conformance/parallel] expand_more 1m17s : [sig-network][Feature:Router] The HAProxy router should serve the correct routes when scoped to a single namespace and label set [Suite:openshift/conformance/parallel] expand_more 3m27s : [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Suite:openshift/conformance/parallel] expand_more 3m26s : [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Suite:openshift/conformance/parallel] expand_more 24s : [sig-imageregistry][Feature:Image] oc tag should preserve image reference for external images [Suite:openshift/conformance/parallel] expand_more 5m18s : [sig-apps][Feature:Jobs] Users should be able to create and run a job in a user project [Suite:openshift/conformance/parallel] expand_more 3m18s : [sig-network][Feature:Router] The HAProxy router should support reencrypt to services backed by a serving certificate automatically [Suite:openshift/conformance/parallel] expand_more 3m25s : [sig-builds][Feature:Builds] Optimized image builds should succeed [Suite:openshift/conformance/parallel] expand_more 2m19s : [sig-builds][Feature:Builds][valueFrom] process valueFrom in build strategy environment variables should successfully resolve valueFrom in docker build environment variables [Suite:openshift/conformance/parallel] expand_more 2m35s : [sig-auth][Feature:SecurityContextConstraints] TestPodDefaultCapabilities [Suite:openshift/conformance/parallel] expand_more 3m17s : [sig-cluster-lifecycle] Pods cannot access the /config/master API endpoint [Suite:openshift/conformance/parallel] expand_more 3m17s : [sig-apps][Feature:DeploymentConfig] deploymentconfigs when tagging images should successfully tag the deployed image [Suite:openshift/conformance/parallel] expand_more 5m19s : [sig-imageregistry][Feature:Image] oc tag should change image reference for internal images [Suite:openshift/conformance/parallel] expand_more 18s : [sig-imageregistry][Feature:ImageLookup] Image policy should perform lookup when the Deployment gets the resolve-names annotation later [Suite:openshift/conformance/parallel] expand_more 17s : [sig-imageregistry][Feature:Image] oc tag should work when only imagestreams api is available [Suite:openshift/conformance/parallel] expand_more 5m18s : [sig-cli] oc debug deployment configs from a build [Suite:openshift/conformance/parallel] expand_more 5m18s : [sig-network][Feature:Router] The HAProxy router should expose prometheus metrics for a route [Suite:openshift/conformance/parallel] expand_more 1m37s : [sig-auth][Feature:LDAP] LDAP IDP should authenticate against an ldap server [Suite:openshift/conformance/parallel] expand_more 5m18s : [sig-imageregistry][Feature:ImageLookup] Image policy should perform lookup when the object has the resolve-names annotation [Suite:openshift/conformance/parallel] expand_more 18s : [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image [Suite:openshift/conformance/parallel] expand_more 20s : [sig-auth][Feature:LDAP] LDAP should start an OpenLDAP test server [Suite:openshift/conformance/parallel] expand_more 5m18s : [sig-instrumentation][sig-builds][Feature:Builds] Prometheus when installed on the cluster should start and expose a secured proxy and verify build metrics [Suite:openshift/conformance/parallel] expand_more 2m46s : [sig-cli] oc rsh rsh specific flags should work well when access to a remote shell [Suite:openshift/conformance/parallel] expand_more 4m16s : [sig-network][Feature:Router] The HAProxy router should run even if it has no access to update status [Suite:openshift/conformance/parallel] expand_more 3m22s : [sig-builds][Feature:Builds] Multi-stage image builds should succeed [Suite:openshift/conformance/parallel] expand_more 2m19s : [sig-network] Conntrack should be able to preserve UDP traffic when server pod cycles for a NodePort service [Suite:openshift/conformance/parallel] [Suite:k8s] expand_more 1m20s : [sig-builds][Feature:Builds] prune builds based on settings in the buildconfig should prune completed builds based on the successfulBuildsHistoryLimit setting [Suite:openshift/conformance/parallel] expand_more 2m27s : [sig-imageregistry][Feature:ImageLookup] Image policy should update standard Kube object image fields when local names are on [Suite:openshift/conformance/parallel] expand_more 17s : [sig-builds][Feature:Builds] s2i build with a root user image should create a root build and pass with a privileged SCC [Suite:openshift/conformance/parallel] expand_more 17s : [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should block multicast traffic in namespaces where it is disabled [Suite:openshift/conformance/parallel] expand_more 5m18s : [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] expand_more 46s : [sig-network][Feature:Router] The HAProxy router should serve routes that were created from an ingress [Suite:openshift/conformance/parallel] expand_more 3m56s : [sig-network][Feature:Router] The HAProxy router should override the route host with a custom value [Suite:openshift/conformance/parallel] expand_more 3m26s : [sig-network][Feature:Router] The HAProxy router should serve a route that points to two services and respect weights [Suite:openshift/conformance/parallel] expand_more 3m22s : [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled [Suite:openshift/conformance/parallel] expand_more 5m20s : [sig-imageregistry][Feature:ImageInfo] Image info should display information about images [Suite:openshift/conformance/parallel] expand_more 27s : [sig-builds][Feature:Builds] custom build with buildah being created from new-build should complete build with custom builder image [Suite:openshift/conformance/parallel] expand_more 3m21s : [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service [Suite:openshift/conformance/parallel] expand_more 20s : Run multi-stage test e2e-vsphere-upi - e2e-vsphere-upi-openshift-e2e-test container test expand_more
Same log URL for test: [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should block multicast traffic in namespaces where it is disabled
Still see the multicast failed in latest v4.7 CI: https://search.ci.openshift.org/?search=multicast+when+using+one+of+the+plugins+%27redhat%2Fopenshift-ovs-multitenant%2C+redhat%2Fopenshift-ovs-networkpolicy%27+should+allow+multicast+traffic+in+namespaces+where+it+is+enabled&maxAge=168h&context=1&type=bug%2Bjunit&name=4.7&maxMatches=5&maxBytes=20971520&groupBy=job https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/release-openshift-origin-installer-e2e-azure-4.7/1338330052495937536 https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-release-master-ocp-4.7-e2e-aws-workers-rhel7/1338552052871073792
the azure error seems to be related to some permissions issue: Dec 14 04:47:19.698: INFO: Error running /usr/bin/oc --namespace=e2e-test-multicast-qvbmb --kubeconfig=/tmp/configfile346677150 exec multicast-3 -- omping -c 5 -T 60 -q -q 10.131.0.188 10.131.0.189 10.128.2.182: StdOut> error: You must be logged in to the server (Unauthorized) StdErr> error: You must be logged in to the server (Unauthorized) [AfterEach] [sig-network] multicast github.com/openshift/origin/test/extended/util/client.go:138 STEP: Collecting events from namespace "e2e-test-multicast-qvbmb". The aws error seems to be rhel7 specific and it is likely that the RHEL7 worker node is not set up correctly since the Multus readinessindicatorfile was not found, which likely means the sdn was not properly initialized. Dec 14 20:00:46.397: INFO: At 2020-12-14 19:57:10 +0000 UTC - event for multicast-3: {kubelet ip-10-0-179-21.us-west-1.compute.internal} FailedCreatePodSandBox: Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_multicast-3_e2e-test-multicast-xdhf8_e32d5fb1-150a-4094-b18f-2a9f59c861ab_0(ce76b14dd92b45a4f69ba2402bcc4580c76cc50f58839fdfe58dc75f6e08ec6c): Multus: [e2e-test-multicast-xdhf8/multicast-3]: PollImmediate error waiting for ReadinessIndicatorFile: timed out waiting for the condition Dec 14 20:00:46.397: INFO: At 2020-12-14 19:58:53 +0000 UTC - event for multicast-3: {kubelet ip-10-0-179-21.us-west-1.compute.internal} FailedCreatePodSandBox: Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_multicast-3_e2e-test-multicast-xdhf8_e32d5fb1-150a-4094-b18f-2a9f59c861ab_0(b352d3d09db7f57423b3a313955969f8d3e36c59a3f3a7c9556baf2b56e36b6e): Multus: [e2e-test-multicast-xdhf8/multicast-3]: PollImmediate error waiting for ReadinessIndicatorFile: timed out waiting for the condition Dec 14 20:00:46.397: INFO: At 2020-12-14 20:00:35 +0000 UTC - event for multicast-3: {kubelet ip-10-0-179-21.us-west-1.compute.internal} FailedCreatePodSandBox: Failed to create pod sandbox: rpc error: code = Unknown desc = failed to create pod network sandbox k8s_multicast-3_e2e-test-multicast-xdhf8_e32d5fb1-150a-4094-b18f-2a9f59c861ab_0(18fb08e899765e33d85313fcddb94cc2a7e89e692764e5985e85fdc6c1c806ea): Multus: [e2e-test-multicast-xdhf8/multicast-3]: PollImmediate error waiting for ReadinessIndicatorFile: timed out waiting for the condition The rhel7 worker issue seems to be related to: https://bugzilla.redhat.com/show_bug.cgi?id=1908616
Not see multicast failed log in e2e-azure-4.7 any more.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633