+++ This bug was initially created as a clone of Bug #1901675 +++ [Filing under multus, because it sounds most relevant, please move if wrong component/subcomponent] test: [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled is failing frequently in CI, see search results: https://search.ci.openshift.org/?maxAge=168h&context=1&type=bug%2Bjunit&name=&maxMatches=5&maxBytes=20971520&groupBy=job&search=%5C%5Bsig-network%5C%5D+multicast+when+using+one+of+the+plugins+%27redhat%2Fopenshift-ovs-multitenant%2C+redhat%2Fopenshift-ovs-networkpolicy%27+should+allow+multicast+traffic+in+namespaces+where+it+is+enabled https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-release-master-ocp-4.7-e2e-vsphere-upi/1331542098637230080 Seems to fail most often because of: [sig-instrumentation][sig-builds][Feature:Builds] Prometheus when installed on the cluster should start and expose a secured proxy and verify build metrics [Suite:openshift/conformance/parallel] [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled [Suite:openshift/conformance/parallel] Failure log from CI: : [sig-imageregistry][Feature:ImageLayers] Image layer subresource should return layers from tagged images [Suite:openshift/conformance/parallel] expand_more 17s : [sig-cli] Kubectl client Kubectl copy should copy a file from a running Pod [Suite:openshift/conformance/parallel] [Suite:k8s] expand_more 5m3s : [sig-cli] oc debug ensure it works with image streams [Suite:openshift/conformance/parallel] expand_more 1m17s : [sig-network][Feature:Router] The HAProxy router should serve the correct routes when scoped to a single namespace and label set [Suite:openshift/conformance/parallel] expand_more 3m27s : [sig-network][Feature:Router] The HAProxy router should override the route host for overridden domains with a custom value [Suite:openshift/conformance/parallel] expand_more 3m26s : [sig-imageregistry][Feature:ImageAppend] Image append should create images by appending them [Suite:openshift/conformance/parallel] expand_more 24s : [sig-imageregistry][Feature:Image] oc tag should preserve image reference for external images [Suite:openshift/conformance/parallel] expand_more 5m18s : [sig-apps][Feature:Jobs] Users should be able to create and run a job in a user project [Suite:openshift/conformance/parallel] expand_more 3m18s : [sig-network][Feature:Router] The HAProxy router should support reencrypt to services backed by a serving certificate automatically [Suite:openshift/conformance/parallel] expand_more 3m25s : [sig-builds][Feature:Builds] Optimized image builds should succeed [Suite:openshift/conformance/parallel] expand_more 2m19s : [sig-builds][Feature:Builds][valueFrom] process valueFrom in build strategy environment variables should successfully resolve valueFrom in docker build environment variables [Suite:openshift/conformance/parallel] expand_more 2m35s : [sig-auth][Feature:SecurityContextConstraints] TestPodDefaultCapabilities [Suite:openshift/conformance/parallel] expand_more 3m17s : [sig-cluster-lifecycle] Pods cannot access the /config/master API endpoint [Suite:openshift/conformance/parallel] expand_more 3m17s : [sig-apps][Feature:DeploymentConfig] deploymentconfigs when tagging images should successfully tag the deployed image [Suite:openshift/conformance/parallel] expand_more 5m19s : [sig-imageregistry][Feature:Image] oc tag should change image reference for internal images [Suite:openshift/conformance/parallel] expand_more 18s : [sig-imageregistry][Feature:ImageLookup] Image policy should perform lookup when the Deployment gets the resolve-names annotation later [Suite:openshift/conformance/parallel] expand_more 17s : [sig-imageregistry][Feature:Image] oc tag should work when only imagestreams api is available [Suite:openshift/conformance/parallel] expand_more 5m18s : [sig-cli] oc debug deployment configs from a build [Suite:openshift/conformance/parallel] expand_more 5m18s : [sig-network][Feature:Router] The HAProxy router should expose prometheus metrics for a route [Suite:openshift/conformance/parallel] expand_more 1m37s : [sig-auth][Feature:LDAP] LDAP IDP should authenticate against an ldap server [Suite:openshift/conformance/parallel] expand_more 5m18s : [sig-imageregistry][Feature:ImageLookup] Image policy should perform lookup when the object has the resolve-names annotation [Suite:openshift/conformance/parallel] expand_more 18s : [sig-imageregistry][Feature:ImageExtract] Image extract should extract content from an image [Suite:openshift/conformance/parallel] expand_more 20s : [sig-auth][Feature:LDAP] LDAP should start an OpenLDAP test server [Suite:openshift/conformance/parallel] expand_more 5m18s : [sig-instrumentation][sig-builds][Feature:Builds] Prometheus when installed on the cluster should start and expose a secured proxy and verify build metrics [Suite:openshift/conformance/parallel] expand_more 2m46s : [sig-cli] oc rsh rsh specific flags should work well when access to a remote shell [Suite:openshift/conformance/parallel] expand_more 4m16s : [sig-network][Feature:Router] The HAProxy router should run even if it has no access to update status [Suite:openshift/conformance/parallel] expand_more 3m22s : [sig-builds][Feature:Builds] Multi-stage image builds should succeed [Suite:openshift/conformance/parallel] expand_more 2m19s : [sig-network] Conntrack should be able to preserve UDP traffic when server pod cycles for a NodePort service [Suite:openshift/conformance/parallel] [Suite:k8s] expand_more 1m20s : [sig-builds][Feature:Builds] prune builds based on settings in the buildconfig should prune completed builds based on the successfulBuildsHistoryLimit setting [Suite:openshift/conformance/parallel] expand_more 2m27s : [sig-imageregistry][Feature:ImageLookup] Image policy should update standard Kube object image fields when local names are on [Suite:openshift/conformance/parallel] expand_more 17s : [sig-builds][Feature:Builds] s2i build with a root user image should create a root build and pass with a privileged SCC [Suite:openshift/conformance/parallel] expand_more 17s : [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should block multicast traffic in namespaces where it is disabled [Suite:openshift/conformance/parallel] expand_more 5m18s : [sig-imageregistry][Feature:ImageTriggers] Annotation trigger reconciles after the image is overwritten [Suite:openshift/conformance/parallel] expand_more 46s : [sig-network][Feature:Router] The HAProxy router should serve routes that were created from an ingress [Suite:openshift/conformance/parallel] expand_more 3m56s : [sig-network][Feature:Router] The HAProxy router should override the route host with a custom value [Suite:openshift/conformance/parallel] expand_more 3m26s : [sig-network][Feature:Router] The HAProxy router should serve a route that points to two services and respect weights [Suite:openshift/conformance/parallel] expand_more 3m22s : [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should allow multicast traffic in namespaces where it is enabled [Suite:openshift/conformance/parallel] expand_more 5m20s : [sig-imageregistry][Feature:ImageInfo] Image info should display information about images [Suite:openshift/conformance/parallel] expand_more 27s : [sig-builds][Feature:Builds] custom build with buildah being created from new-build should complete build with custom builder image [Suite:openshift/conformance/parallel] expand_more 3m21s : [sig-builds][Feature:Builds] build can reference a cluster service with a build being created from new-build should be able to run a build that references a cluster service [Suite:openshift/conformance/parallel] expand_more 20s : Run multi-stage test e2e-vsphere-upi - e2e-vsphere-upi-openshift-e2e-test container test expand_more --- Additional comment from Lokesh Mandvekar on 2020-11-25 19:51:37 UTC --- Same log URL for test: [sig-network] multicast when using one of the plugins 'redhat/openshift-ovs-multitenant, redhat/openshift-ovs-networkpolicy' should block multicast traffic in namespaces where it is disabled
Look like the PR is still not merged into v4.6 https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-release-master-ocp-4.6-e2e-vsphere-upi/1346097930364260352 Multicast pod still try to pull image from docker.io Jan 4 15:00:08.695: INFO: At 2021-01-04 14:56:14 +0000 UTC - event for multicast-3: {kubelet compute-1} Failed: Failed to pull image "openshift/test-multicast": rpc error: code = Unknown desc = Error reading manifest latest in docker.io/openshift/test-multicast: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit
This test is flaky and fails in the AfterSuite actions: Jan 14 04:17:30.739: INFO: Running AfterSuite actions on node 1 fail [github.com/openshift/origin/test/extended/networking/multicast.go:52]: Expected success, but got an error: <*exec.ExitError | 0xc002d52d40>: { ProcessState: { pid: 26544, status: 256, rusage: { Utime: {Sec: 0, Usec: 164269}, Stime: {Sec: 0, Usec: 25730}, Maxrss: 157780, Ixrss: 0, Idrss: 0, Isrss: 0, Minflt: 2535, Majflt: 0, Nswap: 0, Inblock: 0, Oublock: 0, Msgsnd: 0, Msgrcv: 0, Nsignals: 0, Nvcsw: 800, Nivcsw: 6, }, }, Stderr: nil, } exit status 1 Will investigate separately, but the docker pull issue is now fixed.
Did not see above issue in https://search.ci.openshift.org/?search=%5C%5Bsig-network%5C%5D+multicast+when+using+one+of+the+plugins+%27redhat%2Fopenshift-ovs-multitenant%2C+redhat%2Fopenshift-ovs-networkpolicy%27+should+allow+multicast+traffic+in+namespaces+where+it+is+enabled&maxAge=24h&context=1&type=bug%2Bjunit&name=4.6&maxMatches=5&maxBytes=20971520&groupBy=job
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6.18 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:0510