Bug 1914402 - pluto IKE daemon not running on few ovn-ipsec containers degrading the cluster [NEEDINFO]
Summary: pluto IKE daemon not running on few ovn-ipsec containers degrading the cluster
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.7
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: Mark Gray
QA Contact: Anurag saxena
Depends On: 1918935
TreeView+ depends on / blocked
Reported: 2021-01-08 18:08 UTC by Anurag saxena
Modified: 2021-10-26 08:27 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1905730
Last Closed: 2021-10-26 08:27:06 UTC
Target Upstream Version:
mark.d.gray: needinfo? (zzhao)
anusaxen: needinfo? (mark.d.gray)

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-network-operator pull 952 0 None closed Bug 1914402: ipsec: Add liveness probe 2021-08-27 14:02:16 UTC

Comment 18 Mark Gray 2021-02-02 08:36:29 UTC
Our current understanding of this is:

* It only triggers at cluster installation.
* It appears to be a libreswan issue: https://github.com/libreswan/libreswan/issues/390
* A liveness probe has been added at https://github.com/openshift/cluster-network-operator/pull/952. This will restart the container which fixes the problem.

As a result, we have reduced the severity to medium and it is no longer a blocker. We will continue to work with the libreswan team to resolve the underlying issue.

Comment 19 Mark Gray 2021-10-26 08:27:06 UTC
This issue has been resolved in Libreswan.

Note You need to log in before you can comment on or make changes to this bug.