Bug 1914402 - pluto IKE daemon not running on few ovn-ipsec containers degrading the cluster
Summary: pluto IKE daemon not running on few ovn-ipsec containers degrading the cluster
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.7
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: Mark Gray
QA Contact: Anurag saxena
Depends On: 1918935
TreeView+ depends on / blocked
Reported: 2021-01-08 18:08 UTC by Anurag saxena
Modified: 2023-09-15 00:57 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1905730
Last Closed: 2021-10-26 08:27:06 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-network-operator pull 952 0 None closed Bug 1914402: ipsec: Add liveness probe 2021-08-27 14:02:16 UTC

Comment 18 Mark Gray 2021-02-02 08:36:29 UTC
Our current understanding of this is:

* It only triggers at cluster installation.
* It appears to be a libreswan issue: https://github.com/libreswan/libreswan/issues/390
* A liveness probe has been added at https://github.com/openshift/cluster-network-operator/pull/952. This will restart the container which fixes the problem.

As a result, we have reduced the severity to medium and it is no longer a blocker. We will continue to work with the libreswan team to resolve the underlying issue.

Comment 19 Mark Gray 2021-10-26 08:27:06 UTC
This issue has been resolved in Libreswan.

Comment 20 Red Hat Bugzilla 2023-09-15 00:57:59 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days

Note You need to log in before you can comment on or make changes to this bug.