Description of problem: Egress Router CNI is not logging results, so every warning or error gets to CRI-O output. Expected results: To have logging to a file or stdout in a specific format, such as 2021-01-21T16:50:44+01:00 [debug] Called CNI ADD 2021-01-21T16:50:44+01:00 [debug] Gateway: 192.168.10.254 2021-01-21T16:50:44+01:00 [debug] IP Source Addresses: [192.168.10.99/24] 2021-01-21T16:50:44+01:00 [debug] IP Destinations: [10.0.3.0/32] 2021-01-21T16:50:44+01:00 [debug] Created macvlan interface 2021-01-21T16:50:44+01:00 [debug] Renamed macvlan to "net1" 2021-01-21T16:50:44+01:00 [debug] Added iptables rule: iptables -t nat PREROUTING -i eth0 -j DNAT --to-destination 10.0.3.0 2021-01-21T16:50:44+01:00 [debug] Added iptables rule: iptables -t nat -o net1 -j SNAT --to-source 192.168.10.99
sh-4.4# journalctl -u crio Feb 01 19:42:30 ip-10-0-139-74 crio[1626]: 2021-02-01T19:42:30Z [debug] Called CNI ADD Feb 01 19:42:30 ip-10-0-139-74 crio[1626]: 2021-02-01T19:42:30Z [debug] Gateway: 10.0.128.1 Feb 01 19:42:30 ip-10-0-139-74 crio[1626]: 2021-02-01T19:42:30Z [debug] IP Source Addresses: [10.0.139.75/24] Feb 01 19:42:30 ip-10-0-139-74 crio[1626]: 2021-02-01T19:42:30Z [debug] IP Destinations: [172.217.7.206/32] Feb 01 19:42:30 ip-10-0-139-74 crio[1626]: 2021-02-01T19:42:30Z [debug] Created macvlan interface Feb 01 19:42:30 ip-10-0-139-74 crio[1626]: 2021-02-01T19:42:30Z [debug] Renamed macvlan to "net1" Feb 01 19:42:30 ip-10-0-139-74 crio[1626]: 2021-02-01T19:42:30Z [debug] Added iptables rule: iptables -t nat PREROUTING -i eth0 -j DNAT > Feb 01 19:42:30 ip-10-0-139-74 crio[1626]: 2021-02-01T19:42:30Z [debug] Added iptables rule: iptables -t nat -o net1 -j SNAT --to-source> Feb 01 19:42:30 ip-10-0-139-74 crio[1626]: 2021-02-01T19:42:30Z [verbose] Add: test-ovn-egressrouter-redirect:ovn-egressrouter-redirect-> [weliang@weliang verification-tests]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.7.0-0.nightly-2021-02-01-135829 True False 21m Cluster version is 4.7.0-0.nightly-2021-02-01-135829 [weliang@weliang verification-tests]$
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633