Bug 1942122 - Egress IP iptables rules not added due to iptables: Resource temporarily unavailable
Summary: Egress IP iptables rules not added due to iptables: Resource temporarily unav...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.9.0
Assignee: Jacob Tanenbaum
QA Contact: huirwang
Depends On:
Blocks: 1979208 1979216 1987239
TreeView+ depends on / blocked
Reported: 2021-03-23 17:23 UTC by Pablo Alonso Rodriguez
Modified: 2023-09-15 01:03 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1979208 1979216 (view as bug list)
Last Closed: 2021-10-18 17:29:21 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift sdn pull 316 0 None closed Bug 1942122: when assigning and releasing egressIP try more than once before failing 2021-06-28 08:23:04 UTC
Red Hat Product Errata RHSA-2021:3759 0 None None None 2021-10-18 17:29:59 UTC

Description Pablo Alonso Rodriguez 2021-03-23 17:23:11 UTC
Description of problem:

When applying iptables rules for an egress IP, sometimes the following error messages are shown and the rules are not applied

March 22nd 2021, 19:00:00.335	E0322 19:00:00.335303    5323 egressip.go:120] Error assigning Egress IP "10.x.x.x": could not add egress IP iptables rule: error appending rule: exit status 4: iptables: Resource temporarily unavailable.

Version-Release number of selected component (if applicable):


How reproducible:

Only in customer environment

Steps to Reproduce:

Customer reproduces it by restarting node or docker, but it might be reproducible by other means.

Actual results:

iptables rules for egress IPs not added, although OVS flows and other things are added.

Expected results:

iptables rules added as well

Additional info:

If I try to acquire a lock on xtables manually and then release it, I cannot reproduce this issue, because the iptables invocations from sdn are done with -w, so it just waits until I release the lock.

Comment 31 errata-xmlrpc 2021-10-18 17:29:21 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Comment 32 Red Hat Bugzilla 2023-09-15 01:03:54 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days

Note You need to log in before you can comment on or make changes to this bug.