Bug 1942122 - Egress IP iptables rules not added due to iptables: Resource temporarily unavailable [NEEDINFO]
Summary: Egress IP iptables rules not added due to iptables: Resource temporarily unav...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.9.0
Assignee: Jacob Tanenbaum
QA Contact: huirwang
URL:
Whiteboard:
Depends On:
Blocks: 1979208 1979216 1987239
TreeView+ depends on / blocked
 
Reported: 2021-03-23 17:23 UTC by Pablo Alonso Rodriguez
Modified: 2021-10-18 17:29 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1979208 1979216 (view as bug list)
Environment:
Last Closed: 2021-10-18 17:29:21 UTC
Target Upstream Version:
anbhat: needinfo? (jtanenba)
huirwang: needinfo? (jtanenba)


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift sdn pull 316 0 None closed Bug 1942122: when assigning and releasing egressIP try more than once before failing 2021-06-28 08:23:04 UTC
Red Hat Product Errata RHSA-2021:3759 0 None None None 2021-10-18 17:29:59 UTC

Description Pablo Alonso Rodriguez 2021-03-23 17:23:11 UTC
Description of problem:

When applying iptables rules for an egress IP, sometimes the following error messages are shown and the rules are not applied


March 22nd 2021, 19:00:00.335	E0322 19:00:00.335303    5323 egressip.go:120] Error assigning Egress IP "10.x.x.x": could not add egress IP iptables rule: error appending rule: exit status 4: iptables: Resource temporarily unavailable.

Version-Release number of selected component (if applicable):

3.11.380

How reproducible:

Only in customer environment

Steps to Reproduce:

Customer reproduces it by restarting node or docker, but it might be reproducible by other means.

Actual results:

iptables rules for egress IPs not added, although OVS flows and other things are added.

Expected results:

iptables rules added as well

Additional info:

If I try to acquire a lock on xtables manually and then release it, I cannot reproduce this issue, because the iptables invocations from sdn are done with -w, so it just waits until I release the lock.

Comment 31 errata-xmlrpc 2021-10-18 17:29:21 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759


Note You need to log in before you can comment on or make changes to this bug.