Description of problem (please be detailed as possible and provide log snippests): --------------------------------------------------------------------------------- NFT files are not created. Version of all relevant components (if applicable): -------------------------------------------------- CNV 4.9.1-23 must-gather 4.9.1-3 Does this issue impact your ability to continue to work with the product (please explain in detail what is the user impact)? -------------------------------------------------- degradation: previously, those files were collected. Is there any workaround available to the best of your knowledge? --------------------------------------------------------------- no. Rate from 1 - 5 the complexity of the scenario you performed that caused this bug (1 - very simple, 5 - very complex)? --------------------------------------- 1 - same test as before should pass. Can this issue reproducible? --------------------------- yes, 100% (by running the automation test) Can this issue reproduce from the UI? ------------------------------------ reproducible via oc must-gather commands. If this is a regression, please provide more details to justify this: -------------------------------------------------------------------- 1. test passed before on 4.9.1-23 before https://github.com/kubevirt/must-gather/pull/100/files. 2. 4.8.3-34 - works. Steps to Reproduce: ------------------ 1. run the following command: oc adm must-gather --image=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8@sha256:4793d2331f033f734c12bb3d6784e2cf2efdbfde26d99dc5e77ce7c2e544c4c3 --dest-dir=/tmp/pytest/must_gather0 2. check the dest dir from the oc adm command under "nodes" subdir. Actual results: -------------- No NFT files created. Only the *_logs_NetworkManager file was created. Expected results: ---------------- NFT files should be created, as in previous versions. Additional info: --------------- in 4.8.3-34, the content of one of the worker nodes subdir contains files with "nft-" prefix: -rw-r--r--. 1 cnv-qe-jenkins cnv-qe-jenkins 469 Nov 22 22:36 nft-ip6-filter -rw-r--r--. 1 cnv-qe-jenkins cnv-qe-jenkins 460 Nov 22 22:36 nft-ip6-mangle -rw-r--r--. 1 cnv-qe-jenkins cnv-qe-jenkins 668 Nov 22 22:36 nft-ip6-nat -rw-r--r--. 1 cnv-qe-jenkins cnv-qe-jenkins 2431 Nov 22 22:36 nft-ip-filter -rw-r--r--. 1 cnv-qe-jenkins cnv-qe-jenkins 524 Nov 22 22:36 nft-ip-mangle -rw-r--r--. 1 cnv-qe-jenkins cnv-qe-jenkins 79507 Nov 22 22:36 nft-ip-nat -rw-r--r--. 1 cnv-qe-jenkins cnv-qe-jenkins 403 Nov 22 22:36 nft-ip-raw
As this is related to CNV, moving it to CNV must-gather.
Petr, is should on network no?
Yes. Reassigning.
With the fix, all the tables will be collected to one file "nftables" using a simpler command that collects all the tables please adjust the tests accordingly
*** Bug 2028458 has been marked as a duplicate of this bug. ***
Verified on a cluster with Client Version (oc): 4.10.0-202201281850.p0.g7c299f1.assembly.stream-7c299f1 Server Version: 4.10.0-fc.4 Kubernetes Version: v1.23.0+d30ebbc CNV: v4.10.0-629 CNV must-gather: v4.10.0-104 1. Find the URL of the CNV must-gather image in CNV CSV: $ oc get csv -n openshift-cnv kubevirt-hyperconverged-operator.v4.10.0 -oyaml | less Search for the must-gather image: registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8@sha256:2bfb6e79f259589623edd293daa32341f778a8a392120ad085e4a4fc58bce251 3. Run must-gather using the CNV image: $ oc adm must-gather --image=registry.redhat.io/container-native-virtualization/cnv-must-gather-rhel8@sha256:2bfb6e79f259589623edd293daa32341f778a8a392120ad085e4a4fc58bce251 --dest_dir=mg-out 4. Verify the summarized nftables file exists for each nodes, and includes the various IP contents. $ find mg-out/ -name *tables* mg-out/registry-redhat-io-container-native-virtualization-cnv-must-gather-rhel8-sha256-2bfb6e79f259589623edd293daa32341f778a8a392120ad085e4a4fc58bce251/nodes/ssp-rn-410-30-l7whq-worker-0-7b8dj/nftables mg-out/registry-redhat-io-container-native-virtualization-cnv-must-gather-rhel8-sha256-2bfb6e79f259589623edd293daa32341f778a8a392120ad085e4a4fc58bce251/nodes/ssp-rn-410-30-l7whq-worker-0-dhh22/nftables mg-out/registry-redhat-io-container-native-virtualization-cnv-must-gather-rhel8-sha256-2bfb6e79f259589623edd293daa32341f778a8a392120ad085e4a4fc58bce251/nodes/ssp-rn-410-30-l7whq-worker-0-zr4vk/nftables $ less -N mg-out/registry-redhat-io-container-native-virtualization-cnv-must-gather-rhel8-sha256-2bfb6e79f259589623edd293daa32341f778a8a392120ad085e4a4fc58bce251/nodes/ssp-rn-410-30-l7whq-worker-0-7b8dj/nftables 1 table ip nat { 2 chain PREROUTING { 3 type nat hook prerouting priority dstnat; policy accept; 4 counter packets 255634 bytes 27357422 jump KUBE-SERVICES 5 counter packets 55628 bytes 4098753 jump KUBE-PORTALS-CONTAINER ... 2018 table ip6 nat { 2019 chain PREROUTING { 2020 type nat hook prerouting priority dstnat; policy accept; 2021 } .... 2053 table ip filter { 2054 chain INPUT { 2055 type filter hook input priority filter; policy accept; 2056 counter packets 56884316 bytes 38996277306 jump KUBE-NODEPORTS ... 2134 table ip mangle { 2135 chain PREROUTING { 2136 type filter hook prerouting priority mangle; policy accept; 2164 table ip6 filter { 2165 chain INPUT { 2166 type filter hook input priority filter; policy accept; ... 2186 table ip6 mangle { 2187 chain PREROUTING { 2188 type filter hook prerouting priority mangle; policy accept; ... 2210 table ip raw { 2211 chain PREROUTING { 2212 type filter hook prerouting priority raw; policy accept; ...
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Virtualization 4.10.0 Images security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0947