Description of problem (please be detailed as possible and provide log snippests): ODF-console can not start when you disable IPv6 on Node with kernel parameter. (more details in the reproducable steps section). Does this issue impact your ability to continue to work with the product (please explain in detail what is the user impact)? You have to activate IPv6 again. IPv6 can not be disabled. Is there any workaround available to the best of your knowledge? Activate IPv6 again. Rate from 1 - 5 the complexity of the scenario you performed that caused this bug (1 - very simple, 5 - very complex)? 1 Can this issue reproducible? Yes Can this issue reproduce from the UI? Not tested Steps to Reproduce: ODF Console is running: ``` [jose@rhte-router ~]$ oc get pods -A -o wide| grep odf-console openshift-storage odf-console-6b6db469d9-h2fjl 1/1 Running 0 44h 10.130.2.6 mutua-5pdst-infra-wkzwv <none> <none> ``` We create a machine config to disable IPV6 with a kernel argument (as described in KCS: https://access.redhat.com/solutions/5513091): ``` [jose@rhte-router ~]$ cat disableIPV6.yaml apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: machineconfiguration.openshift.io/role: worker name: 99-openshift-machineconfig-worker-kargs2 spec: kernelArguments: - ipv6.disable=1 ``` After applying this configuration snippet and waiting for all worker nodes to apply the config and reboot, ODF-console does not start anymore: ``` openshift-storage odf-console-6b6db469d9-nvhlt 0/1 CrashLoopBackOff 8 (92s ago) 17m 10.130.2.11 mutua-5pdst-infra-wkzwv <none> <none> ``` Logs indicate that NGINX tries to listen on socket `[::]` which, as IPv6 is disabled, fails with an error: ``` [jose@rhte-router ~]$ oc logs --prefix=true --all-containers=true -n openshift-storage odf-console-6b6db469d9-nvhlt [pod/odf-console-6b6db469d9-nvhlt/odf-console] 2023/02/24 10:06:12 [emerg] 1#0: socket() [::]:9001 failed (97: Address family not supported by protocol) [pod/odf-console-6b6db469d9-nvhlt/odf-console] nginx: [emerg] socket() [::]:9001 failed (97: Address family not supported by protocol) ``` Actual results: ODF-console not starting/Crashing Expected results: ODF-console starting without issues Additional info:
As far as I know, "::" is the IPv6 unspecified address, and should not be used to reference any specific host. But in any case, it is a an IPv6 address, so if you trying to disable IPv6 what is the expectation here when you then use an IPv6 address? I guess I do not understand this issue. The behavior seems correct to me.
(In reply to Scott Ostapovicz from comment #3) > As far as I know, "::" is the IPv6 unspecified address, and should not be > used to reference any specific host. But in any case, it is a an IPv6 > address, so if you trying to disable IPv6 what is the expectation here when > you then use an IPv6 address? I guess I do not understand this issue. The > behavior seems correct to me. Hi Scott, The issue is that CU for internal requirements or compliance want to disable IPV6 on all hosts on their system. Doing this breaks the odf-console, as soon as you deactivate IPV6 on the host via kernel parameter, odf-console does not start anymore. The problem seems to be the default configuration of nginx in odf-console. It seems to expect that IPV6 is present, if not, nginx does not start. Best regards Raimund
So an address somewhere in the stack is still an IPv6 address even though the script nominally disables IPv6. Perhaps you can suss this out @tnielsen ?
*** Bug 2139785 has been marked as a duplicate of this bug. ***
Check on 4.13.0-205. Changed the configmap as above. Restarted odf console. Still in CrashLoopBackOff. Moving to assigned.
Hi Shay, I have added a detailed recording https://bugzilla.redhat.com/show_bug.cgi?id=2173161#c19 on how to test this (basically video version of https://bugzilla.redhat.com/show_bug.cgi?id=2173161#c11) Feel free to connect with me offline, if there is still any issue you might be facing. Thanks.
Hi Sanjal. I've commented the wrong line. Looks like it is working now. I saw that no doc update for this BZ. Who is responsible to create KCS for this hack.
Added the doc text, also adding need_info on reporter for getting help with KCS doc.
Sanjal/Kusum Doc text should be a bug fix and not a known issue as we have fixed something here. If there are steps which some one needs to follow while disabling IPv6 then these steps should be added to the deployment guide or the guide where we are providing enabling/disabling steps for IPv6
Yeah, my intension for adding it as "Known Issue" is exactly as you mentioned: Earlier there was no workaround to fix this issue (other than enabling IPv6 again on the nodes). As per this BZ, we added the functionality so that users can now use a workaround manually. I will let doc team decide the correct place for this issue and the correct "Doc Type" as well. Thanks.
Thanks Mudit/Anjana/Kusuma... updated...
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat OpenShift Data Foundation 4.13.0 enhancement and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:3742