antrea-ovs container restarted multiple times causing antrea-agent container to be forever stuck in "Ready: False" state #871
Assignees
Labels
kind/bug
Categorizes issue or PR as related to a bug.
Comments
antoninbas
added a commit
to antoninbas/antrea
that referenced
this issue
Jun 26, 2020
From 0.4.1 to 0.4.5. In version 0.4.1, no error is returned by go-iptables when running `iptables --version` or parsing its ouput fails (during initialization). This leads to the library not being able to correctly detect whether the iptables version supports `--wait`, which ultimately can lead to a deadlock for the Antrea agent. See coreos/go-iptables#69. By updating the go-iptables version, we ensure that any such error will be returned to Antrea, logged, and cause the Antrea agent to fail and eventually restart. It is unclear what can cause iptables version detection to fail but because of the added logging, we will have a better shot at getting to the root cause if it happens in production again. Fixes antrea-io#871
antoninbas
added a commit
to antoninbas/antrea
that referenced
this issue
Jun 26, 2020
From 0.4.1 to 0.4.5. In version 0.4.1, no error is returned by go-iptables when running `iptables --version` or parsing its ouput fails (during initialization). This leads to the library not being able to correctly detect whether the iptables version supports `--wait`, which ultimately can lead to a deadlock for the Antrea agent. See coreos/go-iptables#69. By updating the go-iptables version, we ensure that any such error will be returned to Antrea, logged, and cause the Antrea agent to fail and eventually restart. It is unclear what can cause iptables version detection to fail but because of the added logging, we will have a better shot at getting to the root cause if it happens in production again. Fixes antrea-io#871
antoninbas
added a commit
to antoninbas/antrea
that referenced
this issue
Jun 26, 2020
From 0.4.1 to 0.4.5. In version 0.4.1, no error is returned by go-iptables when running `iptables --version` or parsing its ouput fails (during initialization). This leads to the library not being able to correctly detect whether the iptables version supports `--wait`, which ultimately can lead to a deadlock for the Antrea agent. See coreos/go-iptables#69. By updating the go-iptables version, we ensure that any such error will be returned to Antrea, logged, and cause the Antrea agent to fail and eventually restart. It is unclear what can cause iptables version detection to fail but because of the added logging, we will have a better shot at getting to the root cause if it happens in production again. Fixes antrea-io#871
|
Attaching a antrea-agent process core file we collected during the troubleshooting session. |
antoninbas
added a commit
to antoninbas/antrea
that referenced
this issue
Jun 26, 2020
From 0.4.1 to 0.4.5. In version 0.4.1, no error is returned by go-iptables when running `iptables --version` or parsing its ouput fails (during initialization). This leads to the library not being able to correctly detect whether the iptables version supports `--wait`, which ultimately can lead to a deadlock for the Antrea agent. See coreos/go-iptables#69. By updating the go-iptables version, we ensure that any such error will be returned to Antrea, logged, and cause the Antrea agent to fail and eventually restart. It is unclear what can cause iptables version detection to fail but because of the added logging, we will have a better shot at getting to the root cause if it happens in production again. Fixes antrea-io#871
|
@alex-vmw Thanks. I opened an issue with the fix we discussed today. |
antoninbas
added a commit
that referenced
this issue
Jun 29, 2020
From 0.4.1 to 0.4.5. In version 0.4.1, no error is returned by go-iptables when running `iptables --version` or parsing its ouput fails (during initialization). This leads to the library not being able to correctly detect whether the iptables version supports `--wait`, which ultimately can lead to a deadlock for the Antrea agent. See coreos/go-iptables#69. By updating the go-iptables version, we ensure that any such error will be returned to Antrea, logged, and cause the Antrea agent to fail and eventually restart. It is unclear what can cause iptables version detection to fail but because of the added logging, we will have a better shot at getting to the root cause if it happens in production again. Fixes #871
GraysonWu
pushed a commit
to GraysonWu/antrea
that referenced
this issue
Sep 22, 2020
From 0.4.1 to 0.4.5. In version 0.4.1, no error is returned by go-iptables when running `iptables --version` or parsing its ouput fails (during initialization). This leads to the library not being able to correctly detect whether the iptables version supports `--wait`, which ultimately can lead to a deadlock for the Antrea agent. See coreos/go-iptables#69. By updating the go-iptables version, we ensure that any such error will be returned to Antrea, logged, and cause the Antrea agent to fail and eventually restart. It is unclear what can cause iptables version detection to fail but because of the added logging, we will have a better shot at getting to the root cause if it happens in production again. Fixes antrea-io#871
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
antrea-ovs container restarted multiple times causing antrea-agent container to be forever stuck in "Ready: False" state.
To Reproduce
Not sure how to reproduce but here is what we know happened:
Expected
antrea-agent shouldn't get stuck in a "Ready: False" state upon restart, it should be able to recover.
Actual behavior
Sometimes, when antrea-ovs container is restarted multiple times it causes antrea-agent container to be forever stuck in "Ready: False" state, which of course leads to pod networking being down.
Please provide the following information:
Additional context
wdc-prd-decc-002-md-dy-minion020-logs.zip
The text was updated successfully, but these errors were encountered: