Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Antrea ovs crashes everyday at 00:0x #6046

Closed
ColonelBundy opened this issue Mar 1, 2024 · 2 comments · Fixed by #6052
Closed

Antrea ovs crashes everyday at 00:0x #6046

ColonelBundy opened this issue Mar 1, 2024 · 2 comments · Fixed by #6052
Assignees
@xliuxu
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@ColonelBundy
Copy link

ColonelBundy commented Mar 1, 2024
edited
Loading

Describe the bug
antrea-ovs container seems to be crashing everyday in an error state.

To Reproduce
Not clear other than running antrea and letting the log file roll over at 00:00 UTC

Actual behavior
Antrea crahes presumably due to these error messages:

E0301 00:08:42.759037 1 proxier.go:316] "Error when removing flows of stale Endpoints for Service" err="message is canceled because of disconnection from the Switch" ServicePortName="kube-system/antrea-agent:"
W0301 00:08:42.354091 1 ofSwitch.go:223] Received ERROR message from switch 00:00:e6:6e:9d:ef:5a:4f. Err: EOF
E0301 00:08:42.353959 1 stream.go:153] "InboundError" err="EOF"
2024-03-01T00:08:42.343629747+00:00 error: failed to rename /var/log/openvswitch/ovs-vswitchd.log to /var/log/openvswitch/ovs-vswitchd.log.1: Permission denied

I suspect the log file rolls over and keeps X amount of logs on disk, which it seems like it does not have permissions to do.
All agents crash at the same time so dropped packets has been observed.

Versions:
Openshift 4.12-4.14
antrea/antrea-ubi image is used and it seems all Anrea versions are affected (1.7.1 and onwards at least)

Additional context
We are managing antrea through https://github.com/vmware/antrea-operator-for-kubernetes
@ColonelBundy ColonelBundy added the kind/bug Categorizes issue or PR as related to a bug. label Mar 1, 2024
@tnqn
Copy link
Member

tnqn commented Mar 1, 2024

@xliuxu I remember you handled the issue before. Have this been fixed? If yes, can you share which version includes the fix?

@xliuxu
Copy link
Contributor

xliuxu commented Mar 4, 2024

I can confirm this issue with the latest UBI image. It is caused by the mismatch user when performing logrotate. We should use root user instead of openvswitch in our scenario. I will create a PR to fix this issue.

https://github.com/openvswitch/ovs/blob/master/rhel/openvswitch-fedora.spec.in#L323

xliuxu added a commit to xliuxu/antrea that referenced this issue Mar 4, 2024
@xliuxu
Fix logrotate user in UBI images
faf09e5 
Logrotate will run as the user openvswitch, but we start the OVS
daemon as the root user. We can disable this behavior by specifying
`--without libcapng` in RPM builds.

Fixes: antrea-io#6046

Signed-off-by: Xu Liu <[email protected]>
@xliuxu xliuxu mentioned this issue Mar 4, 2024
Merged
xliuxu added a commit to xliuxu/antrea that referenced this issue Mar 6, 2024
@xliuxu
Fix logrotate user in UBI images
2a2ff09 
Logrotate will run as the user openvswitch, but we start the OVS
daemon as the root user. We can disable this behavior by specifying
`--without libcapng` in RPM builds.

Fixes: antrea-io#6046

Signed-off-by: Xu Liu <[email protected]>
xliuxu added a commit to xliuxu/antrea that referenced this issue Mar 8, 2024
@xliuxu
Fix logrotate user in UBI images
d388dfe 
Logrotate will run as the user openvswitch, but we start the OVS
daemon as the root user. We can disable this behavior by specifying
`--without libcapng` in RPM builds.

Fixes: antrea-io#6046

Signed-off-by: Xu Liu <[email protected]>
xliuxu added a commit to xliuxu/antrea that referenced this issue Mar 8, 2024
@xliuxu
Fix logrotate user in UBI images
3927cb2 
logrotate needs to run as the same user as OVS to get the proper
permissions of log files. As Antrea runs OVS as root, we disable
libcapng to make logrotate also run as root.

Fixes: antrea-io#6046

Signed-off-by: Xu Liu <[email protected]>
antoninbas pushed a commit that referenced this issue Mar 8, 2024
@xliuxu
Fix log rotation in UBI images (#6052)
23eda62 
logrotate needs to run as the same user as OVS to get the proper
permissions for log files. As Antrea runs OVS as root, we disable
libcapng to make logrotate also run as root.

Fixes: #6046

Signed-off-by: Xu Liu <[email protected]>
xliuxu added a commit to xliuxu/antrea that referenced this issue Mar 11, 2024
@xliuxu
Fix log rotation in UBI images (antrea-io#6052)
9773bb4 
logrotate needs to run as the same user as OVS to get the proper
permissions for log files. As Antrea runs OVS as root, we disable
libcapng to make logrotate also run as root.

Fixes: antrea-io#6046

Signed-off-by: Xu Liu <[email protected]>
xliuxu added a commit to xliuxu/antrea that referenced this issue Mar 11, 2024
@xliuxu
Fix log rotation in UBI images (antrea-io#6052)
69cf966 
logrotate needs to run as the same user as OVS to get the proper
permissions for log files. As Antrea runs OVS as root, we disable
libcapng to make logrotate also run as root.

Fixes: antrea-io#6046

Signed-off-by: Xu Liu <[email protected]>
xliuxu added a commit to xliuxu/antrea that referenced this issue Mar 11, 2024
@xliuxu
Fix log rotation in UBI images (antrea-io#6052)
3c964e4 
logrotate needs to run as the same user as OVS to get the proper
permissions for log files. As Antrea runs OVS as root, we disable
libcapng to make logrotate also run as root.

Fixes: antrea-io#6046

Signed-off-by: Xu Liu <[email protected]>
tnqn pushed a commit that referenced this issue Mar 11, 2024
@xliuxu
Fix log rotation in UBI images (#6052) (#6094)
0b7320d 
logrotate needs to run as the same user as OVS to get the proper
permissions for log files. As Antrea runs OVS as root, we disable
libcapng to make logrotate also run as root.

Fixes: #6046

Signed-off-by: Xu Liu <[email protected]>
tnqn pushed a commit that referenced this issue Mar 11, 2024
@xliuxu
Fix log rotation in UBI images (#6052) (#6093)
fc4e5d2 
logrotate needs to run as the same user as OVS to get the proper
permissions for log files. As Antrea runs OVS as root, we disable
libcapng to make logrotate also run as root.

Fixes: #6046

Signed-off-by: Xu Liu <[email protected]>
tnqn pushed a commit that referenced this issue Mar 11, 2024
@xliuxu
Fix log rotation in UBI images (#6052) (#6092)
df64816 
logrotate needs to run as the same user as OVS to get the proper
permissions for log files. As Antrea runs OVS as root, we disable
libcapng to make logrotate also run as root.

Fixes: #6046

Signed-off-by: Xu Liu <[email protected]>
luolanzone pushed a commit to luolanzone/antrea that referenced this issue Mar 27, 2024
@xliuxu @luolanzone
Fix log rotation in UBI images (antrea-io#6052) (antrea-io#6092)
3d3b68d 
logrotate needs to run as the same user as OVS to get the proper
permissions for log files. As Antrea runs OVS as root, we disable
libcapng to make logrotate also run as root.

Fixes: antrea-io#6046

Signed-off-by: Xu Liu <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@xliuxu xliuxu

Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix logrotate user in UBI images xliuxu/antrea
3 participants
@ColonelBundy @tnqn @xliuxu