JetSki icon indicating copy to clipboard operation
JetSki copied to clipboard
verified publisher icon redhat-performance

Problematic communication between clouds caused by foreman interface being left in upstate on masters

Open mordechai opened this issue 3 years ago • 1 comments

Problem: We have been having communication issues between ocp clusters using public vlans on different clouds in scalelab. Nodes receive two default gateways because foreman interface and baremetal are in upstate on OCP 4.7 When deploying OCP 4.9 with Jetski this issue does not reproduce.

Whats expected: Jetski deploy OCP 4.7 with foreman interface in down state, only baremetal and provisioning networks in upstate.

Description: when running routeable_api = true on OCP deployment version less than 4.9, masters nodes will get foreman interface in upstate. what should happen is that the foreman interface should be in down state, and the hostname set should match value showed in /etc/dnsmasq.d/ocp4-lab.conf and /home/kni/clusterconfigs/install-config.yaml.bkup as master-0

For details see: https://privatebin.corp.redhat.com/?45292f78f61d0a09#EWirHUph3DCG43P8gzgoACc7CZpsoeLexDSgyH2YHuXf

We currently have the following envs that each consume routable_api = true aka public vlans Cloud 20: OCP 4.9 (master and interfaces are setup correctly) Cloud 15: OCP 4.7 latest ( master set with foreman fqdn and foreman interface in upstate) Cloud 38: OCP 4.7 latest ( master set with foreman fqdn and foreman interface in upstate)

On both Cloud15 and Cloud38 the /etc/dnsmasq.d/ocp4-lab.conf values for hostname for masters are not set because foreman interface is active on their masters, the extraneous route on workers related to foreman interface was removed manually.

Related scalelab tickets opened and believed to be caused by this issue: https://issues.redhat.com/browse/SCALELAB-1776
https://issues.redhat.com/browse/SCALELAB-1782

The jetski deployment used for all of these deployments was the same commit 9eca23fb7cd442c21964a43d8d6495cc8f4b7731

mordechai avatar Feb 14 '22 13:02 mordechai

I would recommend adding the following to /etc/sysctl.d/99-sysctl.conf

net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0

kambiz-aghaiepour avatar Feb 14 '22 13:02 kambiz-aghaiepour

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions[bot] avatar Mar 24 '23 00:03 github-actions[bot]