Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1362661 - NMI watchdog: BUG: soft lockup - for iptables-restore for openshift master/node
Summary: NMI watchdog: BUG: soft lockup - for iptables-restore for openshift master/node
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.3.0
Hardware: x86_64
OS: Linux
Target Milestone: ---
: ---
Assignee: Ben Bennett
QA Contact: Meng Bo
: 1372824 (view as bug list)
Depends On:
Blocks: OSOPS_V3
TreeView+ depends on / blocked
Reported: 2016-08-02 19:20 UTC by Elvir Kuric
Modified: 2017-08-28 13:34 UTC (History)
15 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-01-03 16:56:05 UTC
Target Upstream Version:

Attachments (Terms of Use)

Comment 12 Thomas Woerner 2016-09-02 13:46:31 UTC
Can you give information about the firewall rule set that is already in place and the changes that will be added?

A firewall dump with iptables-save would show the current rules set. The restore files seem to be placed in /tmp. From the the example in comment 6 there are these iptables-restore calls:

iptables-restore --noflush --counters /tmp/kube-temp-iptables-restore-247982443 

One these files altogether with the rules set before the iptables-restore call would help to understand what is going on here. Please select one of the files, where the restore takes a lot of time.

As there does not seem to be a change in the IPv6 rules, it might not be needed to add them also.

Comment 13 Dan Williams 2016-09-15 22:08:02 UTC
*** Bug 1372824 has been marked as a duplicate of this bug. ***

Comment 14 Florian Westphal 2016-11-30 17:58:09 UTC

... might provide some speedup.
Note that I can't backport to rhel since this isn't upstream yet.

Note You need to log in before you can comment on or make changes to this bug.