+ . /ovnkube-lib/ovnkube-lib.sh
++ set -x
++ K8S_NODE=ip-10-0-0-108.ec2.internal
++ [[ -n ip-10-0-0-108.ec2.internal ]]
++ [[ -f /env/ip-10-0-0-108.ec2.internal ]]
++ northd_pidfile=/var/run/ovn/ovn-northd.pid
++ controller_pidfile=/var/run/ovn/ovn-controller.pid
++ controller_logfile=/var/log/ovn/acl-audit-log.log
++ vswitch_dbsock=/var/run/openvswitch/db.sock
++ nbdb_pidfile=/var/run/ovn/ovnnb_db.pid
++ nbdb_sock=/var/run/ovn/ovnnb_db.sock
++ nbdb_ctl=/var/run/ovn/ovnnb_db.ctl
++ sbdb_pidfile=/var/run/ovn/ovnsb_db.pid
++ sbdb_sock=/var/run/ovn/ovnsb_db.sock
++ sbdb_ctl=/var/run/ovn/ovnsb_db.ctl
+ start-ovnkube-node 4 29103 29105
+ local log_level=4
+ local metrics_port=29103
+ local ovn_metrics_port=29105
+ ovn_advertised_udn_isolation_mode_flag=
+ [[ 3 -ne 3 ]]
+ ovs-vsctl br-exists br-ex
+ add_garp_drop_flow br-ex
+ local bridge=br-ex
+ local cookie=0x0305
+ local priority=499
++ ovs-vsctl list-ports br-ex
+ for port_name in $(ovs-vsctl list-ports "$bridge")
+ [[ ens5 == *to-br-int ]]
+ cni-bin-copy
+ . /host/etc/os-release
++ NAME='Red Hat Enterprise Linux CoreOS'
++ VERSION='9.6.20251205-0 (Plow)'
++ ID=rhel
++ ID_LIKE=fedora
++ VERSION_ID=9.6
++ PLATFORM_ID=platform:el9
++ PRETTY_NAME='Red Hat Enterprise Linux CoreOS 9.6.20251205-0 (Plow)'
++ ANSI_COLOR='0;31'
++ LOGO=fedora-logo-icon
++ CPE_NAME=cpe:/o:redhat:enterprise_linux:9::baseos
++ HOME_URL=https://www.redhat.com/
++ DOCUMENTATION_URL=https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9
++ BUG_REPORT_URL=https://issues.redhat.com/
++ REDHAT_BUGZILLA_PRODUCT='Red Hat Enterprise Linux 9'
++ REDHAT_BUGZILLA_PRODUCT_VERSION=9.6
++ REDHAT_SUPPORT_PRODUCT='Red Hat Enterprise Linux'
++ REDHAT_SUPPORT_PRODUCT_VERSION=9.6
++ OSTREE_VERSION=9.6.20251205-0
++ VARIANT=CoreOS
++ VARIANT_ID=coreos
++ OPENSHIFT_VERSION=4.20
+ rhelmajor=
+ case "${ID}" in
++ echo 9.6
++ cut -f 1 -d .
+ rhelmajor=9
+ sourcedir=/usr/libexec/cni/
+ case "${rhelmajor}" in
+ sourcedir=/usr/libexec/cni/rhel9
+ cp -f /usr/libexec/cni/rhel9/ovn-k8s-cni-overlay /cni-bin-dir/
++ date '+%m%d %H:%M:%S.%N'
+ echo 'I0327 15:18:42.566030106 - disable conntrack on geneve port'
I0327 15:18:42.566030106 - disable conntrack on geneve port
+ iptables -t raw -A PREROUTING -p udp --dport 6081 -j NOTRACK
+ iptables -t raw -A OUTPUT -p udp --dport 6081 -j NOTRACK
+ ip6tables -t raw -A PREROUTING -p udp --dport 6081 -j NOTRACK
+ ip6tables -t raw -A OUTPUT -p udp --dport 6081 -j NOTRACK
++ date '+%m%d %H:%M:%S.%N'
I0327 15:18:42.574094893 - starting ovnkube-node
+ echo 'I0327 15:18:42.574094893 - starting ovnkube-node'
+ egress_features_enable_flag='--enable-egress-ip=true --enable-egress-firewall=true --enable-egress-qos=true --enable-egress-service=true'
+ init_ovnkube_controller='--init-ovnkube-controller ip-10-0-0-108.ec2.internal'
+ multi_external_gateway_enable_flag=--enable-multi-external-gateway=true
+ gateway_interface=br-ex
+ enable_multicast_flag=--enable-multicast
+ OVN_NODE_MODE=full
+ '[' full == dpu-host ']'
+ '[' shared == shared ']'
+ gateway_mode_flags='--gateway-mode shared --gateway-interface br-ex'
+ export_network_flows_flags=
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ gw_interface_flag=
+ '[' -d /sys/class/net/br-ex1 ']'
+ node_mgmt_port_netdev_flags=
+ [[ -n '' ]]
+ [[ -n '' ]]
+ multi_network_enabled_flag=
+ [[ true == \t\r\u\e ]]
+ [[ full != \d\p\u\-\h\o\s\t ]]
+ multi_network_enabled_flag=--enable-multi-network
+ network_segmentation_enabled_flag=
+ [[ true == \t\r\u\e ]]
+ [[ full != \d\p\u\-\h\o\s\t ]]
+ multi_network_enabled_flag=--enable-multi-network
+ network_segmentation_enabled_flag=--enable-network-segmentation
+ route_advertisements_enable_flag=
+ [[ false == \t\r\u\e ]]
+ preconfigured_udn_addresses_enable_flag=
+ [[ false == \t\r\u\e ]]
+ network_observability_enabled_flag=
+ [[ false == \t\r\u\e ]]
+ multi_network_policy_enabled_flag=
+ [[ false == \t\r\u\e ]]
+ admin_network_policy_enabled_flag=
+ [[ true == \t\r\u\e ]]
+ [[ full != \d\p\u\-\h\o\s\t ]]
+ admin_network_policy_enabled_flag=--enable-admin-network-policy
+ dns_name_resolver_enabled_flag=
+ [[ false == \t\r\u\e ]]
+ ip_forwarding_flag=
+ '[' '' == Global ']'
+ ip_forwarding_flag=--disable-forwarding
+ sysctl -w net.ipv4.ip_forward=0
net.ipv4.ip_forward = 0
+ sysctl -w net.ipv6.conf.all.forwarding=0
net.ipv6.conf.all.forwarding = 0
+ [[ '' != '' ]]
+ NETWORK_NODE_IDENTITY_ENABLE=
+ [[ true == \t\r\u\e ]]
+ NETWORK_NODE_IDENTITY_ENABLE='
      --bootstrap-kubeconfig=/var/lib/kubelet/kubeconfig
      --cert-dir=/etc/ovn/ovnkube-node-certs
      --cert-duration=24h
    '
+ ovn_v4_join_subnet_opt=
+ [[ '' != '' ]]
+ ovn_v6_join_subnet_opt=
+ [[ '' != '' ]]
+ ovn_v4_masquerade_subnet_opt=
+ [[ 169.254.0.0/17 != '' ]]
+ ovn_v4_masquerade_subnet_opt='--gateway-v4-masquerade-subnet 169.254.0.0/17'
+ ovn_v6_masquerade_subnet_opt=
+ [[ fd69::/112 != '' ]]
+ ovn_v6_masquerade_subnet_opt='--gateway-v6-masquerade-subnet fd69::/112'
+ ovn_v4_transit_switch_subnet_opt=
+ [[ '' != '' ]]
+ ovn_v6_transit_switch_subnet_opt=
+ [[ '' != '' ]]
+ exec /usr/bin/ovnkube --init-ovnkube-controller ip-10-0-0-108.ec2.internal --init-node ip-10-0-0-108.ec2.internal --config-file=/run/ovnkube-config/ovnkube.conf --ovn-empty-lb-events --loglevel 4 --inactivity-probe=180000 --gateway-mode shared --gateway-interface br-ex --metrics-bind-address 127.0.0.1:29103 --ovn-metrics-bind-address 127.0.0.1:29105 --metrics-enable-pprof --metrics-enable-config-duration --export-ovs-metrics --disable-snat-multiple-gws --enable-multi-network --enable-network-segmentation --enable-admin-network-policy --enable-multicast --zone ip-10-0-0-108.ec2.internal --enable-interconnect --acl-logging-rate-limit 20 --disable-forwarding --bootstrap-kubeconfig=/var/lib/kubelet/kubeconfig --cert-dir=/etc/ovn/ovnkube-node-certs --cert-duration=24h --gateway-v4-masquerade-subnet 169.254.0.0/17 --gateway-v6-masquerade-subnet fd69::/112 --enable-egress-ip=true --enable-egress-firewall=true --enable-egress-qos=true --enable-egress-service=true --enable-multi-external-gateway=true
I0327 15:18:42.609773    4358 config.go:2357] Parsed config file /run/ovnkube-config/ovnkube.conf
I0327 15:18:42.609819    4358 config.go:2358] Parsed config: {Default:{MTU:8901 RoutableMTU:0 ConntrackZone:64000 HostMasqConntrackZone:0 OVNMasqConntrackZone:0 HostNodePortConntrackZone:0 ReassemblyConntrackZone:0 EncapType:geneve EncapIP: EffectiveEncapIP: EncapPort:6081 InactivityProbe:100000 OpenFlowProbe:0 OfctrlWaitBeforeClear:0 MonitorAll:true OVSDBTxnTimeout:1m40s LFlowCacheEnable:true LFlowCacheLimit:0 LFlowCacheLimitKb:1048576 RawClusterSubnets:10.128.0.0/14/23 ClusterSubnets:[] EnableUDPAggregation:true Zone:global RawUDNAllowedDefaultServices:default/kubernetes,openshift-dns/dns-default UDNAllowedDefaultServices:[]} Logging:{File: CNIFile: LibovsdbFile: Level:4 LogFileMaxSize:100 LogFileMaxBackups:5 LogFileMaxAge:5 ACLLoggingRateLimit:20} Monitoring:{RawNetFlowTargets: RawSFlowTargets: RawIPFIXTargets: NetFlowTargets:[] SFlowTargets:[] IPFIXTargets:[]} IPFIX:{Sampling:400 CacheActiveTimeout:60 CacheMaxFlows:0} CNI:{ConfDir:/etc/cni/net.d Plugin:ovn-k8s-cni-overlay} OVNKubernetesFeature:{EnableAdminNetworkPolicy:false EnableEgressIP:false EgressIPReachabiltyTotalTimeout:1 EnableEgressFirewall:false EnableEgressQoS:false EnableEgressService:false EgressIPNodeHealthCheckPort:9107 EnableMultiNetwork:false EnableNetworkSegmentation:true EnablePreconfiguredUDNAddresses:false EnableRouteAdvertisements:false EnableMultiNetworkPolicy:false EnableStatelessNetPol:false EnableInterconnect:false EnableMultiExternalGateway:false EnablePersistentIPs:false EnableDNSNameResolver:false EnableServiceTemplateSupport:false EnableObservability:false EnableNetworkQoS:false AdvertisedUDNIsolationMode:strict} Kubernetes:{BootstrapKubeconfig: CertDir: CertDuration:10m0s Kubeconfig: CACert: CAData:[] APIServer:https://api.kx-0e9cd24ee8.hypershift.local:443 Token: TokenFile: CompatServiceCIDR: RawServiceCIDRs:172.30.0.0/16 ServiceCIDRs:[] OVNConfigNamespace:openshift-ovn-kubernetes OVNEmptyLbEvents:false PodIP: RawNoHostSubnetNodes: NoHostSubnetNodes:<nil> HostNetworkNamespace:openshift-host-network DisableRequestedChassis:false PlatformType:AWS HealthzBindAddress:0.0.0.0:10256 CompatMetricsBindAddress: CompatOVNMetricsBindAddress: CompatMetricsEnablePprof:false DNSServiceNamespace:openshift-dns DNSServiceName:dns-default} Metrics:{BindAddress: OVNMetricsBindAddress: ExportOVSMetrics:false EnablePprof:false NodeServerPrivKey: NodeServerCert: EnableConfigDuration:false EnableScaleMetrics:false} OvnNorth:{Address: PrivKey: Cert: CACert: CertCommonName: Scheme: ElectionTimer:0 northbound:false exec:<nil>} OvnSouth:{Address: PrivKey: Cert: CACert: CertCommonName: Scheme: ElectionTimer:0 northbound:false exec:<nil>} Gateway:{Mode:shared Interface: GatewayAcceleratedInterface: EgressGWInterface: NextHop: VLANID:0 NodeportEnable:true DisableSNATMultipleGWs:false V4JoinSubnet:100.64.0.0/16 V6JoinSubnet:fd98::/64 V4MasqueradeSubnet:169.254.169.0/29 V6MasqueradeSubnet:fd69::/125 MasqueradeIPs:{V4OVNMasqueradeIP:169.254.169.1 V6OVNMasqueradeIP:fd69::1 V4HostMasqueradeIP:169.254.169.2 V6HostMasqueradeIP:fd69::2 V4HostETPLocalMasqueradeIP:169.254.169.3 V6HostETPLocalMasqueradeIP:fd69::3 V4DummyNextHopMasqueradeIP:169.254.169.4 V6DummyNextHopMasqueradeIP:fd69::4 V4OVNServiceHairpinMasqueradeIP:169.254.169.5 V6OVNServiceHairpinMasqueradeIP:fd69::5} DisablePacketMTUCheck:false RouterSubnet: SingleNode:false DisableForwarding:false AllowNoUplink:false EphemeralPortRange:} MasterHA:{ElectionLeaseDuration:137 ElectionRenewDeadline:107 ElectionRetryPeriod:26} ClusterMgrHA:{ElectionLeaseDuration:137 ElectionRenewDeadline:107 ElectionRetryPeriod:26} HybridOverlay:{Enabled:false RawClusterSubnets: ClusterSubnets:[] VXLANPort:4789} OvnKubeNode:{Mode:full DPResourceDeviceIdsMap:map[] MgmtPortNetdev: MgmtPortDPResourceName:} ClusterManager:{V4TransitSwitchSubnet:100.88.0.0/16 V6TransitSwitchSubnet:fd97::/64}}
I0327 15:18:42.611180    4358 kube.go:419] Waiting for certificate
I0327 15:18:42.611218    4358 certificate_manager.go:422] "Certificate rotation is enabled" logger="kubernetes.io/kube-apiserver-client"
I0327 15:18:42.611284    4358 certificate_manager.go:566] "Rotating certificates" logger="kubernetes.io/kube-apiserver-client"
I0327 15:18:42.612400    4358 cert_rotation.go:141] "Starting client certificate rotation controller" logger="tls-transport-cache"
E0327 15:18:42.613475    4358 certificate_manager.go:596] "Failed while requesting a signed certificate from the control plane" err="cannot create certificate signing request: Post \"https://api.kx-0e9cd24ee8.hypershift.local:443/apis/certificates.k8s.io/v1/certificatesigningrequests\": dial tcp: lookup api.kx-0e9cd24ee8.hypershift.local on 10.0.0.2:53: no such host" logger="kubernetes.io/kube-apiserver-client.UnhandledError"
I0327 15:18:44.674186    4358 certificate_manager.go:566] "Rotating certificates" logger="kubernetes.io/kube-apiserver-client"
E0327 15:18:44.675647    4358 certificate_manager.go:596] "Failed while requesting a signed certificate from the control plane" err="cannot create certificate signing request: Post \"https://api.kx-0e9cd24ee8.hypershift.local:443/apis/certificates.k8s.io/v1/certificatesigningrequests\": dial tcp: lookup api.kx-0e9cd24ee8.hypershift.local on 10.0.0.2:53: no such host" logger="kubernetes.io/kube-apiserver-client.UnhandledError"
I0327 15:18:48.878939    4358 certificate_manager.go:566] "Rotating certificates" logger="kubernetes.io/kube-apiserver-client"
E0327 15:18:48.883497    4358 certificate_manager.go:596] "Failed while requesting a signed certificate from the control plane" err="cannot create certificate signing request: Post \"https://api.kx-0e9cd24ee8.hypershift.local:443/apis/certificates.k8s.io/v1/certificatesigningrequests\": dial tcp: lookup api.kx-0e9cd24ee8.hypershift.local on 10.0.0.2:53: no such host" logger="kubernetes.io/kube-apiserver-client.UnhandledError"
I0327 15:18:57.645543    4358 certificate_manager.go:566] "Rotating certificates" logger="kubernetes.io/kube-apiserver-client"
E0327 15:18:57.647129    4358 certificate_manager.go:596] "Failed while requesting a signed certificate from the control plane" err="cannot create certificate signing request: Post \"https://api.kx-0e9cd24ee8.hypershift.local:443/apis/certificates.k8s.io/v1/certificatesigningrequests\": dial tcp: lookup api.kx-0e9cd24ee8.hypershift.local on 10.0.0.2:53: no such host" logger="kubernetes.io/kube-apiserver-client.UnhandledError"
I0327 15:19:14.102990    4358 certificate_manager.go:566] "Rotating certificates" logger="kubernetes.io/kube-apiserver-client"
E0327 15:19:14.107704    4358 certificate_manager.go:596] "Failed while requesting a signed certificate from the control plane" err="cannot create certificate signing request: Post \"https://api.kx-0e9cd24ee8.hypershift.local:443/apis/certificates.k8s.io/v1/certificatesigningrequests\": dial tcp: lookup api.kx-0e9cd24ee8.hypershift.local on 10.0.0.2:53: no such host" logger="kubernetes.io/kube-apiserver-client.UnhandledError"
E0327 15:19:14.108833    4358 certificate_manager.go:461] "Reached backoff limit, still unable to rotate certs" err="timed out waiting for the condition" logger="kubernetes.io/kube-apiserver-client.UnhandledError"
I0327 15:19:46.110657    4358 certificate_manager.go:566] "Rotating certificates" logger="kubernetes.io/kube-apiserver-client"
E0327 15:19:46.112059    4358 certificate_manager.go:596] "Failed while requesting a signed certificate from the control plane" err="cannot create certificate signing request: Post \"https://api.kx-0e9cd24ee8.hypershift.local:443/apis/certificates.k8s.io/v1/certificatesigningrequests\": dial tcp: lookup api.kx-0e9cd24ee8.hypershift.local on 10.0.0.2:53: no such host" logger="kubernetes.io/kube-apiserver-client.UnhandledError"
I0327 15:20:18.110779    4358 certificate_manager.go:566] "Rotating certificates" logger="kubernetes.io/kube-apiserver-client"
E0327 15:20:18.112996    4358 certificate_manager.go:596] "Failed while requesting a signed certificate from the control plane" err="cannot create certificate signing request: Post \"https://api.kx-0e9cd24ee8.hypershift.local:443/apis/certificates.k8s.io/v1/certificatesigningrequests\": dial tcp: lookup api.kx-0e9cd24ee8.hypershift.local on 10.0.0.2:53: no such host" logger="kubernetes.io/kube-apiserver-client.UnhandledError"
F0327 15:20:42.612105    4358 ovnkube.go:140] failed to start the node certificate manager: certificate was not signed: context deadline exceeded