Error after starting Vormetric Encryption Agent on Openshift Container Platform 3

Solution Verified - Updated -

Issue

Failed to setup network for pod. Pod on a node is stuck in containercreating state with the following errors:

At Events log

  45m45m 1{default-scheduler }NormalScheduledSuccessfully assigned cluster pod-name to node 
  45m45m 1{kubelet}  Warning FailedSync  Error syncing pod, skipping: failed to "SetupNetwork" for "pod-name" with SetupNetworkError: "Failed

At journal logs, Docker errors show up right after secfs2 is started.

Aug 15 11:49:44systemd[1]: Reloading.
Aug 15 11:49:44systemd[1]: Reloading.
Aug 15 11:49:44systemd[1]: Reloading.
Aug 15 11:49:44systemd[1]: Starting Vormetric Encryption Agent secfs-init...
Aug 15 11:49:44secfs-init[98257]: Initializing the Vormetric Encryption Expert File System Agent.
atomic-openshift-node[47396]: I0815 11:49:45.00256147396 node_auth.go:143] Node request attributes: namespace=, user=&user.DefaultInfo{Name:"system:serviceaccount:openshift-infra:heapster", UID:"aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", Groups:[]string{"system:serviceaccounts", "system:serviceaccounts:openshift-infra", "system:authenticated", "system:authenticated"}, Extra:map[string][]string{}}, attrs=authorizer.DefaultAuthorizationAttributes{Verb:"create", APIVersion:"v1", APIGroup:"", Resource:"nodes/stats", ResourceName:" .example.com", RequestAttributes:interface {}(nil), NonResourceURL:false, URL:"/stats/container/"}
atomic-openshift-node[47396]: I0815 11:49:45.12902647396 server.go:971] POST /stats/container/: (126.574041ms) 200 [[Go-http-client/1.1] :58648]
secfs-init[98257]: The kernel module is not loaded, loading...
(...)
atomic-openshift-node[47396]: I0815 11:49:46.90905447396 reconciler.go:299] MountVolume operation started for volume "kubernetes.io/secret/ XXXX-key-store-volume" (spec.Name: "key-store-volume") to pod " XXXX" (UID: " XXXX"). Volume is already mounted to pod, but remount was requested.
atomic-openshift-node[47396]: I0815 11:49:46.90911747396 reconciler.go:299] MountVolume operation started for volume "kubernetes.io/secret/ XXXX-default-token-vcy7i" (spec.Name: "default-token-vcy7i") to pod " XXXX" (UID: " XXXX"). Volume is already mounted to pod, but remount was requested.
atomic-openshift-node[47396]: I0815 11:49:46.91186347396 operation_executor.go:803] MountVolume.SetUp succeeded for volume "kubernetes.io/secret/ XXXX-key-store-volume" (spec.Name: "key-store-volume") pod " XXXX" (UID: " XXXX").
atomic-openshift-node[47396]: I0815 11:49:46.91267247396 operation_executor.go:803] MountVolume.SetUp succeeded for volume "kubernetes.io/secret/ XXXX-default-token-vcy7i" (spec.Name: "default-token-vcy7i") pod " XXXX" (UID: " XXXX").
kernel: vm_mds_init: finished MDS initialization, err 0
kernel: vm_tctl_thread has started
kernel: docker_container_readcfg: failed to open config file /var/lib/docker/containers/9dc08fa6e9aa9a36e274e16997235132cf9fb619fdf1460dd43413661a10c331/config.json rc -2
kernel: docker_container_discover: extract image id failed with -2 for task(java) pid(66559) container_id(9dc08fa6e9aa9a36e274e16997235132cf9fb619fdf1460dd43413661a10c331)
kernel: docker_container_readcfg: failed to open config file /var/lib/docker/containers/44cecfabcb91147b58add0fe0cee5a20d2b5970c81553f7345deb38afa686466/config.json rc -2

Environment

Red Hat Openshift Container Platform 3.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content