Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] - AzureLinux has invalid /etc/sysconfig/nftables.conf file which result in failed systemd unit nftables.service #4144

Open
grzesuav opened this issue Mar 6, 2024 · 3 comments
Open

[BUG] - AzureLinux has invalid /etc/sysconfig/nftables.conf file which result in failed systemd unit nftables.service #4144

grzesuav opened this issue Mar 6, 2024 · 3 comments
Assignees
@suhuruli
Labels
action-required azurelinux Azure Linux bug

Comments

@grzesuav
Copy link

grzesuav commented Mar 6, 2024

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

  1. Exec into the node
  2. systemctl status nftables.service - it will be in failed state
  3. on systemctl restart nftables.service you will see
root [ / ]# journalctl -u nftables.service
Mar 06 14:42:50 aks-nodepool0605-12321702-vmss00007J systemd[1]: Starting Netfilter Tables...
Mar 06 14:42:50 aks-nodepool0605-12321702-vmss00007J nft[3510903]: /etc/sysconfig/nftables.conf:8:1-1: Error: syntax error, unexpected junk
Mar 06 14:42:50 aks-nodepool0605-12321702-vmss00007J nft[3510903]: # start by calling: 'nft list ruleset >/etc/sysconfig/nftables.conf'.
Mar 06 14:42:50 aks-nodepool0605-12321702-vmss00007J nft[3510903]: ^
Mar 06 14:42:50 aks-nodepool0605-12321702-vmss00007J systemd[1]: nftables.service: Main process exited, code=exited, status=1/FAILURE
Mar 06 14:42:50 aks-nodepool0605-12321702-vmss00007J systemd[1]: nftables.service: Failed with result 'exit-code'.
Mar 06 14:42:50 aks-nodepool0605-12321702-vmss00007J systemd[1]: Failed to start Netfilter Tables.
root [ / ]#
  1. Looking at problematic file
root [ / ]# cat -A /etc/sysconfig/nftables.conf
# Uncomment the include statement here to load the default config sample$
# in /etc/nftables for nftables service.$
$
#include "/etc/nftables/main.nft"$
$
# To customize, either edit the samples in /etc/nftables, append further$
# commands to the end of this file or overwrite it after first service$
# start by calling: 'nft list ruleset >/etc/sysconfig/nftables.conf'.root [ / ]#

seems like there is no newline at the end of the file which is main reason for the problem

Expected behavior
It works our of the box
Screenshots
If applicable, add screenshots to help explain your problem.
image

image image

Environment (please complete the following information):

  • Kubernetes version [e.g. 1.27.3]
  • AzureLinux Linux aks-xxxx 5.15.145.2-1.cm2 #1 SMP Wed Jan 17 15:39:07 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Additional context
To fix the issue, you need to clear out the content of the file, i.e. by running the command as in nftables.service unit - nft list ruleset >/etc/sysconfig/nftables.conf

which clears out the content of the file.

After this, when service is restarted with systemctl, is is green
@grzesuav grzesuav added the bug label Mar 6, 2024
@grzesuav
Copy link
Author

grzesuav commented Mar 6, 2024

Small notice, when running nft list ruleset >/etc/sysconfig/nftables.conf it complains that operations is not permitted, but it clears out the content anyway:
image

and after restart it works:
image

@grzesuav
Copy link
Author

grzesuav commented Mar 8, 2024

actually found microsoft/azurelinux#7301

@aritraghosh aritraghosh added the azurelinux Azure Linux label Mar 11, 2024
@suhuruli
Copy link

Thanks for the tag Aritra and @grzesuav for tagging the corresponding fix for this. This should get pushed out with an upcoming update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@suhuruli suhuruli

Labels
action-required azurelinux Azure Linux bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aritraghosh @grzesuav @suhuruli