Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error while creating daemon when NodePort device is TUN or WireGuard interface #12304

Closed
RaveNoX opened this issue Jun 26, 2020 · 4 comments · Fixed by #12321
Closed

Error while creating daemon when NodePort device is TUN or WireGuard interface #12304

RaveNoX opened this issue Jun 26, 2020 · 4 comments · Fixed by #12321
Assignees
@pchaigno
Labels
kind/bug This is a bug in the Cilium logic. kind/community-report This was reported by a user in the Cilium community, eg via Slack.

Comments

@RaveNoX
Copy link

RaveNoX commented Jun 26, 2020

Bug report

General Information

  • Cilium version (run cilium version)
Client: 1.8.0 f455c7e69 2020-06-22T16:14:29+02:00 go version go1.14.4 linux/amd64
Daemon: 1.8.0 f455c7e69 2020-06-22T16:14:29+02:00 go version go1.14.4 linux/amd64
  • Kernel version (run uname -a)
Linux k8s-node0 5.3.0-59-generic #53~18.04.1-Ubuntu SMP Thu Jun 4 14:58:26 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
  • Orchestration system version in use (e.g. kubectl version, Mesos, ...)
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.3", GitCommit:"2e7996e3e2712684bc73f0dec0200d64eec7fe40", GitTreeState:"clean", BuildDate:"2020-05-20T12:52:00Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.3", GitCommit:"2e7996e3e2712684bc73f0dec0200d64eec7fe40", GitTreeState:"clean", BuildDate:"2020-05-20T12:43:34Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
  • Error:
level=error msg="Command execution failed" cmd="[/var/lib/cilium/bpf/init.sh /var/lib/cilium/bpf /var/run/cilium/state 10.10.0.13 <nil> vxlan ens3;tun0 <nil> <nil> 1500 false <nil> true true false /var/run/cilium/cgroupv2 /run/cilium/bpffs true true v2 ens3=0x2864a8c0;tun0=0x2864a8c0 <nil>]" error="exit status 1" subsys=datapath-loader
level=warning msg="+ set -o pipefail" subsys=datapath-loader
level=warning msg="++ command -v cilium-map-migrate" subsys=datapath-loader
level=warning msg="+ [[ ! -n /usr/bin/cilium-map-migrate ]]" subsys=datapath-loader
level=warning msg="+ rm /var/run/cilium/state/encap.state" subsys=datapath-loader
level=warning msg="+ true" subsys=datapath-loader
level=warning msg="+ DIR=/run/cilium/state/globals" subsys=datapath-loader
level=warning msg="+ case \"${MODE}\" in" subsys=datapath-loader
level=warning msg="+ HOST_DEV1=cilium_host" subsys=datapath-loader
level=warning msg="+ HOST_DEV2=cilium_net" subsys=datapath-loader
level=warning msg="+ setup_veth_pair cilium_host cilium_net" subsys=datapath-loader
level=warning msg="+ local -r NAME1=cilium_host" subsys=datapath-loader
level=warning msg="+ local -r NAME2=cilium_net" subsys=datapath-loader
level=warning msg="++ ip link show cilium_host type veth" subsys=datapath-loader
level=warning msg="++ cut -d ' ' -f 2" subsys=datapath-loader
level=warning msg="+ '[' cilium_host@cilium_net: '!=' cilium_host@cilium_net: ']'" subsys=datapath-loader
level=warning msg="+ setup_dev cilium_host" subsys=datapath-loader
level=warning msg="+ local -r NAME=cilium_host" subsys=datapath-loader
level=warning msg="+ ip link set cilium_host up" subsys=datapath-loader
level=warning msg="+ '[' '<nil>' '!=' '<nil>' ']'" subsys=datapath-loader
level=warning msg="+ '[' 10.10.0.13 '!=' '<nil>' ']'" subsys=datapath-loader
level=warning msg="+ echo 1" subsys=datapath-loader
level=warning msg="+ echo 0" subsys=datapath-loader
level=warning msg="+ echo 1" subsys=datapath-loader
level=warning msg="+ echo 0" subsys=datapath-loader
level=warning msg="+ setup_dev cilium_net" subsys=datapath-loader
level=warning msg="+ local -r NAME=cilium_net" subsys=datapath-loader
level=warning msg="+ ip link set cilium_net up" subsys=datapath-loader
level=warning msg="+ '[' '<nil>' '!=' '<nil>' ']'" subsys=datapath-loader
level=warning msg="+ '[' 10.10.0.13 '!=' '<nil>' ']'" subsys=datapath-loader
level=warning msg="+ echo 1" subsys=datapath-loader
level=warning msg="+ echo 0" subsys=datapath-loader
level=warning msg="+ echo 1" subsys=datapath-loader
level=warning msg="+ echo 0" subsys=datapath-loader
level=warning msg="+ ip link set cilium_host arp off" subsys=datapath-loader
level=warning msg="+ ip link set cilium_net arp off" subsys=datapath-loader
level=warning msg="+ ip link set cilium_host mtu 1500" subsys=datapath-loader
level=warning msg="+ ip link set cilium_net mtu 1500" subsys=datapath-loader
level=warning msg="+ case \"${MODE}\" in" subsys=datapath-loader
level=warning msg="+ sed -i '/^#.*CILIUM_NET_MAC.*$/d' /var/run/cilium/state/globals/node_config.h" subsys=datapath-loader
level=warning msg="++ ip link show cilium_net" subsys=datapath-loader
level=warning msg="++ grep ether" subsys=datapath-loader
level=warning msg="++ awk '{print $2}'" subsys=datapath-loader
level=warning msg="+ CILIUM_NET_MAC=8a:f8:6d:9a:fb:a7" subsys=datapath-loader
level=warning msg="++ mac2array 8a:f8:6d:9a:fb:a7" subsys=datapath-loader
level=warning msg="++ echo '{0x8a,0xf8,0x6d,0x9a,0xfb,0xa7}'" subsys=datapath-loader
level=warning msg="+ CILIUM_NET_MAC='{0x8a,0xf8,0x6d,0x9a,0xfb,0xa7}'" subsys=datapath-loader
level=warning msg="+ sed -i '/^#.*CILIUM_NET_MAC.*$/d' /var/run/cilium/state/globals/node_config.h" subsys=datapath-loader
level=warning msg="+ echo '#ifndef CILIUM_NET_MAC'" subsys=datapath-loader
level=warning msg="+ echo '#define CILIUM_NET_MAC { .addr = {0x8a,0xf8,0x6d,0x9a,0xfb,0xa7}}'" subsys=datapath-loader
level=warning msg="+ echo '#endif /* CILIUM_NET_MAC */'" subsys=datapath-loader
level=warning msg="+ sed -i '/^#.*HOST_IFINDEX.*$/d' /var/run/cilium/state/globals/node_config.h" subsys=datapath-loader
level=warning msg="++ cat /sys/class/net/cilium_net/ifindex" subsys=datapath-loader
level=warning msg="+ HOST_IDX=3" subsys=datapath-loader
level=warning msg="+ echo '#define HOST_IFINDEX 3'" subsys=datapath-loader
level=warning msg="+ sed -i '/^#.*HOST_IFINDEX_MAC.*$/d' /var/run/cilium/state/globals/node_config.h" subsys=datapath-loader
level=warning msg="++ ip link show cilium_host" subsys=datapath-loader
level=warning msg="++ grep ether" subsys=datapath-loader
level=warning msg="++ awk '{print $2}'" subsys=datapath-loader
level=warning msg="+ HOST_MAC=a2:53:7a:c5:0b:17" subsys=datapath-loader
level=warning msg="++ mac2array a2:53:7a:c5:0b:17" subsys=datapath-loader
level=warning msg="++ echo '{0xa2,0x53,0x7a,0xc5,0x0b,0x17}'" subsys=datapath-loader
level=warning msg="+ HOST_MAC='{0xa2,0x53,0x7a,0xc5,0x0b,0x17}'" subsys=datapath-loader
level=warning msg="+ echo '#define HOST_IFINDEX_MAC { .addr = {0xa2,0x53,0x7a,0xc5,0x0b,0x17}}'" subsys=datapath-loader
level=warning msg="+ sed -i '/^#.*CILIUM_IFINDEX.*$/d' /var/run/cilium/state/globals/node_config.h" subsys=datapath-loader
level=warning msg="++ cat /sys/class/net/cilium_host/ifindex" subsys=datapath-loader
level=warning msg="+ CILIUM_IDX=4" subsys=datapath-loader
level=warning msg="+ echo '#define CILIUM_IFINDEX 4'" subsys=datapath-loader
level=warning msg="++ cat /proc/sys/net/ipv4/ip_local_port_range" subsys=datapath-loader
level=warning msg="++ awk '{print $1}'" subsys=datapath-loader
level=warning msg="+ CILIUM_EPHEMERAL_MIN=32768" subsys=datapath-loader
level=warning msg="+ echo '#define EPHEMERAL_MIN 32768'" subsys=datapath-loader
level=warning msg="+ '[' true = true ']'" subsys=datapath-loader
level=warning msg="+ MAC_BY_IFINDEX_MACRO='#define NATIVE_DEV_MAC_BY_IFINDEX(IFINDEX) ({ \\" subsys=datapath-loader
level=warning msg="\tunion macaddr __mac = {.addr = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}; \\" subsys=datapath-loader
level=warning msg="\tswitch (IFINDEX) { \\\\\\n'" subsys=datapath-loader
level=warning msg="+ MAC_BY_IFINDEX_MACRO_END='\t} \\" subsys=datapath-loader
level=warning msg="\t__mac; })'" subsys=datapath-loader
level=warning msg="+ for NATIVE_DEV in ${NATIVE_DEVS//;/ }" subsys=datapath-loader
level=warning msg="++ cat /sys/class/net/ens3/ifindex" subsys=datapath-loader
level=warning msg="+ IDX=2" subsys=datapath-loader
level=warning msg="++ ip link show ens3" subsys=datapath-loader
level=warning msg="++ grep ether" subsys=datapath-loader
level=warning msg="++ awk '{print $2}'" subsys=datapath-loader
level=warning msg="+ MAC=02:00:c0:a8:64:28" subsys=datapath-loader
level=warning msg="++ mac2array 02:00:c0:a8:64:28" subsys=datapath-loader
level=warning msg="++ echo '{0x02,0x00,0xc0,0xa8,0x64,0x28}'" subsys=datapath-loader
level=warning msg="+ MAC='{0x02,0x00,0xc0,0xa8,0x64,0x28}'" subsys=datapath-loader
level=warning msg="+ MAC_BY_IFINDEX_MACRO='#define NATIVE_DEV_MAC_BY_IFINDEX(IFINDEX) ({ \\" subsys=datapath-loader
level=warning msg="\tunion macaddr __mac = {.addr = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}; \\" subsys=datapath-loader
level=warning msg="\tswitch (IFINDEX) { \\\\\\n\tcase 2: {union macaddr __tmp = {.addr = {0x02,0x00,0xc0,0xa8,0x64,0x28}}; __mac=__tmp;} break; \\\\\\n'" subsys=datapath-loader
level=warning msg="+ for NATIVE_DEV in ${NATIVE_DEVS//;/ }" subsys=datapath-loader
level=warning msg="++ cat /sys/class/net/tun0/ifindex" subsys=datapath-loader
level=warning msg="+ IDX=26" subsys=datapath-loader
level=warning msg="++ ip link show tun0" subsys=datapath-loader
level=warning msg="++ grep ether" subsys=datapath-loader
level=warning msg="++ awk '{print $2}'" subsys=datapath-loader
level=warning msg="+ MAC=" subsys=datapath-loader
level=error msg="Error while initializing daemon" error="exit status 1" subsys=daemon
level=fatal msg="Error while creating daemon" error="exit status 1" subsys=daemon

Looks like it because TUN dev not have valid MAC

How to reproduce the issue

  1. Create TUN device
ip tuntap add dev tun0 mode tun
  1. Deploy cilium with multiple NodePort devices
helm repo add cilium https://helm.cilium.io/
helm repo update

helm upgrade --install \
        cilium \
        cilium/cilium \
        --version v1.8.0 \
        --namespace kube-system \
        --set global.kubeProxyReplacement=strict \
        --set global.k8sServiceHost=kubernetes \
        --set global.k8sServicePort=443 \
        --set global.hostServices.enabled=true \
        --set global.devices='{ens3,tun0}'
  1. See logs
@pchaigno pchaigno self-assigned this Jun 26, 2020
@pchaigno pchaigno added kind/bug This is a bug in the Cilium logic. kind/community-report This was reported by a user in the Cilium community, eg via Slack. labels Jun 26, 2020
@githubixx
Copy link

I've the same problem when upgrading from Cilium 1.7.5 to 1.8.0. While 1.7.5 works without issues I can't get 1.8.0 working. The error is exactly the same.

Orchestration system version in use (e.g. kubectl version, Mesos, ...):

Kubernetes 1.17.4:

Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.4", GitCommit:"8d8aa39598534325ad77120c120a22b3a990b5ea", GitTreeState:"clean", BuildDate:"2020-03-12T21:03:42Z", GoVersion:"go1.13.8", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.4", GitCommit:"8d8aa39598534325ad77120c120a22b3a990b5ea", GitTreeState:"clean", BuildDate:"2020-03-12T20:55:23Z", GoVersion:"go1.13.8", Compiler:"gc", Platform:"linux/amd64"}

Kernel (OS: Ubuntu 20.04):

Linux worker99 5.4.0-37-generic #41-Ubuntu SMP Wed Jun 3 18:57:02 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Error:

level=info msg="Skipped reading configuration file" reason="Config File \"ciliumd\" Not Found in \"[/root]\"" subsys=config
level=info msg="  --agent-health-port='9876'" subsys=daemon
level=info msg="  --agent-labels=''" subsys=daemon
level=info msg="  --allow-icmp-frag-needed='true'" subsys=daemon
level=info msg="  --allow-localhost='auto'" subsys=daemon
level=info msg="  --annotate-k8s-node='true'" subsys=daemon
level=info msg="  --auto-create-cilium-node-resource='true'" subsys=daemon
level=info msg="  --auto-direct-node-routes='false'" subsys=daemon
level=info msg="  --blacklist-conflicting-routes='true'" subsys=daemon
level=info msg="  --bpf-compile-debug='false'" subsys=daemon
level=info msg="  --bpf-ct-global-any-max='262144'" subsys=daemon
level=info msg="  --bpf-ct-global-tcp-max='524288'" subsys=daemon
level=info msg="  --bpf-ct-timeout-regular-any='1m0s'" subsys=daemon
level=info msg="  --bpf-ct-timeout-regular-tcp='6h0m0s'" subsys=daemon
level=info msg="  --bpf-ct-timeout-regular-tcp-fin='10s'" subsys=daemon
level=info msg="  --bpf-ct-timeout-regular-tcp-syn='1m0s'" subsys=daemon
level=info msg="  --bpf-ct-timeout-service-any='1m0s'" subsys=daemon
level=info msg="  --bpf-ct-timeout-service-tcp='6h0m0s'" subsys=daemon
level=info msg="  --bpf-fragments-map-max='8192'" subsys=daemon
level=info msg="  --bpf-map-dynamic-size-ratio='0'" subsys=daemon
level=info msg="  --bpf-nat-global-max='524288'" subsys=daemon
level=info msg="  --bpf-neigh-global-max='524288'" subsys=daemon
level=info msg="  --bpf-policy-map-max='16384'" subsys=daemon
level=info msg="  --bpf-root=''" subsys=daemon
level=info msg="  --bpf-sock-rev-map-max='262144'" subsys=daemon
level=info msg="  --certificates-directory='/var/run/cilium/certs'" subsys=daemon
level=info msg="  --cgroup-root=''" subsys=daemon
level=info msg="  --cluster-id='0'" subsys=daemon
level=info msg="  --cluster-name='default'" subsys=daemon
level=info msg="  --clustermesh-config='/var/lib/cilium/clustermesh/'" subsys=daemon
level=info msg="  --cmdref=''" subsys=daemon
level=info msg="  --config=''" subsys=daemon
level=info msg="  --config-dir='/tmp/cilium/config-map'" subsys=daemon
level=info msg="  --conntrack-gc-interval='0s'" subsys=daemon
level=info msg="  --datapath-mode='veth'" subsys=daemon
level=info msg="  --debug='false'" subsys=daemon
level=info msg="  --debug-verbose=''" subsys=daemon
level=info msg="  --device=''" subsys=daemon
level=info msg="  --devices=''" subsys=daemon
level=info msg="  --direct-routing-device=''" subsys=daemon
level=info msg="  --disable-cnp-status-updates='false'" subsys=daemon
level=info msg="  --disable-conntrack='false'" subsys=daemon
level=info msg="  --disable-endpoint-crd='false'" subsys=daemon
level=info msg="  --disable-envoy-version-check='false'" subsys=daemon
level=info msg="  --disable-iptables-feeder-rules=''" subsys=daemon
level=info msg="  --disable-ipv4='false'" subsys=daemon
level=info msg="  --disable-k8s-services='false'" subsys=daemon
level=info msg="  --egress-masquerade-interfaces=''" subsys=daemon
level=info msg="  --enable-auto-protect-node-port-range='true'" subsys=daemon
level=info msg="  --enable-bpf-clock-probe='false'" subsys=daemon
level=info msg="  --enable-bpf-masquerade='false'" subsys=daemon
level=info msg="  --enable-endpoint-health-checking='true'" subsys=daemon
level=info msg="  --enable-endpoint-routes='false'" subsys=daemon
level=info msg="  --enable-external-ips='true'" subsys=daemon
level=info msg="  --enable-health-checking='true'" subsys=daemon
level=info msg="  --enable-host-firewall='false'" subsys=daemon
level=info msg="  --enable-host-port='true'" subsys=daemon
level=info msg="  --enable-host-reachable-services='false'" subsys=daemon
level=info msg="  --enable-hubble='false'" subsys=daemon
level=info msg="  --enable-identity-mark='true'" subsys=daemon
level=info msg="  --enable-ip-masq-agent='false'" subsys=daemon
level=info msg="  --enable-ipsec='false'" subsys=daemon
level=info msg="  --enable-ipv4='true'" subsys=daemon
level=info msg="  --enable-ipv4-fragment-tracking='true'" subsys=daemon
level=info msg="  --enable-ipv6='false'" subsys=daemon
level=info msg="  --enable-k8s-api-discovery='false'" subsys=daemon
level=info msg="  --enable-k8s-endpoint-slice='true'" subsys=daemon
level=info msg="  --enable-k8s-event-handover='false'" subsys=daemon
level=info msg="  --enable-l7-proxy='true'" subsys=daemon
level=info msg="  --enable-local-node-route='true'" subsys=daemon
level=info msg="  --enable-node-port='false'" subsys=daemon
level=info msg="  --enable-policy='default'" subsys=daemon
level=info msg="  --enable-remote-node-identity='true'" subsys=daemon
level=info msg="  --enable-selective-regeneration='true'" subsys=daemon
level=info msg="  --enable-session-affinity='false'" subsys=daemon
level=info msg="  --enable-tracing='false'" subsys=daemon
level=info msg="  --enable-well-known-identities='false'" subsys=daemon
level=info msg="  --enable-xt-socket-fallback='true'" subsys=daemon
level=info msg="  --encrypt-interface=''" subsys=daemon
level=info msg="  --encrypt-node='false'" subsys=daemon
level=info msg="  --endpoint-interface-name-prefix='lxc+'" subsys=daemon
level=info msg="  --endpoint-queue-size='25'" subsys=daemon
level=info msg="  --endpoint-status=''" subsys=daemon
level=info msg="  --envoy-log=''" subsys=daemon
level=info msg="  --exclude-local-address=''" subsys=daemon
level=info msg="  --fixed-identity-mapping='map[]'" subsys=daemon
level=info msg="  --flannel-master-device=''" subsys=daemon
level=info msg="  --flannel-uninstall-on-exit='false'" subsys=daemon
level=info msg="  --force-local-policy-eval-at-source='true'" subsys=daemon
level=info msg="  --host-reachable-services-protos=''" subsys=daemon
level=info msg="  --http-403-msg=''" subsys=daemon
level=info msg="  --http-idle-timeout='0'" subsys=daemon
level=info msg="  --http-max-grpc-timeout='0'" subsys=daemon
level=info msg="  --http-request-timeout='3600'" subsys=daemon
level=info msg="  --http-retry-count='3'" subsys=daemon
level=info msg="  --http-retry-timeout='0'" subsys=daemon
level=info msg="  --hubble-event-queue-size='0'" subsys=daemon
level=info msg="  --hubble-flow-buffer-size='4095'" subsys=daemon
level=info msg="  --hubble-listen-address=''" subsys=daemon
level=info msg="  --hubble-metrics=''" subsys=daemon
level=info msg="  --hubble-metrics-server=''" subsys=daemon
level=info msg="  --hubble-socket-path='/var/run/cilium/hubble.sock'" subsys=daemon
level=info msg="  --identity-allocation-mode='crd'" subsys=daemon
level=info msg="  --identity-change-grace-period='5s'" subsys=daemon
level=info msg="  --install-iptables-rules='true'" subsys=daemon
level=info msg="  --ip-allocation-timeout='2m0s'" subsys=daemon
level=info msg="  --ip-masq-agent-config-path='/etc/config/ip-masq-agent'" subsys=daemon
level=info msg="  --ipam='hostscope-legacy'" subsys=daemon
level=info msg="  --ipsec-key-file=''" subsys=daemon
level=info msg="  --iptables-lock-timeout='5s'" subsys=daemon
level=info msg="  --ipv4-cluster-cidr-mask-size='8'" subsys=daemon
level=info msg="  --ipv4-node='auto'" subsys=daemon
level=info msg="  --ipv4-pod-subnets=''" subsys=daemon
level=info msg="  --ipv4-range='auto'" subsys=daemon
level=info msg="  --ipv4-service-loopback-address='169.254.42.1'" subsys=daemon
level=info msg="  --ipv4-service-range='auto'" subsys=daemon
level=info msg="  --ipv6-cluster-alloc-cidr='f00d::/64'" subsys=daemon
level=info msg="  --ipv6-node='auto'" subsys=daemon
level=info msg="  --ipv6-pod-subnets=''" subsys=daemon
level=info msg="  --ipv6-range='auto'" subsys=daemon
level=info msg="  --ipv6-service-range='auto'" subsys=daemon
level=info msg="  --ipvlan-master-device='undefined'" subsys=daemon
level=info msg="  --k8s-api-server=''" subsys=daemon
level=info msg="  --k8s-force-json-patch='false'" subsys=daemon
level=info msg="  --k8s-heartbeat-timeout='30s'" subsys=daemon
level=info msg="  --k8s-kubeconfig-path=''" subsys=daemon
level=info msg="  --k8s-namespace='cilium'" subsys=daemon
level=info msg="  --k8s-require-ipv4-pod-cidr='false'" subsys=daemon
level=info msg="  --k8s-require-ipv6-pod-cidr='false'" subsys=daemon
level=info msg="  --k8s-service-cache-size='128'" subsys=daemon
level=info msg="  --k8s-watcher-endpoint-selector='metadata.name!=kube-scheduler,metadata.name!=kube-controller-manager,metadata.name!=etcd-operator,metadata.name!=gcp-controller-manager'" subsys=daemon
level=info msg="  --k8s-watcher-queue-size='1024'" subsys=daemon
level=info msg="  --keep-bpf-templates='false'" subsys=daemon
level=info msg="  --keep-config='false'" subsys=daemon
level=info msg="  --kube-proxy-replacement='probe'" subsys=daemon
level=info msg="  --kvstore='etcd'" subsys=daemon
level=info msg="  --kvstore-connectivity-timeout='2m0s'" subsys=daemon
level=info msg="  --kvstore-lease-ttl='15m0s'" subsys=daemon
level=info msg="  --kvstore-opt='{\"etcd.config\": \"/var/lib/etcd-config/etcd.config\"}'" subsys=daemon
level=info msg="  --kvstore-periodic-sync='5m0s'" subsys=daemon
level=info msg="  --label-prefix-file=''" subsys=daemon
level=info msg="  --labels=''" subsys=daemon
level=info msg="  --lib-dir='/var/lib/cilium'" subsys=daemon
level=info msg="  --log-driver=''" subsys=daemon
level=info msg="  --log-opt='map[]'" subsys=daemon
level=info msg="  --log-system-load='false'" subsys=daemon
level=info msg="  --masquerade='true'" subsys=daemon
level=info msg="  --max-controller-interval='0'" subsys=daemon
level=info msg="  --metrics=''" subsys=daemon
level=info msg="  --monitor-aggregation='medium'" subsys=daemon
level=info msg="  --monitor-aggregation-flags='all'" subsys=daemon
level=info msg="  --monitor-aggregation-interval='5s'" subsys=daemon
level=info msg="  --monitor-queue-size='0'" subsys=daemon
level=info msg="  --mtu='0'" subsys=daemon
level=info msg="  --nat46-range='0:0:0:0:0:FFFF::/96'" subsys=daemon
level=info msg="  --native-routing-cidr=''" subsys=daemon
level=info msg="  --node-port-acceleration='disabled'" subsys=daemon
level=info msg="  --node-port-bind-protection='true'" subsys=daemon
level=info msg="  --node-port-mode='snat'" subsys=daemon
level=info msg="  --node-port-range=''" subsys=daemon
level=info msg="  --policy-audit-mode='false'" subsys=daemon
level=info msg="  --policy-queue-size='100'" subsys=daemon
level=info msg="  --policy-trigger-interval='1s'" subsys=daemon
level=info msg="  --pprof='false'" subsys=daemon
level=info msg="  --preallocate-bpf-maps='false'" subsys=daemon
level=info msg="  --prefilter-device='undefined'" subsys=daemon
level=info msg="  --prefilter-mode='native'" subsys=daemon
level=info msg="  --prepend-iptables-chains='true'" subsys=daemon
level=info msg="  --prometheus-serve-addr=''" subsys=daemon
level=info msg="  --proxy-connect-timeout='1'" subsys=daemon
level=info msg="  --read-cni-conf=''" subsys=daemon
level=info msg="  --restore='true'" subsys=daemon
level=info msg="  --sidecar-istio-proxy-image='cilium/istio_proxy'" subsys=daemon
level=info msg="  --single-cluster-route='false'" subsys=daemon
level=info msg="  --skip-crd-creation='false'" subsys=daemon
level=info msg="  --socket-path='/var/run/cilium/cilium.sock'" subsys=daemon
level=info msg="  --sockops-enable='false'" subsys=daemon
level=info msg="  --state-dir='/var/run/cilium'" subsys=daemon
level=info msg="  --tofqdns-dns-reject-response-code='refused'" subsys=daemon
level=info msg="  --tofqdns-enable-dns-compression='true'" subsys=daemon
level=info msg="  --tofqdns-enable-poller='false'" subsys=daemon
level=info msg="  --tofqdns-enable-poller-events='true'" subsys=daemon
level=info msg="  --tofqdns-endpoint-max-ip-per-hostname='50'" subsys=daemon
level=info msg="  --tofqdns-max-deferred-connection-deletes='10000'" subsys=daemon
level=info msg="  --tofqdns-min-ttl='0'" subsys=daemon
level=info msg="  --tofqdns-pre-cache=''" subsys=daemon
level=info msg="  --tofqdns-proxy-port='0'" subsys=daemon
level=info msg="  --tofqdns-proxy-response-max-delay='100ms'" subsys=daemon
level=info msg="  --trace-payloadlen='128'" subsys=daemon
level=info msg="  --tunnel='vxlan'" subsys=daemon
level=info msg="  --version='false'" subsys=daemon
level=info msg="  --write-cni-conf-when-ready=''" subsys=daemon
level=info msg="     _ _ _" subsys=daemon
level=info msg=" ___|_| |_|_ _ _____" subsys=daemon
level=info msg="|  _| | | | | |     |" subsys=daemon
level=info msg="|___|_|_|_|___|_|_|_|" subsys=daemon
level=info msg="Cilium 1.8.0 f455c7e69 2020-06-22T16:14:29+02:00 go version go1.14.4 linux/amd64" subsys=daemon
level=info msg="cilium-envoy  version: a8f292139e923b205525feb2c8a4377005904776/1.13.2/Modified/RELEASE/BoringSSL" subsys=daemon
level=info msg="clang (10.0.0) and kernel (5.4.0) versions: OK!" subsys=linux-datapath
level=info msg="linking environment: OK!" subsys=linux-datapath
level=warning msg="BPF system config check: NOT OK." error="CONFIG_BPF kernel parameter is required" subsys=linux-datapath
level=info msg="Detected mounted BPF filesystem at /sys/fs/bpf" subsys=bpf
level=info msg="Valid label prefix configuration:" subsys=labels-filter
level=info msg=" - :io.kubernetes.pod.namespace" subsys=labels-filter
level=info msg=" - :io.cilium.k8s.namespace.labels" subsys=labels-filter
level=info msg=" - :app.kubernetes.io" subsys=labels-filter
level=info msg=" - !:io.kubernetes" subsys=labels-filter
level=info msg=" - !:kubernetes.io" subsys=labels-filter
level=info msg=" - !:.*beta.kubernetes.io" subsys=labels-filter
level=info msg=" - !:k8s.io" subsys=labels-filter
level=info msg=" - !:pod-template-generation" subsys=labels-filter
level=info msg=" - !:pod-template-hash" subsys=labels-filter
level=info msg=" - !:controller-revision-hash" subsys=labels-filter
level=info msg=" - !:annotation.*" subsys=labels-filter
level=info msg=" - !:etcd_node" subsys=labels-filter
level=info msg="Using autogenerated IPv4 allocation range" subsys=node v4Prefix=10.240.0.0/16
level=info msg="Initializing daemon" subsys=daemon
level=info msg="Establishing connection to apiserver" host="https://10.32.0.1:443" subsys=k8s
level=info msg="Connected to apiserver" subsys=k8s
level=info msg="Unable to retrieve EndpointSlices for default/kubernetes. Disabling EndpointSlices" error="endpointslices.discovery.k8s.io \"kubernetes\" not found" subsys=k8s
level=info msg="Inheriting MTU from external network interface" device=enp1s0 ipAddr=192.168.2.240 mtu=1500 subsys=mtu
level=info msg="Trying to auto-enable \"enable-node-port\", \"enable-external-ips\", \"enable-host-reachable-services\", \"enable-host-port\", \"enable-session-affinity\" features" subsys=daemon
level=warning msg="Session affinity for host reachable services needs kernel 5.7.0 or newer to work properly when accessed from inside cluster: the same service endpoint will be selected from all network namespaces on the host." subsys=daemon
level=info msg="Restored services from maps" failed=0 restored=3 subsys=service
level=info msg="CRD (CustomResourceDefinition) is installed and up-to-date" name=CiliumNetworkPolicy/v2 subsys=k8s
level=info msg="CRD (CustomResourceDefinition) is installed and up-to-date" name=CiliumClusterwideNetworkPolicy/v2 subsys=k8s
level=info msg="CRD (CustomResourceDefinition) is installed and up-to-date" name=v2.CiliumEndpoint subsys=k8s
level=info msg="CRD (CustomResourceDefinition) is installed and up-to-date" name=v2.CiliumNode subsys=k8s
level=info msg="CRD (CustomResourceDefinition) is installed and up-to-date" name=v2.CiliumIdentity subsys=k8s
level=info msg="Retrieved node information from kubernetes node" nodeName=worker99 subsys=k8s
level=info msg="Received own node information from API server" ipAddr.ipv4=10.8.0.240 ipAddr.ipv6="<nil>" k8sNodeIP=10.8.0.240 nodeName=worker99 subsys=k8s v4Prefix=10.240.0.0/16 v6Prefix="<nil>"
level=info msg="k8s mode: Allowing localhost to reach local endpoints" subsys=daemon
level=info msg="Using auto-derived devices for BPF node port" devices="[enp1s0 wg0]" directRoutingDevice=wg0 subsys=daemon
level=info msg="Enabling k8s event listener" subsys=k8s-watcher
level=info msg="Removing stale endpoint interfaces" subsys=daemon
level=info msg="Waiting until all pre-existing resources related to policy have been received" subsys=k8s-watcher
level=info msg="Initializing node addressing" subsys=daemon
level=info msg="Restored router address from node_config" file=/var/run/cilium/state/globals/node_config.h ipv4=10.240.171.253 ipv6="<nil>" subsys=node
level=info msg="Initializing hostscope-legacy IPAM" subsys=ipam v4Prefix=10.240.0.0/16 v6Prefix="<nil>"
level=info msg="Restoring endpoints..." subsys=daemon
level=info msg="Envoy: Starting xDS gRPC server listening on /var/run/cilium/xds.sock" subsys=envoy-manager
level=info msg="regenerating all endpoints" reason="Named ports added or updated" subsys=endpoint-manager
level=info msg="Endpoints restored" failed=0 restored=1 subsys=daemon
level=info msg="Addressing information:" subsys=daemon
level=info msg="  Cluster-Name: default" subsys=daemon
level=info msg="  Cluster-ID: 0" subsys=daemon
level=info msg="  Local node-name: worker99" subsys=daemon
level=info msg="  Node-IPv6: <nil>" subsys=daemon
level=info msg="  External-Node IPv4: 10.8.0.240" subsys=daemon
level=info msg="  Internal-Node IPv4: 10.240.171.253" subsys=daemon
level=info msg="  IPv4 allocation prefix: 10.240.0.0/16" subsys=daemon
level=info msg="  Loopback IPv4: 169.254.42.1" subsys=daemon
level=info msg="  Local IPv4 addresses:" subsys=daemon
level=info msg="  - 192.168.2.240" subsys=daemon
level=info msg="  - 10.240.171.253" subsys=daemon
level=info msg="Annotating k8s node" subsys=daemon v4CiliumHostIP.IPv4=10.240.171.253 v4Prefix=10.240.0.0/16 v4healthIP.IPv4=10.240.25.202 v6CiliumHostIP.IPv6="<nil>" v6Prefix="<nil>" v6healthIP.IPv6="<nil>"
level=error msg="Unable to enqueue endpoint policy visibility event" containerID=3c13fb60cf datapathPolicyRevision=0 desiredPolicyRevision=0 endpointID=2981 error="unable to Enqueue event" identity=12557 ipv4=10.240.2.83 ipv6= k8sPodName=kube-system/coredns-6df4b989dc-bnmd2 subsys=endpoint
level=info msg="Adding local node to cluster" node="{worker99 default [{InternalIP 10.8.0.240} {CiliumInternalIP 10.240.171.253}] 10.240.0.0/16 <nil> 10.240.25.202 <nil> 0 local 0 map[]}" subsys=nodediscovery
level=info msg="All pre-existing resources related to policy have been received; continuing" subsys=k8s-watcher
level=info msg="Initializing identity allocator" subsys=identity-cache
level=info msg="Cluster-ID is not specified, skipping ClusterMesh initialization" subsys=daemon
level=info msg="Setting up base BPF datapath (BPF v2 instruction set, ktime clock source)" subsys=datapath-loader
level=info msg="Setting sysctl net.core.bpf_jit_enable=1" subsys=datapath-loader
level=info msg="Setting sysctl net.ipv4.conf.all.rp_filter=0" subsys=datapath-loader
level=info msg="Setting sysctl kernel.unprivileged_bpf_disabled=1" subsys=datapath-loader
level=error msg="Command execution failed" cmd="[/var/lib/cilium/bpf/init.sh /var/lib/cilium/bpf /var/run/cilium/state 10.240.171.253 <nil> vxlan enp1s0;wg0 <nil> <nil> 1500 false <nil> true true false /var/run/cilium/cgroupv2 /sys/fs/bpf true true v2 wg0=0xf000080a;enp1s0=0xf002a8c0 <nil>]" error="exit status 1" subsys=datapath-loader
level=warning msg="+ set -o pipefail" subsys=datapath-loader
level=warning msg="++ command -v cilium-map-migrate" subsys=datapath-loader
level=warning msg="+ [[ ! -n /usr/bin/cilium-map-migrate ]]" subsys=datapath-loader
level=warning msg="+ rm /var/run/cilium/state/encap.state" subsys=datapath-loader
level=warning msg="+ true" subsys=datapath-loader
level=warning msg="+ DIR=/run/cilium/state/globals" subsys=datapath-loader
level=warning msg="+ case \"${MODE}\" in" subsys=datapath-loader
level=warning msg="+ HOST_DEV1=cilium_host" subsys=datapath-loader
level=warning msg="+ HOST_DEV2=cilium_net" subsys=datapath-loader
level=warning msg="+ setup_veth_pair cilium_host cilium_net" subsys=datapath-loader
level=warning msg="+ local -r NAME1=cilium_host" subsys=datapath-loader
level=warning msg="+ local -r NAME2=cilium_net" subsys=datapath-loader
level=warning msg="++ ip link show cilium_host type veth" subsys=datapath-loader
level=warning msg="++ cut -d ' ' -f 2" subsys=datapath-loader
level=warning msg="+ '[' cilium_host@cilium_net: '!=' cilium_host@cilium_net: ']'" subsys=datapath-loader
level=warning msg="+ setup_dev cilium_host" subsys=datapath-loader
level=warning msg="+ local -r NAME=cilium_host" subsys=datapath-loader
level=warning msg="+ ip link set cilium_host up" subsys=datapath-loader
level=warning msg="+ '[' '<nil>' '!=' '<nil>' ']'" subsys=datapath-loader
level=warning msg="+ '[' 10.240.171.253 '!=' '<nil>' ']'" subsys=datapath-loader
level=warning msg="+ echo 1" subsys=datapath-loader
level=warning msg="+ echo 0" subsys=datapath-loader
level=warning msg="+ echo 1" subsys=datapath-loader
level=warning msg="+ echo 0" subsys=datapath-loader
level=warning msg="+ setup_dev cilium_net" subsys=datapath-loader
level=warning msg="+ local -r NAME=cilium_net" subsys=datapath-loader
level=warning msg="+ ip link set cilium_net up" subsys=datapath-loader
level=warning msg="+ '[' '<nil>' '!=' '<nil>' ']'" subsys=datapath-loader
level=warning msg="+ '[' 10.240.171.253 '!=' '<nil>' ']'" subsys=datapath-loader
level=warning msg="+ echo 1" subsys=datapath-loader
level=warning msg="+ echo 0" subsys=datapath-loader
level=warning msg="+ echo 1" subsys=datapath-loader
level=warning msg="+ echo 0" subsys=datapath-loader
level=warning msg="+ ip link set cilium_host arp off" subsys=datapath-loader
level=warning msg="+ ip link set cilium_net arp off" subsys=datapath-loader
level=warning msg="+ ip link set cilium_host mtu 1500" subsys=datapath-loader
level=warning msg="+ ip link set cilium_net mtu 1500" subsys=datapath-loader
level=warning msg="+ case \"${MODE}\" in" subsys=datapath-loader
level=warning msg="+ sed -i '/^#.*CILIUM_NET_MAC.*$/d' /var/run/cilium/state/globals/node_config.h" subsys=datapath-loader
level=warning msg="++ ip link show cilium_net" subsys=datapath-loader
level=warning msg="++ grep ether" subsys=datapath-loader
level=warning msg="++ awk '{print $2}'" subsys=datapath-loader
level=warning msg="+ CILIUM_NET_MAC=1a:d5:e4:b9:bb:aa" subsys=datapath-loader
level=warning msg="++ mac2array 1a:d5:e4:b9:bb:aa" subsys=datapath-loader
level=warning msg="++ echo '{0x1a,0xd5,0xe4,0xb9,0xbb,0xaa}'" subsys=datapath-loader
level=warning msg="+ CILIUM_NET_MAC='{0x1a,0xd5,0xe4,0xb9,0xbb,0xaa}'" subsys=datapath-loader
level=warning msg="+ sed -i '/^#.*CILIUM_NET_MAC.*$/d' /var/run/cilium/state/globals/node_config.h" subsys=datapath-loader
level=warning msg="+ echo '#ifndef CILIUM_NET_MAC'" subsys=datapath-loader
level=warning msg="+ echo '#define CILIUM_NET_MAC { .addr = {0x1a,0xd5,0xe4,0xb9,0xbb,0xaa}}'" subsys=datapath-loader
level=warning msg="+ echo '#endif /* CILIUM_NET_MAC */'" subsys=datapath-loader
level=warning msg="+ sed -i '/^#.*HOST_IFINDEX.*$/d' /var/run/cilium/state/globals/node_config.h" subsys=datapath-loader
level=warning msg="++ cat /sys/class/net/cilium_net/ifindex" subsys=datapath-loader
level=warning msg="+ HOST_IDX=6" subsys=datapath-loader
level=warning msg="+ echo '#define HOST_IFINDEX 6'" subsys=datapath-loader
level=warning msg="+ sed -i '/^#.*HOST_IFINDEX_MAC.*$/d' /var/run/cilium/state/globals/node_config.h" subsys=datapath-loader
level=warning msg="++ ip link show cilium_host" subsys=datapath-loader
level=warning msg="++ grep ether" subsys=datapath-loader
level=warning msg="++ awk '{print $2}'" subsys=datapath-loader
level=warning msg="+ HOST_MAC=de:5c:37:50:70:41" subsys=datapath-loader
level=warning msg="++ mac2array de:5c:37:50:70:41" subsys=datapath-loader
level=warning msg="++ echo '{0xde,0x5c,0x37,0x50,0x70,0x41}'" subsys=datapath-loader
level=warning msg="+ HOST_MAC='{0xde,0x5c,0x37,0x50,0x70,0x41}'" subsys=datapath-loader
level=warning msg="+ echo '#define HOST_IFINDEX_MAC { .addr = {0xde,0x5c,0x37,0x50,0x70,0x41}}'" subsys=datapath-loader
level=warning msg="+ sed -i '/^#.*CILIUM_IFINDEX.*$/d' /var/run/cilium/state/globals/node_config.h" subsys=datapath-loader
level=warning msg="++ cat /sys/class/net/cilium_host/ifindex" subsys=datapath-loader
level=warning msg="+ CILIUM_IDX=7" subsys=datapath-loader
level=warning msg="+ echo '#define CILIUM_IFINDEX 7'" subsys=datapath-loader
level=warning msg="++ cat /proc/sys/net/ipv4/ip_local_port_range" subsys=datapath-loader
level=warning msg="++ awk '{print $1}'" subsys=datapath-loader
level=warning msg="+ CILIUM_EPHEMERAL_MIN=32768" subsys=datapath-loader
level=warning msg="+ echo '#define EPHEMERAL_MIN 32768'" subsys=datapath-loader
level=warning msg="+ '[' true = true ']'" subsys=datapath-loader
level=warning msg="+ MAC_BY_IFINDEX_MACRO='#define NATIVE_DEV_MAC_BY_IFINDEX(IFINDEX) ({ \\" subsys=datapath-loader
level=warning msg="\tunion macaddr __mac = {.addr = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}; \\" subsys=datapath-loader
level=warning msg="\tswitch (IFINDEX) { \\\\\\n'" subsys=datapath-loader
level=warning msg="+ MAC_BY_IFINDEX_MACRO_END='\t} \\" subsys=datapath-loader
level=warning msg="\t__mac; })'" subsys=datapath-loader
level=warning msg="+ for NATIVE_DEV in ${NATIVE_DEVS//;/ }" subsys=datapath-loader
level=warning msg="++ cat /sys/class/net/enp1s0/ifindex" subsys=datapath-loader
level=warning msg="+ IDX=2" subsys=datapath-loader
level=warning msg="++ ip link show enp1s0" subsys=datapath-loader
level=warning msg="++ grep ether" subsys=datapath-loader
level=warning msg="++ awk '{print $2}'" subsys=datapath-loader
level=warning msg="+ MAC=52:54:00:7e:31:07" subsys=datapath-loader
level=warning msg="++ mac2array 52:54:00:7e:31:07" subsys=datapath-loader
level=warning msg="++ echo '{0x52,0x54,0x00,0x7e,0x31,0x07}'" subsys=datapath-loader
level=warning msg="+ MAC='{0x52,0x54,0x00,0x7e,0x31,0x07}'" subsys=datapath-loader
level=warning msg="+ MAC_BY_IFINDEX_MACRO='#define NATIVE_DEV_MAC_BY_IFINDEX(IFINDEX) ({ \\" subsys=datapath-loader
level=warning msg="\tunion macaddr __mac = {.addr = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}; \\" subsys=datapath-loader
level=warning msg="\tswitch (IFINDEX) { \\\\\\n\tcase 2: {union macaddr __tmp = {.addr = {0x52,0x54,0x00,0x7e,0x31,0x07}}; __mac=__tmp;} break; \\\\\\n'" subsys=datapath-loader
level=warning msg="+ for NATIVE_DEV in ${NATIVE_DEVS//;/ }" subsys=datapath-loader
level=warning msg="++ cat /sys/class/net/wg0/ifindex" subsys=datapath-loader
level=warning msg="+ IDX=3" subsys=datapath-loader
level=warning msg="++ ip link show wg0" subsys=datapath-loader
level=warning msg="++ grep ether" subsys=datapath-loader
level=warning msg="++ awk '{print $2}'" subsys=datapath-loader
level=warning msg="+ MAC=" subsys=datapath-loader
level=error msg="Error while initializing daemon" error="exit status 1" subsys=daemon
level=fatal msg="Error while creating daemon" error="exit status 1" subsys=daemon
level=info msg="regenerating all endpoints" reason="one or more identities created or deleted, Named ports added or updated" subsys=endpoint-manager
level=info msg="regenerating all endpoints" reason= subsys=endpoint-manager

helm values.yml:

agent:
  keepDeprecatedProbes: true

config:
  upgradeCompatibility: "1.7"

global:
  cni:
    chainingMode: portmap
  etcd:
    enabled: true
    endpoints:
      - https://10.8.0.230:2379
      - https://10.8.0.231:2379
      - https://10.8.0.232:2379
    ssl: true

wg0 in my case is a WireGuard interface:

ip link show wg0
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/none

The whole Kubernetes cluster communicates via WireGuard to encrypt all communication between Kubernetes hosts.

@pchaigno pchaigno changed the title Multiple NodePort devices failed when dev is TUN Error while creating daemon when NodePort device is TUN or WireGuard interface Jun 29, 2020
pchaigno added a commit that referenced this issue Jun 29, 2020
@pchaigno
daemon: Skip devices without hw address during device detection
29f5e31 
We need NodePort and direct routing devices to have a MAC address. If
they don't, init.sh fails with the following error:

    level=warning msg="+ for NATIVE_DEV in ${NATIVE_DEVS//;/ }" subsys=datapath-loader
    level=warning msg="++ cat /sys/class/net/lo/ifindex" subsys=datapath-loader
    level=warning msg="+ IDX=1" subsys=datapath-loader
    level=warning msg="++ ip link show lo" subsys=datapath-loader
    level=warning msg="++ grep ether" subsys=datapath-loader
    level=warning msg="++ awk '{print $2}'" subsys=datapath-loader
    level=warning msg="+ MAC=" subsys=datapath-loader
    level=error msg="Error while initializing daemon" error="exit status 1" subsys=daemon
    level=fatal msg="Error while creating daemon" error="exit status 1" subsys=daemon

Thus, we need to skip auto-detected devices that don't have a MAC
address. This commit implements that and was tested by injecting a
loopback interface with an IP address in the code, in the dev. VM:

    loAddr, err := netlink.ParseAddr("192.168.33.11/32")
    if err == nil {
        loAddr.LinkIndex = 1
        addrs = append(addrs, *loAddr)
    }

Fixes: #12228
Fixes: #12304
Fixes: 6730d0f ("daemon: Extend BPF NodePort device auto-detection")
Signed-off-by: Paul Chaignon <paul@cilium.io>
@pchaigno pchaigno mentioned this issue Jun 29, 2020
Merged
joestringer pushed a commit that referenced this issue Jun 29, 2020
@pchaigno @joestringer
daemon: Skip devices without hw address during device detection
089060b 
We need NodePort and direct routing devices to have a MAC address. If
they don't, init.sh fails with the following error:

    level=warning msg="+ for NATIVE_DEV in ${NATIVE_DEVS//;/ }" subsys=datapath-loader
    level=warning msg="++ cat /sys/class/net/lo/ifindex" subsys=datapath-loader
    level=warning msg="+ IDX=1" subsys=datapath-loader
    level=warning msg="++ ip link show lo" subsys=datapath-loader
    level=warning msg="++ grep ether" subsys=datapath-loader
    level=warning msg="++ awk '{print $2}'" subsys=datapath-loader
    level=warning msg="+ MAC=" subsys=datapath-loader
    level=error msg="Error while initializing daemon" error="exit status 1" subsys=daemon
    level=fatal msg="Error while creating daemon" error="exit status 1" subsys=daemon

Thus, we need to skip auto-detected devices that don't have a MAC
address. This commit implements that and was tested by injecting a
loopback interface with an IP address in the code, in the dev. VM:

    loAddr, err := netlink.ParseAddr("192.168.33.11/32")
    if err == nil {
        loAddr.LinkIndex = 1
        addrs = append(addrs, *loAddr)
    }

Fixes: #12228
Fixes: #12304
Fixes: 6730d0f ("daemon: Extend BPF NodePort device auto-detection")
Signed-off-by: Paul Chaignon <paul@cilium.io>
christarazi pushed a commit that referenced this issue Jun 30, 2020
@pchaigno @christarazi
daemon: Skip devices without hw address during device detection
27d3b44 
[ upstream commit 089060b ]

We need NodePort and direct routing devices to have a MAC address. If
they don't, init.sh fails with the following error:

    level=warning msg="+ for NATIVE_DEV in ${NATIVE_DEVS//;/ }" subsys=datapath-loader
    level=warning msg="++ cat /sys/class/net/lo/ifindex" subsys=datapath-loader
    level=warning msg="+ IDX=1" subsys=datapath-loader
    level=warning msg="++ ip link show lo" subsys=datapath-loader
    level=warning msg="++ grep ether" subsys=datapath-loader
    level=warning msg="++ awk '{print $2}'" subsys=datapath-loader
    level=warning msg="+ MAC=" subsys=datapath-loader
    level=error msg="Error while initializing daemon" error="exit status 1" subsys=daemon
    level=fatal msg="Error while creating daemon" error="exit status 1" subsys=daemon

Thus, we need to skip auto-detected devices that don't have a MAC
address. This commit implements that and was tested by injecting a
loopback interface with an IP address in the code, in the dev. VM:

    loAddr, err := netlink.ParseAddr("192.168.33.11/32")
    if err == nil {
        loAddr.LinkIndex = 1
        addrs = append(addrs, *loAddr)
    }

Fixes: #12228
Fixes: #12304
Fixes: 6730d0f ("daemon: Extend BPF NodePort device auto-detection")
Signed-off-by: Paul Chaignon <paul@cilium.io>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
@RaveNoX
Copy link
Author

RaveNoX commented Jun 30, 2020

It is goot than now cillium starts without error, but it will be nice to have NodePort working on such devices (TUN, WireGuard, etc).
Do I need to create a separate issue for this, or does it already exist? @christarazi

@pchaigno
Copy link
Member

@RaveNoX #12317 will track adding support for devices that don't have a HW address (TUN, WireGuard, loopback, etc.).

@RaveNoX
Copy link
Author

RaveNoX commented Jun 30, 2020

Thank you.

joestringer pushed a commit that referenced this issue Jun 30, 2020
@pchaigno @joestringer
daemon: Skip devices without hw address during device detection
7e974ae 
[ upstream commit 089060b ]

We need NodePort and direct routing devices to have a MAC address. If
they don't, init.sh fails with the following error:

    level=warning msg="+ for NATIVE_DEV in ${NATIVE_DEVS//;/ }" subsys=datapath-loader
    level=warning msg="++ cat /sys/class/net/lo/ifindex" subsys=datapath-loader
    level=warning msg="+ IDX=1" subsys=datapath-loader
    level=warning msg="++ ip link show lo" subsys=datapath-loader
    level=warning msg="++ grep ether" subsys=datapath-loader
    level=warning msg="++ awk '{print $2}'" subsys=datapath-loader
    level=warning msg="+ MAC=" subsys=datapath-loader
    level=error msg="Error while initializing daemon" error="exit status 1" subsys=daemon
    level=fatal msg="Error while creating daemon" error="exit status 1" subsys=daemon

Thus, we need to skip auto-detected devices that don't have a MAC
address. This commit implements that and was tested by injecting a
loopback interface with an IP address in the code, in the dev. VM:

    loAddr, err := netlink.ParseAddr("192.168.33.11/32")
    if err == nil {
        loAddr.LinkIndex = 1
        addrs = append(addrs, *loAddr)
    }

Fixes: #12228
Fixes: #12304
Fixes: 6730d0f ("daemon: Extend BPF NodePort device auto-detection")
Signed-off-by: Paul Chaignon <paul@cilium.io>
Signed-off-by: Chris Tarazi <chris@isovalent.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pchaigno pchaigno

Labels
kind/bug This is a bug in the Cilium logic. kind/community-report This was reported by a user in the Cilium community, eg via Slack.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

daemon: Skip devices without hardware address during device detection cilium/cilium
3 participants
@RaveNoX @pchaigno @githubixx