New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Module nf_conntrack_ipv4 not found in directory /lib/modules/4.19.0-coreos #2518

Closed
ijl opened this Issue Oct 26, 2018 · 6 comments

Comments

Projects
None yet
3 participants
@ijl

ijl commented Oct 26, 2018

Issue Report

The kernel module nf_conntrack_ipv4 is not available on the 4.19 kernel in 1939.0.0. This breaks ipvs. This was available on the 4.18 kernels.

Bug

Container Linux Version

$ cat /etc/os-release
NAME="Container Linux by CoreOS"
ID=coreos
VERSION=1939.0.0
VERSION_ID=1939.0.0
BUILD_ID=2018-10-22-2357
PRETTY_NAME="Container Linux by CoreOS 1939.0.0 (Rhyolite)"
ANSI_COLOR="38;5;75"
HOME_URL="https://coreos.com/"
BUG_REPORT_URL="https://issues.coreos.com"
COREOS_BOARD="amd64-usr"

Reproduction Steps

core # modprobe -- nf_conntrack_ipv4
modprobe: FATAL: Module nf_conntrack_ipv4 not found in directory /lib/modules/4.19.0-coreos
@dm0-

This comment has been minimized.

Member

dm0- commented Oct 26, 2018

What is actually failing? It looks okay if I run ipvsadm directly.

[   22.461066] IPVS: Registered protocols (TCP, UDP, SCTP, AH, ESP)
[   22.461415] IPVS: Connection hash table configured (size=4096, memory=64Kbytes)
[   22.461724] IPVS: ipvs loaded.

The nf_conntrack_ipv4 modules isn't supposed to exist since torvalds/linux@a0ae256.

@bgilbert

This comment has been minimized.

Member

bgilbert commented Oct 26, 2018

If for some reason you need to load the module directly, modprobe nf_conntrack should be sufficient in 4.19.

@ijl

This comment has been minimized.

ijl commented Oct 26, 2018

The error is kube-proxy failing to run in ipvs mode due to a check for nf_conntrack_ipv4 specifically (https://github.com/kubernetes/kubernetes/blob/6a8a8597f5bf4de29b7b88384529188df0b71337/pkg/util/ipvs/ipvs.go#L70-L77). So agreed this is an issue with kubernetes and not coreos. Thank you for looking into it.

@bgilbert

This comment has been minimized.

Member

bgilbert commented Oct 26, 2018

Okay, thanks for the info. I'm looking at working around this in Container Linux.

  1. Does kube-proxy fail entirely, or only produce a warning? Could you post any error messages?
  2. Would you be willing to report this problem upstream to Kubernetes?
@ijl

This comment has been minimized.

ijl commented Oct 26, 2018

@bgilbert it runs while falling back to using iptables. More on the kubernetes issue: kubernetes/kubernetes#70304

@bgilbert

This comment has been minimized.

Member

bgilbert commented Oct 27, 2018

I've added a compatibility nf_conntrack_ipv4 module to the Container Linux kernel, which will be included in the next alpha release. Thanks for reporting!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment