[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: iptables-restore errors



Forgot to include the first lines of the /etc/sysconfig/iptables file:

# Generated by iptables-save v1.4.21 on Mon Feb 27 14:08:07 2017
*nat
:PREROUTING ACCEPT [9:6752]
:INPUT ACCEPT [9:6752]
:OUTPUT ACCEPT [6:679]
:POSTROUTING ACCEPT [6:679]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT


On 2017-02-27 17:48, Andre Esser wrote:
Hi,

We see occasional iptables-restore errors like the one below on our
Origin 1.4.1 nodes, Ansible installation.

Feb 27 17:03:37 node-03 origin-node: I0227 17:03:37.539699 11100
docker_manager.go:1546] Container
"2849f858215c0d7416fb8cecd432647b18297dc539bbff24f2d03863f8e59164
network-diag-ns-5b55b/network-diag-test-pod-667w3" exited after
308.467972ms

Feb 27 17:03:37 node-03 origin-node: E0227 17:03:37.539837 11100
pod_workers.go:184] Error syncing pod
ad04f060-fd0e-11e6-9ceb-42010aa81066, skipping: failed to
"SetupNetwork" for "network-diag-test-pod-667w3_network-diag-ns-5b55b"
with SetupNetworkError: "Failed to setup network for pod \"network-
diag-test-pod-667w3_network-diag-ns-5b55b(ad04f060-fd0e-11e6-9ceb-
42010aa81066)\" using network plugins \"cni\": CNI request failed with
status 400: 'Failed to execute iptables-restore: exit status 1
(iptables-restore: line 3 failed\n)\n'; Skipping pod"

Feb 27 17:03:37 node-03 origin-node: I0227 17:03:37.579418   11100
proxier.go:431] Adding new service "network-diag-ns-mn1e5/network-
diag-test-service-kb6lb:" at 10.168.81.30:9876/TCP


Running

  iptables-restore < /etc/sysconfig/iptables

manually always succeeds.

We have noticed occasional spurious connectivity problems between pods,
but the times to coincide with the iptables-restore error messages, so
this may not be related.


Is anyone else seeing these errors?

Andre


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]