Skip to content

Commit

Permalink
Update go-iptables library version
Browse files Browse the repository at this point in the history
From 0.4.1 to 0.4.5.
In version 0.4.1, no error is returned by go-iptables when running
`iptables --version` or parsing its ouput fails (during
initialization). This leads to the library not being able to correctly
detect whether the iptables version supports `--wait`, which ultimately
can lead to a deadlock for the Antrea agent.

See coreos/go-iptables#69.

By updating the go-iptables version, we ensure that any such error will
be returned to Antrea, logged, and cause the Antrea agent to fail and
eventually restart.

It is unclear what can cause iptables version detection to fail but
because of the added logging, we will have a better shot at getting to
the root cause if it happens in production again.

Fixes #871
  • Loading branch information
antoninbas committed Jun 26, 2020
1 parent aafd76e commit 54da8ee
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 1 deletion.
3 changes: 3 additions & 0 deletions cmd/antrea-agent/agent.go
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,9 @@ func run(o *Options) error {
EnableIPSecTunnel: o.config.EnableIPSecTunnel}

routeClient, err := route.NewClient(o.config.HostGateway, serviceCIDRNet, encapMode)
if err != nil {
return fmt.Errorf("error creating route client: %v", err)
}

// Create an ifaceStore that caches network interfaces managed by this node.
ifaceStore := interfacestore.NewInterfaceStore()
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ require (
github.com/containernetworking/plugins v0.8.2-0.20190724153215-ded2f1757770
github.com/contiv/libOpenflow v0.0.0-20200424005919-3a6722c98962
github.com/contiv/ofnet v0.0.0-00010101000000-000000000000
github.com/coreos/go-iptables v0.4.1
github.com/coreos/go-iptables v0.4.5
github.com/davecgh/go-spew v1.1.1
github.com/elazarl/goproxy v0.0.0-20190911111923-ecfe977594f1 // indirect
github.com/evanphx/json-patch v4.5.0+incompatible // indirect
Expand Down
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,8 @@ github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
github.com/coreos/go-iptables v0.4.1 h1:TyEMaK2xD/EcB0385QcvX/OvI2XI7s4SJEI2EhZFfEU=
github.com/coreos/go-iptables v0.4.1/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
github.com/coreos/go-iptables v0.4.5 h1:DpHb9vJrZQEFMcVLFKAAGMUVX0XoRC0ptCthinRYm38=
github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=
Expand Down

0 comments on commit 54da8ee

Please sign in to comment.