From 54da8eed8adbb72a5e8748628ba03101553b2c97 Mon Sep 17 00:00:00 2001 From: Antonin Bas Date: Thu, 25 Jun 2020 18:55:43 -0700 Subject: [PATCH] Update go-iptables library version From 0.4.1 to 0.4.5. In version 0.4.1, no error is returned by go-iptables when running `iptables --version` or parsing its ouput fails (during initialization). This leads to the library not being able to correctly detect whether the iptables version supports `--wait`, which ultimately can lead to a deadlock for the Antrea agent. See https://github.com/coreos/go-iptables/pull/69. By updating the go-iptables version, we ensure that any such error will be returned to Antrea, logged, and cause the Antrea agent to fail and eventually restart. It is unclear what can cause iptables version detection to fail but because of the added logging, we will have a better shot at getting to the root cause if it happens in production again. Fixes #871 --- cmd/antrea-agent/agent.go | 3 +++ go.mod | 2 +- go.sum | 2 ++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/cmd/antrea-agent/agent.go b/cmd/antrea-agent/agent.go index 521b0a09599..6d93f85529d 100644 --- a/cmd/antrea-agent/agent.go +++ b/cmd/antrea-agent/agent.go @@ -90,6 +90,9 @@ func run(o *Options) error { EnableIPSecTunnel: o.config.EnableIPSecTunnel} routeClient, err := route.NewClient(o.config.HostGateway, serviceCIDRNet, encapMode) + if err != nil { + return fmt.Errorf("error creating route client: %v", err) + } // Create an ifaceStore that caches network interfaces managed by this node. ifaceStore := interfacestore.NewInterfaceStore() diff --git a/go.mod b/go.mod index d23b2444f95..6d93cb83294 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/containernetworking/plugins v0.8.2-0.20190724153215-ded2f1757770 github.com/contiv/libOpenflow v0.0.0-20200424005919-3a6722c98962 github.com/contiv/ofnet v0.0.0-00010101000000-000000000000 - github.com/coreos/go-iptables v0.4.1 + github.com/coreos/go-iptables v0.4.5 github.com/davecgh/go-spew v1.1.1 github.com/elazarl/goproxy v0.0.0-20190911111923-ecfe977594f1 // indirect github.com/evanphx/json-patch v4.5.0+incompatible // indirect diff --git a/go.sum b/go.sum index 0bbea41c18f..aa4f8a8ecb4 100644 --- a/go.sum +++ b/go.sum @@ -80,6 +80,8 @@ github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-iptables v0.4.1 h1:TyEMaK2xD/EcB0385QcvX/OvI2XI7s4SJEI2EhZFfEU= github.com/coreos/go-iptables v0.4.1/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= +github.com/coreos/go-iptables v0.4.5 h1:DpHb9vJrZQEFMcVLFKAAGMUVX0XoRC0ptCthinRYm38= +github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=