Skip to content

Instantly share code, notes, and snippets.

@spikecurtis

spikecurtis/gist:c33af8fa088e495185f8

Created July 14, 2015 16:36
Show Gist options
  • Save spikecurtis/c33af8fa088e495185f8 to your computer and use it in GitHub Desktop.
Save spikecurtis/c33af8fa088e495185f8 to your computer and use it in GitHub Desktop.
Download ZIP
iptables-restore failed
Raw
gistfile1.txt
2015-07-14 16:32:42,099 [ERROR][90/5] calico.felix.fiptables 393: Non-retryable iptables-restore failure. RC=2
2015-07-14 16:32:42,099 [DEBUG][90/5] calico.felix.fiptables 419: Batch time: 0.01 1
2015-07-14 16:32:42,100 [DEBUG][90/2] calico.felix.actor 494: BLOCKING CALL COMPLETE: [9a750589043a] frules.py:156:install_global_rules -> rewrite_chains = FailedSystemCall('iptables-restore', '--noflush', '--verbose')
2015-07-14 16:32:42,100 [ERROR][90/2] calico.felix.felix 186: Exception killing main greenlet
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/calico/felix/felix.py", line 150, in _main_greenlet
v4_nat_updater)
File "/usr/local/lib/python2.7/dist-packages/calico/felix/frules.py", line 156, in install_global_rules
async=False)
File "/usr/local/lib/python2.7/dist-packages/calico/felix/actor.py", line 486, in queue_fn
blocking_result = result.get()
File "/usr/local/lib/python2.7/dist-packages/calico/felix/actor.py", line 596, in get
timeout=timeout)
File "/usr/local/lib/python2.7/dist-packages/gevent/event.py", line 242, in get
raise self._exception
FailedSystemCall: Failed system call (retcode : 2, args : ('iptables-restore', '--noflush', '--verbose'))
stdout :
stderr : iptables-restore v1.4.21: Set felix-calico-hosts-4 doesn't exist.
Error occurred at line: 11
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
input : *filter
:felix-FROM-ENDPOINT -
:felix-TO-ENDPOINT -
:felix-INPUT -
:felix-FORWARD -
--flush felix-FROM-ENDPOINT
--append felix-FROM-ENDPOINT --jump DROP -m comment --comment "WARNING Missing chain DROP:"
--flush felix-TO-ENDPOINT
--append felix-TO-ENDPOINT --jump DROP -m comment --comment "WARNING Missing chain DROP:"
--flush felix-INPUT
--append felix-INPUT --protocol ipencap --match set ! --match-set felix-calico-hosts-4 src --jump DROP
--append felix-INPUT ! --in-interface cali+ --jump RETURN
--append felix-INPUT --match conntrack --ctstate INVALID --jump DROP
--append felix-INPUT --match conntrack --ctstate RELATED,ESTABLISHED --jump ACCEPT
--append felix-INPUT --protocol udp --sport 68 --dport 67 --jump ACCEPT
--append felix-INPUT --protocol udp --dport 53 --jump ACCEPT
--append felix-INPUT --jump DROP
--flush felix-FORWARD
--append felix-FORWARD --in-interface cali+ --match conntrack --ctstate INVALID --jump DROP
--append felix-FORWARD --out-interface cali+ --match conntrack --ctstate INVALID --jump DROP
--append felix-FORWARD --in-interface cali+ --match conntrack --ctstate RELATED,ESTABLISHED --jump RETURN
--append felix-FORWARD --out-interface cali+ --match conntrack --ctstate RELATED,ESTABLISHED --jump RETURN
--append felix-FORWARD --jump felix-FROM-ENDPOINT --in-interface cali+
--append felix-FORWARD --jump felix-TO-ENDPOINT --out-interface cali+
--append felix-FORWARD --jump ACCEPT --in-interface cali+
--append felix-FORWARD --jump ACCEPT --out-interface cali+
COMMIT
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/gevent/greenlet.py", line 327, in run
result = self._run(*self.args, **self.kwargs)
File "/usr/local/lib/python2.7/dist-packages/calico/felix/felix.py", line 150, in _main_greenlet
v4_nat_updater)
File "/usr/local/lib/python2.7/dist-packages/calico/felix/frules.py", line 156, in install_global_rules
async=False)
File "/usr/local/lib/python2.7/dist-packages/calico/felix/actor.py", line 486, in queue_fn
blocking_result = result.get()
File "/usr/local/lib/python2.7/dist-packages/calico/felix/actor.py", line 596, in get
timeout=timeout)
File "/usr/local/lib/python2.7/dist-packages/gevent/event.py", line 242, in get
raise self._exception
FailedSystemCall: Failed system call (retcode : 2, args : ('iptables-restore', '--noflush', '--verbose'))
stdout :
stderr : iptables-restore v1.4.21: Set felix-calico-hosts-4 doesn't exist.
Error occurred at line: 11
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
input : *filter
:felix-FROM-ENDPOINT -
:felix-TO-ENDPOINT -
:felix-INPUT -
:felix-FORWARD -
--flush felix-FROM-ENDPOINT
--append felix-FROM-ENDPOINT --jump DROP -m comment --comment "WARNING Missing chain DROP:"
--flush felix-TO-ENDPOINT
--append felix-TO-ENDPOINT --jump DROP -m comment --comment "WARNING Missing chain DROP:"
--flush felix-INPUT
--append felix-INPUT --protocol ipencap --match set ! --match-set felix-calico-hosts-4 src --jump DROP
--append felix-INPUT ! --in-interface cali+ --jump RETURN
--append felix-INPUT --match conntrack --ctstate INVALID --jump DROP
--append felix-INPUT --match conntrack --ctstate RELATED,ESTABLISHED --jump ACCEPT
--append felix-INPUT --protocol udp --sport 68 --dport 67 --jump ACCEPT
--append felix-INPUT --protocol udp --dport 53 --jump ACCEPT
--append felix-INPUT --jump DROP
--flush felix-FORWARD
--append felix-FORWARD --in-interface cali+ --match conntrack --ctstate INVALID --jump DROP
--append felix-FORWARD --out-interface cali+ --match conntrack --ctstate INVALID --jump DROP
--append felix-FORWARD --in-interface cali+ --match conntrack --ctstate RELATED,ESTABLISHED --jump RETURN
--append felix-FORWARD --out-interface cali+ --match conntrack --ctstate RELATED,ESTABLISHED --jump RETURN
--append felix-FORWARD --jump felix-FROM-ENDPOINT --in-interface cali+
--append felix-FORWARD --jump felix-TO-ENDPOINT --out-interface cali+
--append felix-FORWARD --jump ACCEPT --in-interface cali+
--append felix-FORWARD --jump ACCEPT --out-interface cali+
COMMIT
<Greenlet at 0x7f214bb47b90: _main_greenlet(<calico.felix.config.Config object at 0x7f214b8c39)> failed with FailedSystemCall
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment