Skip to content

Issue on policy import #2415

Closed
Closed
Issue on policy import#2415
Assignees
eloycoto
Labels
area/CIContinuous Integration testing issue or flakekind/bugThis is a bug in the Cilium logic.
@eloycoto

Description

@eloycoto
eloycoto
opened on Jan 2, 2018

In Ginkgo Build 745 we had the following problem, the cilium-agent restarted and the build failed:

Jan 02 10:28:33 runtime cilium-agent[3449]: time="2018-01-02T10:28:33Z" level=debug msg="L4 Policy matches" PolicyID.L4=329 identityLabels="[container:id.app1]"
Jan 02 10:28:33 runtime cilium-agent[3449]: time="2018-01-02T10:28:33Z" level=warning msg="Update of l4 policy map failed" containerID=f6c34d05e43b5485750a808de2136ed52f20d71d7b79481e0285c6c901ee9f7b endpointID=29381 error="Unable to update element: invalid argument" policyRevision=13
Jan 02 10:28:33 runtime cilium-agent[3449]: time="2018-01-02T10:28:33Z" level=fatal msg="L4 Policy application failed" containerID=f6c34d05e43b5485750a808de2136ed52f20d71d7b79481e0285c6c901ee9f7b endpointID=29381 policyRevision=13
Jan 02 10:28:33 runtime systemd[1]: cilium.service: Main process exited, code=exited, status=1/FAILURE
Jan 02 10:28:33 runtime cilium-agent[3449]: time="2018-01-02T10:28:33Z" level=info msg="shutdown initiated"
Jan 02 10:28:33 runtime cilium-agent[3449]: time="2018-01-02T10:28:33Z" level=info msg="Stopped serving cilium health at unix:///var/run/cilium/health.sock"
Jan 02 10:28:33 runtime cilium-agent[3449]: time="2018-01-02T10:28:33Z" level=info msg="shutdown initiated"
Jan 02 10:28:33 runtime cilium-agent[3449]: time="2018-01-02T10:28:33Z" level=info msg="Stopped serving cilium health at http://[::]:4240"
Jan 02 10:28:33 runtime systemd[1]: cilium.service: Unit entered failed state.
Jan 02 10:28:33 runtime systemd[1]: cilium.service: Failed with result 'exit-code'.
Jan 02 10:28:33 runtime systemd[1]: cilium.service: Service hold-off time over, scheduling restart.
Jan 02 10:28:33 runtime systemd[1]: Stopped cilium.
-- Subject: Unit cilium.service has finished shutting down

The logs show that fails here:

cilium/pkg/endpoint/policy.go

Lines 345 to 355 in ea56d2e

e.cleanUnusedRedirects(owner, e.L4Policy.Ingress, c.L4Policy.Ingress)
e.cleanUnusedRedirects(owner, e.L4Policy.Egress, c.L4Policy.Egress)
}
l4Rm, l4Add, err = e.applyL4PolicyLocked(owner, labelsMap, e.L4Policy, c.L4Policy)
if err != nil {
// This should not happen, and we can't fail at this stage anyway.
e.getLogger().Fatal("L4 Policy application failed")
}
}
e.L4Policy = c.L4Policy // Reuse the common policy

Attached all server logs.

issue.tar.gz

Metadata

Metadata

Assignees

Labels

area/CIContinuous Integration testing issue or flakekind/bugThis is a bug in the Cilium logic.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions