search

metal-stack / firewall-controller

A kubernetes controller running on bare-metal firewalls, creating nftables rules, configures suricata, collects network metrics
MIT License
47 stars 4 forks source link

auto-update not working across filesystems #91

Closed mwennrich closed 3 years ago

mwennrich commented 3 years ago 
May 28 14:56:43 shoot--pq7kt8--durosint0-firewall-e4e50 ip[897]: 2021-05-28T14:56:43.201+0200        INFO        controllers.Firewall        reconciling firewall-controller        {"firewall": "firewall/firewall"}
May 28 14:56:43 shoot--pq7kt8--durosint0-firewall-e4e50 ip[897]: 2021-05-28T14:56:43.201+0200        DEBUG        controller-runtime.manager.events        Normal        {"object": {"kind":"Firewall","namespace":"firewall","name":"firewall","uid":"dcadec43-7af7-4635-a061-a03c5bffe82b","apiVersion":"metal-stack.io/v1","resourceVersion":"774589"}, "reason": "Self-Reconcilation", "message": "replacing firewall-controller version v1.0.0 with version v1.0.8"}
May 28 14:56:43 shoot--pq7kt8--durosint0-firewall-e4e50 ip[897]: 2021-05-28T14:56:43.564+0200        ERROR        controller        Reconciler error        {"reconcilerGroup": "metal-stack.io", "reconcilerKind": "Firewall", "controller": "firewall", "name": "firewall", "namespace": "firewall", "error": "could not replace firewall-controller with version v1.0.8, err: rename /var/tmp/firewall-controller510281648 /usr/local/bin/firewall-controller: invalid cross-device link"}
mwennrich commented 3 years ago

Possible solution: create the TempFile in /usr/local/bin

mwennrich commented 3 years ago

same issue also with other files:

rename /var/tmp/frr.conf858997763 /etc/frr/frr.conf: invalid cross-device link
majst01 commented 3 years ago

This is only with newer firewalls created with with mep-8, right ?

mwennrich commented 3 years ago

This is only with newer firewalls created with with mep-8, right ?

Yes

majst01 commented 3 years ago

Still:

firewall         0s          Warning   Error                          firewall/firewall                                       (combined from similar events): 2 errors occurred:
                 * rename /var/tmp/firewall-controller_nftables.v4891800078 /etc/nftables/firewall-controller.v4: invalid cross-device link
                 * error during network reconcilation: /var/tmp/frr.conf445395477: rename /var/tmp/frr.conf445395477 /etc/frr/frr.conf: invalid cross-device link

Firewall CR still reports: Controller Version: v1.0.5

mwennrich commented 3 years ago

v1.0.5 still has old update-code. Only version >= v1.0.9 can update across filesystems.

majst01 commented 3 years ago

this was due to the downgrade still present in the gepm which was fix just now.