Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

worker with latest docker image - iptables: create-instance-chains: iptables: No chain/target/match by that name #29

Open
avoidik opened this issue Nov 9, 2018 · 8 comments
Open

worker with latest docker image - iptables: create-instance-chains: iptables: No chain/target/match by that name #29

avoidik opened this issue Nov 9, 2018 · 8 comments

Comments

@avoidik
Copy link

avoidik commented Nov 9, 2018

hi,

could you please guide me how can I fix worker node issue inside the docker container? I'm always getting the following error

iptables: create-instance-chains: iptables: No chain/target/match by that name.

My configuration is here:
https://github.com/avoidik/compose_concourse/blob/master/docker-compose.yml
@avoidik
Copy link
Author

avoidik commented Nov 9, 2018
edited
Loading

it has failed on

{
  "timestamp": "1541758414.146682024",
  "source": "guardian",
  "message": "guardian.iptables-runner.command.failed",
  "log_level": 2,
  "data": {
    "argv": [
      "/worker-state/4.2.1/assets/iptables/sbin/iptables",
      "--wait",
      "--table",
      "nat",
      "-A",
      "w--prerouting",
      "--jump",
      "w--instance-pbd2incpuj9",
      "-m",
      "comment",
      "--comment",
      "cdc24ff9-ad25-4fc8-6443-5c5ae9317b35"
    ],
    "error": "exit status 1",
    "exit-status": 1,
    "session": "1.2",
    "stderr": "iptables: No chain/target/match by that name.\n",
    "stdout": "",
    "took": "2.687238ms"
  }
}

@avoidik
Copy link
Author

avoidik commented Nov 9, 2018

solved with docker downgrade

@avoidik avoidik closed this as completed Nov 9, 2018
@avoidik avoidik mentioned this issue Jan 28, 2019
Closed
@Kernald
Copy link

Kernald commented Mar 22, 2019

It's not really a fix though. I have the same issue, and I don't plan on downgrading my Docker install.

@avoidik
Copy link
Author

avoidik commented Mar 22, 2019

I agree, given the CVE-2019-5736 downgrade is not an option

@avoidik avoidik reopened this Mar 22, 2019
@NewJorg
Copy link

NewJorg commented May 21, 2020

Had the same problem and after some debugging I could fix it for me by building the netfilter comment match module on the host system.
Activating the following kernel option and compile the module
CONFIG_NETFILTER_XT_MATCH_COMMENT=m
So my problem was the -m comment. Hopefully it can help someone in the future

@avoidik
Copy link
Author

avoidik commented May 26, 2020

@NewJorg what OS, kernel version it was?

@NewJorg
Copy link

NewJorg commented May 29, 2020

@avoidik Gentoo and kernel version 5.4.38-gentoo

@trolleksii
Copy link

I had this issue with Concourse on Kubernetes installed with Helm chart. I was using Arch on the host with kernel 5.4.94-1-lts.
After some experimenting I found that changing worker runtime to containerd solves the issue. Here's excerpt from values.yaml I used:

concourse:
  worker:
    runtime: containerd

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Kernald @NewJorg @avoidik @trolleksii