Skip to content

Commit 2004053

Browse files
rayaisaiahrayaisaiah
committed
added bootup logs back
1 parent a373499 commit 2004053

File tree

1 file changed

+19
-0
lines changed

1 file changed

+19
-0
lines changed

npm/pkg/dataplane/policies/chain-management_linux.go

+19
Original file line numberDiff line numberDiff line change
@@ -186,6 +186,8 @@ TODO: could use one grep call instead of separate calls for getting jump line nu
186186
- would use a grep pattern like so: <line num...AZURE-NPM>|<Chain AZURE-NPM>
187187
*/
188188
func (pMgr *PolicyManager) bootup(_ []string) error {
189+
klog.Infof("booting up iptables Azure chains")
190+
189191
// 0.1. Detect iptables version
190192
if err := pMgr.detectIptablesVersion(); err != nil {
191193
return npmerrors.SimpleErrorWrapper("failed to detect iptables version", err)
@@ -212,6 +214,7 @@ func (pMgr *PolicyManager) bootupAfterDetectAndCleanup() error {
212214
// 1. delete the deprecated jump to AZURE-NPM
213215
deprecatedErrCode, deprecatedErr := pMgr.ignoreErrorsAndRunIPTablesCommand(removeDeprecatedJumpIgnoredErrors, util.IptablesDeletionFlag, deprecatedJumpFromForwardToAzureChainArgs...)
214216
if deprecatedErrCode == 0 {
217+
klog.Infof("deleted deprecated jump rule from FORWARD chain to AZURE-NPM chain")
215218
} else if deprecatedErr != nil {
216219
metrics.SendErrorLogAndMetric(util.IptmID,
217220
"failed to delete deprecated jump rule from FORWARD chain to AZURE-NPM chain for unexpected reason with exit code %d and error: %s",
@@ -223,6 +226,8 @@ func (pMgr *PolicyManager) bootupAfterDetectAndCleanup() error {
223226
return npmerrors.SimpleErrorWrapper("failed to get current chains for bootup", err)
224227
}
225228

229+
klog.Infof("found %d current chains in the default iptables", len(currentChains))
230+
226231
// 2. cleanup old NPM chains, and configure base chains and their rules.
227232
creator := pMgr.creatorForBootup(currentChains)
228233
if err := restore(creator); err != nil {
@@ -245,11 +250,13 @@ func (pMgr *PolicyManager) bootupAfterDetectAndCleanup() error {
245250
// kube-proxy creates an iptables chain as a hint for which version it uses.
246251
// For more details, see: https://kubernetes.io/blog/2022/09/07/iptables-chains-not-api/#use-case-iptables-mode
247252
func (pMgr *PolicyManager) detectIptablesVersion() error {
253+
klog.Info("first attempt detecting iptables version. looking for hint/canary chain in iptables-nft")
248254
if pMgr.hintOrCanaryChainExist(util.IptablesNft) {
249255
util.SetIptablesToNft()
250256
return nil
251257
}
252258

259+
klog.Info("second attempt detecting iptables version. looking for hint/canary chain in iptables-legacy")
253260
if pMgr.hintOrCanaryChainExist(util.IptablesLegacy) {
254261
util.SetIptablesToLegacy()
255262
return nil
@@ -291,15 +298,19 @@ func (pMgr *PolicyManager) hintOrCanaryChainExist(iptablesCmd string) bool {
291298
func (pMgr *PolicyManager) cleanupOtherIptables() error {
292299
hadNFT := util.Iptables == util.IptablesNft
293300
if hadNFT {
301+
klog.Info("detected nft iptables. cleaning up legacy iptables")
294302
util.SetIptablesToLegacy()
295303
} else {
304+
klog.Info("detected legacy iptables. cleaning up nft iptables")
296305
util.SetIptablesToNft()
297306
}
298307

299308
defer func() {
300309
if hadNFT {
310+
klog.Info("cleaned up legacy iptables")
301311
util.SetIptablesToNft()
302312
} else {
313+
klog.Info("cleaned up nft tables")
303314
util.SetIptablesToLegacy()
304315
}
305316
}()
@@ -309,6 +320,7 @@ func (pMgr *PolicyManager) cleanupOtherIptables() error {
309320
// 1.1. delete the deprecated jump to AZURE-NPM
310321
errCode, err := pMgr.ignoreErrorsAndRunIPTablesCommand(removeDeprecatedJumpIgnoredErrors, util.IptablesDeletionFlag, deprecatedJumpFromForwardToAzureChainArgs...)
311322
if errCode == 0 {
323+
klog.Infof("[cleanup] deleted deprecated jump rule from FORWARD chain to AZURE-NPM chain")
312324
deletedJumpRule = true
313325
} else if err != nil {
314326
metrics.SendErrorLogAndMetric(util.IptmID,
@@ -320,6 +332,7 @@ func (pMgr *PolicyManager) cleanupOtherIptables() error {
320332
errCode, err = pMgr.ignoreErrorsAndRunIPTablesCommand(removeDeprecatedJumpIgnoredErrors, util.IptablesDeletionFlag, jumpFromForwardToAzureChainArgs...)
321333
if errCode == 0 {
322334
deletedJumpRule = true
335+
klog.Infof("[cleanup] deleted jump rule from FORWARD chain to AZURE-NPM chain")
323336
} else if err != nil {
324337
metrics.SendErrorLogAndMetric(util.IptmID,
325338
"[cleanup] failed to delete jump rule from FORWARD chain to AZURE-NPM chain for unexpected reason with exit code %d and error: %s",
@@ -333,9 +346,12 @@ func (pMgr *PolicyManager) cleanupOtherIptables() error {
333346
}
334347

335348
if len(currentChains) == 0 {
349+
klog.Info("no chains to cleanup")
336350
return nil
337351
}
338352

353+
klog.Infof("[cleanup] %d chains to clean up", len(currentChains))
354+
339355
// 3.1. try to flush all chains at once
340356
chains := make([]string, 0, len(currentChains))
341357
_, hasAzureChain := currentChains[util.IptablesAzureChain]
@@ -453,6 +469,7 @@ func (pMgr *PolicyManager) reconcile() {
453469
return
454470
}
455471

472+
klog.Infof("cleaning up these stale chains: %+v", staleChains)
456473
if err := pMgr.cleanupChains(staleChains); err != nil {
457474
msg := fmt.Sprintf("failed to clean up old policy chains with the following error: %s", err.Error())
458475
metrics.SendErrorLogAndMetric(util.IptmID, "error: %s", msg)
@@ -503,6 +520,8 @@ func (pMgr *PolicyManager) ignoreErrorsAndRunIPTablesCommand(ignored []*exitErro
503520
allArgs := []string{util.IptablesWaitFlag, util.IptablesDefaultWaitTime, operationFlag}
504521
allArgs = append(allArgs, args...)
505522

523+
klog.Infof("executing iptables command [%s] with args %v", util.Iptables, allArgs)
524+
506525
command := pMgr.ioShim.Exec.Command(util.Iptables, allArgs...)
507526
output, err := command.CombinedOutput()
508527

0 commit comments

Comments
 (0)