Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable CONFIG_PROC_CHILDREN for amd64 kernel #8986

Closed
jdmarble opened this issue Jul 7, 2024 · 0 comments · Fixed by siderolabs/pkgs#987
Closed

Enable CONFIG_PROC_CHILDREN for amd64 kernel #8986

jdmarble opened this issue Jul 7, 2024 · 0 comments · Fixed by siderolabs/pkgs#987

Comments

@jdmarble
Copy link

jdmarble commented Jul 7, 2024

Bug Report

Nginx Gateway Fabric depends on the /proc/.../task/.../children to find the Nginx worker processes to restart after a configuration reload. It doesn't work on Talos because the CONFIG_PROC_CHILDREN kernel option is not enabled for Talos's amd64 kernel. I filed this as a bug instead of a feature request because it is enabled on Talos's arm64 kernel. I assume that it is an oversight in one direction or another: it should be the same on both architectures.

Description

I'm not a security or Linux kernel expert, but I couldn't find a reason to leave that option disabled after searching around. I did find a similar issue for Minikube's VirtualBox kernel. The PR that closed that issue has some more discussion.

https://www.kernelconfig.io/config_proc_children

Logs

This is the relevant log line from the nginx-gateway container:

{"level":"error","ts":"2024-07-07T04:41:09Z","logger":"eventLoop.eventHandler","msg":"Failed to update NGINX configuration","batchID":1,"error":"failed to reload NGINX: open /proc/21/task/21/children: no such file or directory","stacktrace":"github.com/nginxinc/nginx-gateway-fabric/internal/mode/static.(*eventHandlerImpl).HandleEventBatch\n\t/home/runner/work/nginx-gateway-fabric/nginx-gateway-fabric/internal/mode/static/handler.go:223\ngithub.com/nginxinc/nginx-gateway-fabric/internal/framework/events.(*EventLoop).Start.func1.1\n\t/home/runner/work/nginx-gateway-fabric/nginx-gateway-fabric/internal/framework/events/loop.go:74"}

Environment

  • Talos version: [talosctl version --nodes <problematic nodes>]
Client:
	Tag:         v1.7.5
	SHA:         47731624
	Built:
	Go version:  go1.22.4
	OS/Arch:     darwin/amd64
Server:
	NODE:       XXX
	Tag:         v1.7.5
	SHA:         47731624
	Built:
	Go version:  go1.22.4
	OS/Arch:     linux/amd64
	Enabled:     RBAC
  • Kubernetes version: [kubectl version --short]
Client Version: v1.30.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.30.1
  • Platform:
    Metal on AMD64 CPUs.
@smira smira mentioned this issue Jul 8, 2024
Merged
smira added a commit to smira/pkgs that referenced this issue Aug 5, 2024
@smira
fix: enable CONFIG_PROC_CHILDREN for amd64 kernel
a302e94 
Fixes siderolabs/talos#8986

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit 60a91b2)
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 11, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: enable CONFIG_PROC_CHILDREN for amd64 kernel smira/pkgs
1 participant
@jdmarble