Installing Felix as a static binary
These instructions will take you through a first-time install of Calico’s per-host daemon, Felix, starting with the calico-felix binary. These instructions apply to Calico v2.1.0 and above. Older versions were packaged differently.
This install process is most suited to bare-metal-only installations where Felix is to be used to control policy for the host’s interfaces. For OpenStack and containers there are additional daemons that need to be installed, which are not covered here.
Felix has the following pre-requisites:
- For IPv4 support, Linux kernel v2.6.32 is required. We have tested
against v2.6.32-573+. Note: if you intend to run containers, Docker
requires kernel >=v3.10. The kernel’s version can be checked with
- For IPv6 support, Linux kernel 3.10+ is required (due to the lack of reverse path filtering for IPv6 in older versions).
- conntrack-tools; in
conntrackcommand must be available. We test against >=v1.4.1. To check the version, run
for IPv6 support, the
ip6tablescommand must be available. We test against >=v1.4.7. To check the version, run
- ipset; we test against >=v6.11. To
check the version, run
- The conntrack, iptables and ipsets kernel modules must be available (or compiled-in).
- An etcd cluster that
supports the etcdv2 protocol. We recommend running the latest
stable release of etcd v3.x. To check the version, run
If any of the commands above fail when run with the
--versionflag then you have an old version that doesn’t support reporting its version.
Download and install the binary
The calico-felix binary is distributed via the Github releases page. Download the calico-felix attachment to your system, then make it executable and move it to a location on your path, for example:
curl -o calico-felix <URL of binary> chmod +x calico-felix sudo cp calico-felix /usr/local/bin
Create a start-up script
Felix should be started at boot by your init system and the init system must be configured to restart Felix if it stops. Felix relies on that behaviour for certain configuration changes.
If your distribution uses systemd, then you could use the following unit file:
[Unit] Description=Calico Felix agent After=syslog.target network.target [Service] User=root ExecStartPre=/usr/bin/mkdir -p /var/run/calico ExecStart=/usr/local/bin/calico-felix KillMode=process Restart=on-failure LimitNOFILE=32000 [Install] WantedBy=multi-user.target
Or, for upstart:
description "Felix (Calico agent)" author "Project Calico Maintainers <email@example.com>" start on stopped rc RUNLEVEL= stop on runlevel [!2345] limit nofile 32000 32000 respawn respawn limit 5 10 chdir /var/run pre-start script mkdir -p /var/run/calico chown root:root /var/run/calico end script exec /usr/local/bin/calico-felix
Optionally, you can create a file at
configure Felix. The configuration file as well as other options for
configuring felix (including environment variables) are described in
If etcd is not running on the local machine, it’s essential to configure
EtcdEndpoints setting to tell Felix how to reach
Felix tries to detect whether IPv6 is available on your platform but
the detection can fail on older (or more unusual) systems. If Felix
exits soon after startup with
iptables errors try
Ipv6Support setting to
Once you’ve configured Felix, start it up via your init system.
For systemd, with the above unit file installed, you could run:
systemctl start calico-felix
Running Felix manually
For debugging, it’s sometimes useful to run Felix manually and tell it to emit its logs to screen. You can do that with the following command: