sudo calicoctl ... with Environment Variables
If you use
sudo for commands like
calicoctl node run, remember that your environment
variables will not be transferred to the
sudo environment. You can run
-E flag to include your environment variables:
sudo -E calicoctl node run
or you can set environment variables for
sudo commands like this:
sudo ETCD_ENDPOINTS=http://172.25.0.1:2379 calicoctl node run
Also be aware that connection information can be specified as a config file rather than using environment variables. See the Calicoctl Configuration Overview guide for details.
Ubuntu (or GNOME) NetworkManager
Disable NetworkManager before attempting to use Calico networking.
NetworkManager manipulates the routing table for interfaces in the default network namespace where Calico veth pairs are anchored for connections to containers. This can interfere with the Calico agent’s ability to route correctly.
You can configure interfaces in the
/etc/network/interfaces file if the
NetworkManager removes your host’s interfaces. See the Debian
guide for more information.
etcd.EtcdException: No more machines in the cluster
If you see this exception, it means
calicoctl can’t communicate with your etcd
cluster. Ensure etcd is up and listening on
No ping between containers on different hosts
If you have connectivity between containers on the same host, and between containers and the Internet, but not between containers on different hosts, it probably indicates a problem in the BIRD setup.
calicoctl node status on each host. It should include output like this:
Calico process is running. IPv4 BGP status +--------------+-------------------+-------+----------+-------------+ | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO | +--------------+-------------------+-------+----------+-------------+ | 172.17.8.102 | node-to-node mesh | up | 23:30:04 | Established | +--------------+-------------------+-------+----------+-------------+ IPv6 BGP status No IPv6 peers found.
If you do not see this, please check the following.
Can your hosts ping each other? There must be IP connectivity between the hosts.
Your hosts’ names must be different. Calico uses hostname as a key in the etcd data, and the etcd data is used to autogenerate the correct BIRD config - so a duplicate hostname will prevent correct BIRD setup.
There must not be iptables rules, or any kind of firewall, preventing communication between the hosts on TCP port 179. (179 is the BGP port.)
ip route shows what routes have been programmed. Routes from other hosts
should show that they are programmed by bird.
If your hosts reboot themselves with a message from
locksmithd your cached CoreOS Container Linux
image is out of date. Use
vagrant box update to pull the new version. I
recommend doing a
vagrant destroy; vagrant up to start from a clean slate afterwards.
If you hit issues, please raise tickets. Diags can be collected with the
calicoctl node diags command. This should be run with superuser privileges,
sudo calicoctl node diags