How to install "bridge-nf-call-iptables" module (I.MX8M Plus:hardknott)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to install "bridge-nf-call-iptables" module (I.MX8M Plus:hardknott)

Jump to solution
4,851 Views
Yuki_S
Contributor II

I want to run k8s(kubernetes) on i.MX8M Plus.

(Yocto version:hardknott)

When I run following kubeadm join command on i.MX8M Plus terminal using minicom, I got following error.

root@k8snode-2:~# kubeadm join 192.168.100.111:6443 --token 7oeu6i.b4d5vtylksq4jpi0 --discovery-token-ca-cert-hash sha256:7cfdb2759c8f5521d0536959ca2ceab14d2afd17c64711c60c51e2319ba83d29
[preflight] Running pre-flight checks
[preflight] The system verification failed. Printing the output from the verification:
KERNEL_VERSION: 5.10.72-lts-5.10.y+gf87bab1ec500
CONFIG_NAMESPACES: enabled
CONFIG_NET_NS: enabled
CONFIG_PID_NS: enabled
CONFIG_IPC_NS: enabled
CONFIG_UTS_NS: enabled
CONFIG_CGROUPS: enabled
CONFIG_CGROUP_CPUACCT: enabled
CONFIG_CGROUP_DEVICE: enabled
CONFIG_CGROUP_FREEZER: enabled
CONFIG_CGROUP_SCHED: enabled
CONFIG_CPUSETS: enabled
CONFIG_MEMCG: enabled
CONFIG_INET: enabled
CONFIG_EXT4_FS: enabled
CONFIG_PROC_FS: enabled
CONFIG_IP_NF_TARGET_REDIRECT: not set
CONFIG_NETFILTER_XT_MATCH_COMMENT: not set
CONFIG_OVERLAY_FS: enabled (as module)
CONFIG_AUFS_FS: not set - Required for aufs.
CONFIG_BLK_DEV_DM: enabled (as module)
DOCKER_VERSION: v19.03.15-ce
DOCKER_GRAPH_DRIVER: overlay2
OS: Linux
CGROUPS_CPU: enabled
CGROUPS_CPUACCT: enabled
CGROUPS_CPUSET: enabled
CGROUPS_DEVICES: enabled
CGROUPS_FREEZER: enabled
CGROUPS_MEMORY: enabled
CGROUPS_PIDS: enabled
CGROUPS_HUGETLB: enabled
error execution phase preflight: [preflight] Some fatal errors occurred:
[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables does not exist
[ERROR FileExisting-conntrack]: conntrack not found in system path
[ERROR SystemVerification]: unexpected kernel config: CONFIG_IP_NF_TARGET_REDIRECT CONFIG_NETFILTER_XT_MATCH_COMMENT
[preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...`
To see the stack trace of this error execute with --v=5 or higher 

In the error "[ERROR FileContent--proc-sys-net-bridge-bridge-nf-call-iptables]: /proc/sys/net/bridge/bridge-nf-call-iptables does not exist", I think that this error is cleared if bridge-nf-call-iptables is installed.

But I don't know how to install bridge-nf-call-iptables...

Please let me know how to install bridge-nf-call-iptables.

Best regards.

Yuki_S

 

 

0 Kudos
Reply
1 Solution
4,838 Views
Zhiming_Liu
NXP TechSupport
NXP TechSupport

Hi @Yuki_S 

Try to add CONFIG_IP_NF_TARGET_REDIRECT and CONFIG_NETFILTER_XT_MATCH_COMMENT to kernel config file.

View solution in original post

4 Replies
4,839 Views
Zhiming_Liu
NXP TechSupport
NXP TechSupport

Hi @Yuki_S 

Try to add CONFIG_IP_NF_TARGET_REDIRECT and CONFIG_NETFILTER_XT_MATCH_COMMENT to kernel config file.

4,832 Views
Yuki_S
Contributor II

Hi, @Zhiming_Liu .

Thank you for your advice!!

When I try to add these parameters to Kernel config file, Is the method I do below correct?

I run command "bitbake linux-imx -c menuconfig",and I edit linux-imx-Configuration.

・CONFIG_IP_NF_TARGET_REDIRECT ⇒ <M> REDIRECT target support 

・CONFIG_NETFILTER_XT_MATCH_COMMENT⇒ <M>"comment" match support

Best regard.

Yuki_S

0 Kudos
Reply
4,812 Views
Zhiming_Liu
NXP TechSupport
NXP TechSupport

Yes,

0 Kudos
Reply
4,798 Views
Yuki_S
Contributor II

Thank you for your reply.

Thanks to you I was able to solve this problem!

Tags (1)
0 Kudos
Reply