7.7. Troubleshooting the K3s Configuration Checker

This section provides troubleshooting information for the optional Checking the K3s Configuration phase of Running the LOCKSS Installer.

After installing K3s 2, you may optionally run the K3s configuration checker k3s check-config 3. This configuration checker runs through a more extensive series of tests, covering "required", "generally necessary", and "optional" system aspects needed by K3s.

Some failures, especially in "optional" aspects, may not actually prevent the cluster from working normally, in the limited ways the LOCKSS system uses Kubernetes. Some of the error messages you might encounter are documented below, but you may need to refer to the official K3s documentation or use a search engine to look up the specific error message.

7.7.1. iptables should be older than v1.8.0, newer than v1.8.3, or in legacy mode

In some instances, you may encounter an error message similar to the following:

/usr/sbin iptables v1.8.2 (nf_tables): should be older than v1.8.0, newer than v1.8.3, or in legacy mode (fail)

In previous versions of K3s, this error message was also sometimes phrased as should be older than v1.8.0 or in legacy mode.

The install-lockss script should detect this situation and offer to switch iptables to legacy mode via Alternatives (see Troubleshooting iptables). If the error above occurs:

7.7.2. User namespaces disabled

In the RHEL 7 family of operating systems (CentOS 7, EuroLinux 7, Scientific Linux 7...), you may receive the following error message:

RHEL7/CentOS7: User namespaces disabled; add 'user_namespace.enable=1' to boot command line (fail)

To resolve this issue 5:

  1. Edit the file /etc/default/grub as root 7.

    1. Look for the line beginning with GRUB_CMDLINE_LINUX=, for example:

      GRUB_CMDLINE_LINUX="no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop crashkernel=auto"
      
    2. Add user_namespace.enable=1 to the space-separated list of boot arguments, for instance:

      GRUB_CMDLINE_LINUX="user_namespace.enable=1 no_timer_check console=tty0 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 elevator=noop crashkernel=auto"
      
  2. Run the following command as root:

    grub2-mkconfig -o /boot/grub2/grub.cfg
    
  3. Reboot the system.

  4. Re-run k3s check-config 3.

7.7.3. apparmor enabled but apparmor_parser missing

In some OpenSUSE systems, you may receive the following error:

apparmor: enabled, but apparmor_parser missing (fail)

This is because a common tool found in most Linux environments is not installed by default in some OpenSUSE versions.

To resolve this issue, run these zypper commands as root 7:

zypper refresh

zypper --non-interactive install apparmor-parser

or equivalently:

zypper refresh

zypper -n install apparmor-parser

7.7.4. cgroup hierarchy nonexistent

In some Arch Linux, Debian and Fedora systems, you may see the following error message:

cgroup hierarchy: nonexistent?? (fail)

K3s supports cgroup2 but k3s check-config version 1.21.5+k3s1 (used in LOCKSS 2.0-alpha5) does not process this condition correctly. This warning can be ignored.

7.7.6. swap should be disabled

This warning can be ignored:

swap: should be disabled

7.7.7. CONFIG_INET_XFRM_MODE_TRANSPORT missing

This warning can be ignored:

CONFIG_INET_XFRM_MODE_TRANSPORT: missing

Footnotes

1

See Running the LOCKSS Installer.

2

See Installing K3s.

3

See Checking the K3s Configuration.

4

References:

5

References:

6

Reference:

7

See Running Commands as root.