LoginSignup
4
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

@yomon8(大友 佑介)in株式会社BeeX

EKSのバージョンを上げたらFalcoが「error opening device /host/dev/falco0」で動かなくなった

Last updated at Posted at 2021-03-19

EKS Version 18で動いていたFalcoと同様の定義を、EKS Version 19で動かしたら CrashLoopBackOff のエラーになりました。

以前も同じエラーで詰まったのですが、情報残しておかなかったら、原因忘れてまた調べることになったので書いておきます。

EKS Version 18で動いていたFalcoのPodが、Version 19では何故かエラーになります。

$ kubectl get po 
NAME                          READY   STATUS             RESTARTS   AGE
falco-bmn9d                   0/1     CrashLoopBackOff   6          7m7s

ログを見ると以下のようなログが出力されていました。

/build/make.log (with GCC /usr/bin/gcc-6)
* Trying to dkms install falco module with GCC /usr/bin/gcc-5
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr/bin/gcc-5)
* Trying to load a system falco driver, if present
* Trying to find locally a prebuilt falco module for kernel 5.4.95-42.163.amzn2.x86_64, if present
* Trying to download prebuilt module from https://download.falco.org/driver/5c0b863ddade7a45568c0ac97d037422c9efb750/falco_amazonlinux2_5.4.95-42.163.amzn2.x86_64_1.ko
curl: (22) The requested URL returned error: 404
Download failed, consider compiling your own falco module and loading it or getting in touch with the Falco community
Fri Mar 19 05:15:57 2021: Falco version 0.27.0 (driver version 5c0b863ddade7a45568c0ac97d037422c9efb750)
Fri Mar 19 05:15:57 2021: Falco initialized with configuration file /etc/falco/falco.yaml
Fri Mar 19 05:15:57 2021: Loading rules from file /etc/falco/falco_rules.yaml:
Fri Mar 19 05:15:59 2021: Loading rules from file /etc/falco/falco_rules.local.yaml:
Fri Mar 19 05:16:00 2021: Unable to load the driver.
Fri Mar 19 05:16:00 2021: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded.. Exiting.

ログをしっかり見ればすぐわかるのですが、原因はここです。

https://download.falco.org/driver/5c0b863ddade7a45568c0ac97d037422c9efb750/falco_amazonlinux2_5.4.95-42.163.amzn2.x86_64_1.ko
curl: (22) The requested URL returned error: 404

EKSのバージョンを上げたことで、マネージドEC2ノードのAmazon Linuxのバージョンが上がっていました。

$ uname -a
Linux ip-10-53-147-85.agc.jp 5.4.95-42.163.amzn2.x86_64 #1 SMP Thu Feb 4 12:50:05 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

このカーネル情報を合ったDriverを、こちらのサイトからダウンロードする動きなのですが、最新のバージョンに対応したDriverがまだ無いことが原因でした。

image.png

次のバージョンのDriverが出るまで待つしかなさそうです。

4
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
4
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?