-
Notifications
You must be signed in to change notification settings - Fork 845
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🐛 The user running cloudflared process has a GID (group ID) that is not within ping_group_range #1334
Comments
I found this while searching for the same problem, but there is already a fix in Issue #1109 (comment here) For the UDP buffer I'm running on baremetal and was able to update the sysctls as described in the link from the logs. |
I'm unable to set the sysctls calls on GKE autopilot 😞
|
I got the same error here |
+1 I've the same problem....now my tunnel is DOWN from CluoudFlare admin panel I also tried to turn ON the ICMP feature, but nothing happens 2024-11-01T18:19:10Z INF Starting tunnel tunnelID=9fb1bb25-8e7b-458f-87f5-f8ec91251ac1 |
@cyanidium , please provide more details how to use this information. I'm running cloudflared as a Docker container in Unraid. |
I'm not familiar with Unraid. If you're running it in Docker on linux, then on the machine that is running docker you need to run as root (or with sysctl -w net.core.rmem_max=7500000
sysctl -w net.core.wmem_max=7500000 This resets after each boot. If you want to persist the changes, and you use systemd, then you can create a file
That first set of commands is what you find at the link in the error message. If you're not running linux, there are alternate instructions at that link. This isn't a fatal error, though, so really what you want to fix is the The error in the OP says
Again, this applies to linux, and I'm not sure what the equivalent commands are for other platforms. If you use Kubernetes, you can (should?) set the ping_group_range value in the pod securityContext as described in the link I gave. I'm not sure if you need to do anything special with Docker or if setting it on the host machine is sufficient.
The settings are security constraints on the host machine that the container is running on. Some cloud environments don't seem to allow you to change these settings at all, most container environments frown upon anything needing root privileges. The settings also apply to all processes on the host machine, so if you want the range to be "1000 1000" and someone else wants it to be "2000 2000" then who wins? I don't work for cloudflare, but this is not something that will get fixed in the container image. Does that help? |
I can't find anything in the GKE Autopilot docs to suggest that this sysctl is blocked, in fact the docs indicate that it should be allowed given it's considered a "safe sysctl". That error message makes it seem like you've put the |
Describe the bug
I'm seeing the following error while running cloudflared through the official Docker image.
After it, I also see:
To Reproduce
Steps to reproduce the behavior:
Expected behavior
These errors seem harmless, everything seem to be working fine, but I would like to understand why I'm seeing them and if I can do something to stop them.
Environment and versions
Logs and errors
If applicable, add logs or errors to help explain your problem.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: