From 95cf49766bd40007b77f5ad906806102cb191542 Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Thu, 31 Oct 2019 12:50:49 -0700 Subject: [PATCH] Fix panic in drivers/overlay/encryption.go Issue - "index out of range" panic in drivers/overlay/encryption.go:539 due to a mismatch in indices between curKeys and spis due to case where updateKeys might bail out due to an error and not update the spis Fix - Reconfigure keys when there is a key update failure Signed-off-by: Arko Dasgupta (cherry picked from commit 4420ee92f5b3b951f98a36b2bc8144a19b560a22) Signed-off-by: Sebastiaan van Stijn --- agent.go | 10 ++++++++++ drivers/overlay/overlay.go | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/agent.go b/agent.go index f7d57e23a2..fa6ec525b6 100644 --- a/agent.go +++ b/agent.go @@ -184,6 +184,16 @@ func (c *controller) handleKeyChange(keys []*types.EncryptionKey) error { err := driver.DiscoverNew(discoverapi.EncryptionKeysUpdate, drvEnc) if err != nil { logrus.Warnf("Failed to update datapath keys in driver %s: %v", name, err) + // Attempt to reconfigure keys in case of a update failure + // which can arise due to a mismatch of keys + // if worker nodes get temporarily disconnected + logrus.Warnf("Reconfiguring datapath keys for %s", name) + drvCfgEnc := discoverapi.DriverEncryptionConfig{} + drvCfgEnc.Keys, drvCfgEnc.Tags = c.getKeys(subsysIPSec) + err = driver.DiscoverNew(discoverapi.EncryptionKeysConfig, drvCfgEnc) + if err != nil { + logrus.Warnf("Failed to reset datapath keys in driver %s: %v", name, err) + } } return false }) diff --git a/drivers/overlay/overlay.go b/drivers/overlay/overlay.go index 1ec1e0070b..6f83e6de06 100644 --- a/drivers/overlay/overlay.go +++ b/drivers/overlay/overlay.go @@ -378,7 +378,7 @@ func (d *driver) DiscoverNew(dType discoverapi.DiscoveryType, data interface{}) } } if err := d.updateKeys(newKey, priKey, delKey); err != nil { - logrus.Warn(err) + return err } default: }