local system does not support BPF/cgroup based firewalling

[Vince-Cercury]

I'm getting those error with 0.9.8 and v0.9.10-rc.5

+00:11:50	ip-xx-xx-xx-xxx.aws.mycompany.local: "File /usr/lib/systemd/system/systemd-udevd.service:32 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling."
+00:11:50	ip-xx-xx-xx-xxx.aws.mycompany.local: "File /usr/lib/systemd/system/systemd-logind.service:34 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling."
+00:11:51	ip-xx-xx-xx-xxx.aws.mycompany.local: "File /usr/lib/systemd/system/systemd-hostnamed.service:33 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling."
+00:11:51	ip-yy-yy-yy-yy.aws.mycompany.local: "File /usr/lib/systemd/system/systemd-machined.service:27 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling."
+00:11:51	ip-yy-yy-yy-yy.aws.mycompany.local: "Proceeding WITHOUT firewalling in effect!"
+00:11:51	ip-yy-yy-yy-yy.aws.mycompany.local: "File /usr/lib/systemd/system/systemd-journald.service:33 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling."
+00:11:51	ip-yy-yy-yy-yy.aws.mycompany.local: "File /usr/lib/systemd/system/systemd-udevd.service:32 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling."
+00:11:51	ip-yy-yy-yy-yy.aws.mycompany.local: "File /usr/lib/systemd/system/systemd-logind.service:34 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling."
+00:11:51	ip-yy-yy-yy-yy.aws.mycompany.local: "locksmithd.service: Current command vanished from the unit file, execution of the command list won't be resumed."
+00:11:51	ip-yy-yy-yy-yy.aws.mycompany.local: "File /usr/lib/systemd/system/systemd-hostnamed.service:33 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling."
+00:11:51	ip-yy-yy-yy-yy.aws.mycompany.local: "File /usr/lib/systemd/system/[email protected]:37 configures an IP firewall (IPAddressDeny=any), but the local system does not support BPF/cgroup based firewalling."
+00:11:51	ip-yy-yy-yy-yy.aws.mycompany.local: "docker.service: Failed with result 'exit-code'."
+00:11:51	ip-yy-yy-yy-yy.aws.mycompany.local: "kubelet.service: Failed with result 'exit-code'."
+00:11:52	ip-yy-yy-yy-yy.aws.mycompany.local: "docker.service: Start request repeated too quickly."
+00:11:52	ip-yy-yy-yy-yy.aws.mycompany.local: "docker.socket: Failed with result 'service-start-limit-hit'."
+00:12:54	ip-yy-yy-yy-yy.aws.mycompany.local: "kubelet.service: Failed with result 'exit-code'."
+00:14:02	ip-yy-yy-yy-yy.aws.mycompany.local: "kubelet.service: Failed with result 'exit-code'."
+00:15:09	ip-yy-yy-yy-yy.aws.mycompany.local: "kubelet.service: Failed with result 'exit-code'."

I'm using the same CoreOs base image in both cases (release from February).

It does not affect the creation of the cluster though. Is that something others are experiencing?
If it's a CoreOs only issue, I can close this

[mumoshu]

@Vincemd Hi! Thanks again for the report.
Just wondering but are you aware of anything possibly relevant to your issue?

afaik, kube-aws does't touch firewalling thing at all so, honestly, I'm not sure where to fix.

[Vince-Cercury]

Thanks. All good, It's coreos specific. Safe to ignore. Strange not everybody is getting this.

For those interested: coreos/bugs#2343

Closing this.