azure: log a warning on network failure if non-root

This logs a warning about possible Azure-specific local firewalling if unable to reach Azure endpoints and running as non-root. Closes: coreos#95
erlarese · Aug 5, 2020 · 9fc4346 · 9fc4346
1 parent 2bda44f
commit 9fc4346
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/src/providers/azure/mod.rs b/src/providers/azure/mod.rs
@@ -30,6 +30,7 @@ use crate::errors::*;
 use crate::network;
 use crate::providers::MetadataProvider;
 use crate::retry;
+use nix::unistd::Uid;
 
 #[cfg(test)]
 mod mock_tests;
@@ -216,6 +217,15 @@ impl Azure {
         // make sure the metadata service is compatible with our version
         azure
             .is_fabric_compatible(MS_VERSION)
+            .map_err(|e| {
+                //It may require to run as root in order to reach the metadata endpoint on Azure, more details: https://github.com/coreos/bugs/issues/2468
+                let is_root = Uid::current().is_root();
+                if !is_root {
+                    warn!("unable to reach Azure endpoints, please check whether firewall rules are blocking access to them");
+                }
+
+                e
+            })
             .chain_err(|| "failed version compatibility check")?;
 
         // populate goalstate