From eacd55fbcaab0b77818e6433f000a7dbfe294576 Mon Sep 17 00:00:00 2001 From: Michael Schmitz <37506516+eifelmicha@users.noreply.github.com> Date: Tue, 1 Feb 2022 17:12:10 +0100 Subject: [PATCH] Use sysctl_file_path variable for all sysctl_file locations (#8395) * Use sysctl_file_path variable for all sysctl_file locations * Add sysctl_file_path variable to kubespay-defaults * Remove previously used sysctl file locations if present * Use explicit filename in roles/kubernetes/node/defaults/main.yml * Defaults: use explicit value --- contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml | 4 ++-- inventory/sample/group_vars/all/all.yml | 3 +++ .../preinstall/tasks/0080-system-configurations.yml | 10 +++++++++- roles/kubespray-defaults/defaults/main.yaml | 3 +++ roles/reset/tasks/main.yml | 1 + 5 files changed, 18 insertions(+), 3 deletions(-) diff --git a/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml b/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml index 5417708ac..d991b10ac 100644 --- a/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml +++ b/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml @@ -28,7 +28,7 @@ sysctl: name: net.ipv4.ip_forward value: 1 - sysctl_file: /etc/sysctl.d/ipv4-ip_forward.conf + sysctl_file: "{{ sysctl_file_path }}" state: present reload: yes @@ -37,7 +37,7 @@ name: "{{ item }}" state: present value: 0 - sysctl_file: /etc/sysctl.d/bridge-nf-call.conf + sysctl_file: "{{ sysctl_file_path }}" reload: yes with_items: - net.bridge.bridge-nf-call-arptables diff --git a/inventory/sample/group_vars/all/all.yml b/inventory/sample/group_vars/all/all.yml index fb47cc241..b4b8212e0 100644 --- a/inventory/sample/group_vars/all/all.yml +++ b/inventory/sample/group_vars/all/all.yml @@ -116,3 +116,6 @@ no_proxy_exclude_workers: false ## Check if access_ip responds to ping. Set false if your firewall blocks ICMP. # ping_access_ip: true + +# sysctl_file_path to add sysctl conf to +# sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf" diff --git a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml index df748bc46..f88944d02 100644 --- a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml +++ b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml @@ -37,6 +37,14 @@ tags: - bootstrap-os +- name: Clean previously used sysctl file locations + file: + path: "/etc/sysctl.d/{{ item }}" + state: absent + with_items: + - ipv4-ip_forward.conf + - bridge-nf-call.conf + - name: Stat sysctl file configuration stat: path: "{{ sysctl_file_path }}" @@ -81,7 +89,7 @@ - name: Ensure kube-bench parameters are set sysctl: - sysctl_file: /etc/sysctl.d/bridge-nf-call.conf + sysctl_file: "{{ sysctl_file_path }}" name: "{{ item.name }}" value: "{{ item.value }}" state: present diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index 128682895..db05a0118 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -660,3 +660,6 @@ proxy_disable_env: # krew root dir krew_root_dir: "/usr/local/krew" + +# sysctl_file_path to add sysctl conf to +sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf" diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml index 366921a9a..beaf944a2 100644 --- a/roles/reset/tasks/main.yml +++ b/roles/reset/tasks/main.yml @@ -331,6 +331,7 @@ - /usr/libexec/kubernetes - /etc/origin/openvswitch - /etc/origin/ovn + - "{{ sysctl_file_path }}" ignore_errors: true # noqa ignore-errors tags: - files