From fb591bf23244b0851cc0d4c88f65f840c8720024 Mon Sep 17 00:00:00 2001 From: Matthew Mosesohn Date: Wed, 2 Oct 2019 14:37:07 +0300 Subject: [PATCH] Apply workaround for NetworkManager and calico (#5230) Change-Id: I5cb2bdf1a57707c1b8da3e5ac0c80e5c353480a4 --- .ansible-lint | 1 + roles/network_plugin/calico/handlers/main.yml | 6 +++++ roles/network_plugin/calico/tasks/install.yml | 22 +++++++++++++++++++ 3 files changed, 29 insertions(+) diff --git a/.ansible-lint b/.ansible-lint index edf8b7904..ececfc573 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -6,6 +6,7 @@ skip_list: # These either still need to be corrected in the repository and the rules re-enabled or documented why they are skipped on purpose. - '301' - '302' + - '303' - '305' - '306' - '404' diff --git a/roles/network_plugin/calico/handlers/main.yml b/roles/network_plugin/calico/handlers/main.yml index 7bb17dd66..3cb4f9bcf 100644 --- a/roles/network_plugin/calico/handlers/main.yml +++ b/roles/network_plugin/calico/handlers/main.yml @@ -18,3 +18,9 @@ - name: containerd | delete calico-node containers shell: 'crictl pods --name calico-node-* -q | xargs -I% --no-run-if-empty bash -c "crictl stopp % && crictl rmp %"' when: container_manager in ["crio", "containerd"] + +- name: Calico | Reload NetworkManager + service: + name: NetworkManager + state: reloaded + when: '"running" in nm_check.stdout' diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml index bd54e0201..ed883ac84 100644 --- a/roles/network_plugin/calico/tasks/install.yml +++ b/roles/network_plugin/calico/tasks/install.yml @@ -6,6 +6,28 @@ mode: 0755 remote_src: yes +- name: Calico | Check if host has NetworkManager + command: systemctl show NetworkManager + register: nm_check + failed_when: false + changed_when: false + +- name: Calico | Ensure NetworkManager conf.d dir + file: + path: "/etc/NetworkManager/conf.d" + state: directory + recurse: yes + when: nm_check.rc == 0 + +- name: Calico | Prevent NetworkManager from managing Calico interfaces + copy: + content: | + [keyfile] + unmanaged-devices=interface-name:cali*;interface-name:tunl* + dest: /etc/NetworkManager/conf.d/calico.conf + when: nm_check.rc == 0 + notify: Calico | Reload NetworkManager + - name: Calico | Write Calico cni config template: src: "cni-calico.conflist.j2"