kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use sysctl_file_path variable for all sysctl_file locations (#8395) 

* Use sysctl_file_path variable for all sysctl_file locations

* Add sysctl_file_path variable to kubespay-defaults

* Remove previously used sysctl file locations if present

* Use explicit filename in roles/kubernetes/node/defaults/main.yml

* Defaults: use explicit value
pull/8484/head
Michael Schmitz 2022-02-01 17:12:10 +01:00 committed by GitHub
parent 0e2ab5c273
commit eacd55fbca
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml
View File

@ -28,7 +28,7 @@
sysctl: sysctl:
name: net.ipv4.ip_forward name: net.ipv4.ip_forward
value: 1 value: 1
sysctl_file: /etc/sysctl.d/ipv4-ip_forward.conf sysctl_file: "{{ sysctl_file_path }}"
state: present state: present
reload: yes reload: yes
@ -37,7 +37,7 @@
name: "{{ item }}" name: "{{ item }}"
state: present state: present
value: 0 value: 0
sysctl_file: /etc/sysctl.d/bridge-nf-call.conf sysctl_file: "{{ sysctl_file_path }}"
reload: yes reload: yes
with_items: with_items:
- net.bridge.bridge-nf-call-arptables - net.bridge.bridge-nf-call-arptables

3
inventory/sample/group_vars/all/all.yml
View File

@ -116,3 +116,6 @@ no_proxy_exclude_workers: false
## Check if access_ip responds to ping. Set false if your firewall blocks ICMP. ## Check if access_ip responds to ping. Set false if your firewall blocks ICMP.
# ping_access_ip: true # ping_access_ip: true
# sysctl_file_path to add sysctl conf to
# sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"

10
roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
View File

@ -37,6 +37,14 @@
tags: tags:
- bootstrap-os - bootstrap-os
- name: Clean previously used sysctl file locations
file:
path: "/etc/sysctl.d/{{ item }}"
state: absent
with_items:
- ipv4-ip_forward.conf
- bridge-nf-call.conf
- name: Stat sysctl file configuration - name: Stat sysctl file configuration
stat: stat:
path: "{{ sysctl_file_path }}" path: "{{ sysctl_file_path }}"
@ -81,7 +89,7 @@
- name: Ensure kube-bench parameters are set - name: Ensure kube-bench parameters are set
sysctl: sysctl:
sysctl_file: /etc/sysctl.d/bridge-nf-call.conf sysctl_file: "{{ sysctl_file_path }}"
name: "{{ item.name }}" name: "{{ item.name }}"
value: "{{ item.value }}" value: "{{ item.value }}"
state: present state: present

3
roles/kubespray-defaults/defaults/main.yaml
View File

@ -660,3 +660,6 @@ proxy_disable_env:
# krew root dir # krew root dir
krew_root_dir: "/usr/local/krew" krew_root_dir: "/usr/local/krew"
# sysctl_file_path to add sysctl conf to
sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"

1
roles/reset/tasks/main.yml
View File

@ -331,6 +331,7 @@
- /usr/libexec/kubernetes - /usr/libexec/kubernetes
- /etc/origin/openvswitch - /etc/origin/openvswitch
- /etc/origin/ovn - /etc/origin/ovn
- "{{ sysctl_file_path }}"
ignore_errors: true # noqa ignore-errors ignore_errors: true # noqa ignore-errors
tags: tags:
- files - files