[sysctl] set fs.may_detach_mounts=1 even when CRIs don't set it themselves (#8635)
parent
ffa285c2e7
commit
fa9f85c7e9
|
@ -87,6 +87,24 @@
|
|||
reload: yes
|
||||
when: enable_dual_stack_networks | bool
|
||||
|
||||
- name: Check if we need to set fs.may_detach_mounts
|
||||
stat:
|
||||
path: /proc/sys/fs/may_detach_mounts
|
||||
get_attributes: no
|
||||
get_checksum: no
|
||||
get_mime: no
|
||||
register: fs_may_detach_mounts
|
||||
ignore_errors: true # noqa ignore-errors
|
||||
|
||||
- name: Set fs.may_detach_mounts if needed
|
||||
sysctl:
|
||||
sysctl_file: "{{ sysctl_file_path }}"
|
||||
name: fs.may_detach_mounts
|
||||
value: 1
|
||||
state: present
|
||||
reload: yes
|
||||
when: fs_may_detach_mounts.stat.exists | d(false)
|
||||
|
||||
- name: Ensure kube-bench parameters are set
|
||||
sysctl:
|
||||
sysctl_file: "{{ sysctl_file_path }}"
|
||||
|
|
Loading…
Reference in New Issue