From 1df886df52ace162e88b064d4c3302908c2ba290 Mon Sep 17 00:00:00 2001
From: Spyros Trigazis <spyridon.trigazis@cern.ch>
Date: Tue, 10 Sep 2019 12:44:50 +0000
Subject: [PATCH] k8s_fedora: Move rp_filter=1 for calico up

follow up of: I828cec27968ffe0961011e34a66e0eef3e567c91

Move set of sysctl.conf up as it does need to
depend on NetworkManager configuration.

upstream docs:
Cluster nodes must have rp_filter set to strict (1).
https://github.com/projectcalico/calico/blob/master/v3.9/getting-started/kubernetes/installation/migration-from-flannel.md

story: 2006441
task: 36564

Change-Id: I8a6e970a8ea3d1d3424eab05f1617509cf27d52b
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
(cherry picked from commit bb747ac5e79d3734422d9561c52dc85213f2e22b)
(cherry picked from commit 4807e64772b4364e849cb98c458e2a9f0a5dd926)
---
 .../kubernetes/fragments/configure-kubernetes-master.sh         | 2 ++
 .../kubernetes/fragments/configure-kubernetes-minion.sh         | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
index b7b8da6e10..ebcb673478 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
@@ -26,6 +26,8 @@ mkdir -p /etc/cni/net.d/
 _addtl_mounts=',{"type":"bind","source":"/opt/cni","destination":"/opt/cni","options":["bind","rw","slave","mode=777"]},{"type":"bind","source":"/var/lib/docker","destination":"/var/lib/docker","options":["bind","rw","slave","mode=755"]}'
 
 if [ "$NETWORK_DRIVER" = "calico" ]; then
+    echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf
+    sysctl -p
     if [ "`systemctl status NetworkManager.service | grep -o "Active: active"`" = "Active: active" ]; then
         CALICO_NM=/etc/NetworkManager/conf.d/calico.conf
         [ -f ${CALICO_NM} ] || {
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
index be324b3363..6ca228294a 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
@@ -26,6 +26,8 @@ mkdir -p /etc/cni/net.d/
 _addtl_mounts=',{"type":"bind","source":"/opt/cni","destination":"/opt/cni","options":["bind","rw","slave","mode=777"]},{"type":"bind","source":"/var/lib/docker","destination":"/var/lib/docker","options":["bind","rw","slave","mode=755"]}'
 
 if [ "$NETWORK_DRIVER" = "calico" ]; then
+    echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf
+    sysctl -p
     if [ "`systemctl status NetworkManager.service | grep -o "Active: active"`" = "Active: active" ]; then
         CALICO_NM=/etc/NetworkManager/conf.d/calico.conf
         [ -f ${CALICO_NM} ] || {