From 49e5f17cb55348868720befe9bc67e065eabffea Mon Sep 17 00:00:00 2001
From: Lingxian Kong <anlin.kong@gmail.com>
Date: Thu, 30 May 2019 09:33:40 +1200
Subject: [PATCH] [k8s_fedora_atomic] Make calico devices unmanaged in
 NetworkManager config for master node

In https://review.opendev.org/#/c/548139/, we did the same change for
worker node, because kubelet is also installed on master nodes, we need
the same configuration, otherwise, the pods on master nodes won't work
properly(lost connection or timout frequently).

Story: #2005805
Task: #33544

Change-Id: I14c4dcdd1d73e2d94325974b4e55c1e37a20d9ea
---
 .../fragments/configure-kubernetes-master.sh     | 16 ++++++++++++++++
 ...ices-in-network-manager-e1bdb052834e11e9.yaml |  5 +++++
 2 files changed, 21 insertions(+)
 create mode 100644 releasenotes/notes/ignore-calico-devices-in-network-manager-e1bdb052834e11e9.yaml

diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
index e105f57a58..ea5cc8bb79 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
@@ -20,6 +20,22 @@ _prefix=${CONTAINER_INFRA_PREFIX:-docker.io/openstackmagnum/}
 
 mkdir -p /opt/cni
 _addtl_mounts=',{"type":"bind","source":"/opt/cni","destination":"/opt/cni","options":["bind","rw","slave","mode=777"]}'
+
+if [ "$NETWORK_DRIVER" = "calico" ]; then
+    if [ "`systemctl status NetworkManager.service | grep -o "Active: active"`" = "Active: active" ]; then
+        CALICO_NM=/etc/NetworkManager/conf.d/calico.conf
+        [ -f ${CALICO_NM} ] || {
+        echo "Writing File: $CALICO_NM"
+        mkdir -p $(dirname ${CALICO_NM})
+        cat << EOF > ${CALICO_NM}
+[keyfile]
+unmanaged-devices=interface-name:cali*;interface-name:tunl*
+EOF
+}
+        systemctl restart NetworkManager
+    fi
+fi
+
 atomic install --storage ostree --system --set=ADDTL_MOUNTS=${_addtl_mounts} --system-package=no --name=kubelet ${_prefix}kubernetes-kubelet:${KUBE_TAG}
 atomic install --storage ostree --system --system-package=no --name=kube-apiserver ${_prefix}kubernetes-apiserver:${KUBE_TAG}
 atomic install --storage ostree --system --system-package=no --name=kube-controller-manager ${_prefix}kubernetes-controller-manager:${KUBE_TAG}
diff --git a/releasenotes/notes/ignore-calico-devices-in-network-manager-e1bdb052834e11e9.yaml b/releasenotes/notes/ignore-calico-devices-in-network-manager-e1bdb052834e11e9.yaml
new file mode 100644
index 0000000000..f2597304c2
--- /dev/null
+++ b/releasenotes/notes/ignore-calico-devices-in-network-manager-e1bdb052834e11e9.yaml
@@ -0,0 +1,5 @@
+fixes:
+  - Fixed an issue that applications running on master nodes which rely on
+    network connection  keep restarting because of timeout or connection lost,
+    by making calico devices unmanaged in NetworkManager config on master
+    nodes.