k8s_fedora: Move rp_filter=1 for calico up

follow up of: I828cec27968ffe0961011e34a66e0eef3e567c91

Move set of sysctl.conf up as it does need to
depend on NetworkManager configuration.

upstream docs:
Cluster nodes must have rp_filter set to strict (1).
https://github.com/projectcalico/calico/blob/master/v3.9/getting-started/kubernetes/installation/migration-from-flannel.md

story: 2006441
task: 36564

Change-Id: I8a6e970a8ea3d1d3424eab05f1617509cf27d52b
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
This commit is contained in:
Spyros Trigazis 2019-10-01 17:41:13 +00:00 committed by Spyros Trigazis
parent 70ef1bf70b
commit bb747ac5e7
2 changed files with 4 additions and 4 deletions

View File

@ -31,6 +31,8 @@ $ssh_cmd mkdir -p /etc/cni/net.d/
_addtl_mounts=',{"type":"bind","source":"/opt/cni","destination":"/opt/cni","options":["bind","rw","slave","mode=777"]},{"type":"bind","source":"/var/lib/docker","destination":"/var/lib/docker","options":["bind","rw","slave","mode=755"]}'
if [ "$NETWORK_DRIVER" = "calico" ]; then
echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf
$ssh_cmd sysctl -p
if [ "`systemctl status NetworkManager.service | grep -o "Active: active"`" = "Active: active" ]; then
CALICO_NM=/etc/NetworkManager/conf.d/calico.conf
[ -f ${CALICO_NM} ] || {
@ -42,8 +44,6 @@ unmanaged-devices=interface-name:cali*;interface-name:tunl*
EOF
}
systemctl restart NetworkManager
echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf
$ssh_cmd sysctl -p
fi
fi

View File

@ -31,6 +31,8 @@ $ssh_cmd mkdir -p /etc/cni/net.d/
_addtl_mounts=',{"type":"bind","source":"/opt/cni","destination":"/opt/cni","options":["bind","rw","slave","mode=777"]},{"type":"bind","source":"/var/lib/docker","destination":"/var/lib/docker","options":["bind","rw","slave","mode=755"]}'
if [ "$NETWORK_DRIVER" = "calico" ]; then
echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf
$ssh_cmd sysctl -p
if [ "$($ssh_cmd systemctl status NetworkManager.service | grep -o "Active: active")" = "Active: active" ]; then
CALICO_NM=/etc/NetworkManager/conf.d/calico.conf
[ -f ${CALICO_NM} ] || {
@ -42,8 +44,6 @@ unmanaged-devices=interface-name:cali*;interface-name:tunl*
EOF
}
$ssh_cmd systemctl restart NetworkManager
echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf
$ssh_cmd sysctl -p
fi
fi