Use sysctl_file_path variable for all sysctl_file locations (#8395)

* Use sysctl_file_path variable for all sysctl_file locations * Add sysctl_file_path variable to kubespay-defaults * Remove previously used sysctl file locations if present * Use explicit filename in roles/kubernetes/node/defaults/main.yml * Defaults: use explicit value

Use sysctl_file_path variable for all sysctl_file locations (#8395)
eacd55fb · Michael Schmitz · GitHub · 0e2ab5c2 · eacd55fb · eacd55fb
Unverified Commit eacd55fb authored 3 years ago by Michael Schmitz Committed by GitHub 3 years ago
--- a/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml
+++ b/contrib/kvm-setup/roles/kvm-setup/tasks/sysctl.yml
@@ -28,7 +28,7 @@
  sysctl:
    name: net.ipv4.ip_forward
    value: 1
-    sysctl_file: /etc/sysctl.d/ipv4-ip_forward.conf
+    sysctl_file: "{{ sysctl_file_path }}"
    state: present
    reload: yes

@@ -37,7 +37,7 @@
    name: "{{ item }}"
    state: present
    value: 0
-    sysctl_file: /etc/sysctl.d/bridge-nf-call.conf
+    sysctl_file: "{{ sysctl_file_path }}"
    reload: yes
  with_items:
    - net.bridge.bridge-nf-call-arptables

--- a/inventory/sample/group_vars/all/all.yml
+++ b/inventory/sample/group_vars/all/all.yml
@@ -116,3 +116,6 @@ no_proxy_exclude_workers: false

 ## Check if access_ip responds to ping. Set false if your firewall blocks ICMP.
 # ping_access_ip: true
+
+# sysctl_file_path to add sysctl conf to
+# sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
--- a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
+++ b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
@@ -37,6 +37,14 @@
  tags:
    - bootstrap-os

+- name: Clean previously used sysctl file locations
+  file:
+    path: "/etc/sysctl.d/{{ item }}"
+    state: absent
+  with_items:
+    - ipv4-ip_forward.conf
+    - bridge-nf-call.conf
+
 - name: Stat sysctl file configuration
  stat:
    path: "{{ sysctl_file_path }}"
@@ -81,7 +89,7 @@

 - name: Ensure kube-bench parameters are set
  sysctl:
-    sysctl_file: /etc/sysctl.d/bridge-nf-call.conf
+    sysctl_file: "{{ sysctl_file_path }}"
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    state: present

--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -660,3 +660,6 @@ proxy_disable_env:

 # krew root dir
 krew_root_dir: "/usr/local/krew"
+
+# sysctl_file_path to add sysctl conf to
+sysctl_file_path: "/etc/sysctl.d/99-sysctl.conf"
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -331,6 +331,7 @@
    - /usr/libexec/kubernetes
    - /etc/origin/openvswitch
    - /etc/origin/ovn
+    - "{{ sysctl_file_path }}"
  ignore_errors: true  # noqa ignore-errors
  tags:
    - files