From fb591bf23244b0851cc0d4c88f65f840c8720024 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <matthew.mosesohn@gmail.com>
Date: Wed, 2 Oct 2019 14:37:07 +0300
Subject: [PATCH] Apply workaround for NetworkManager and calico (#5230)

Change-Id: I5cb2bdf1a57707c1b8da3e5ac0c80e5c353480a4
---
 .ansible-lint                                 |  1 +
 roles/network_plugin/calico/handlers/main.yml |  6 +++++
 roles/network_plugin/calico/tasks/install.yml | 22 +++++++++++++++++++
 3 files changed, 29 insertions(+)

diff --git a/.ansible-lint b/.ansible-lint
index edf8b7904..ececfc573 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -6,6 +6,7 @@ skip_list:
   # These either still need to be corrected in the repository and the rules re-enabled or documented why they are skipped on purpose.
   - '301'
   - '302'
+  - '303'
   - '305'
   - '306'
   - '404'
diff --git a/roles/network_plugin/calico/handlers/main.yml b/roles/network_plugin/calico/handlers/main.yml
index 7bb17dd66..3cb4f9bcf 100644
--- a/roles/network_plugin/calico/handlers/main.yml
+++ b/roles/network_plugin/calico/handlers/main.yml
@@ -18,3 +18,9 @@
 - name: containerd | delete calico-node containers
   shell: 'crictl pods --name calico-node-* -q | xargs -I% --no-run-if-empty bash -c "crictl stopp % && crictl rmp %"'
   when: container_manager in ["crio", "containerd"]
+
+- name: Calico | Reload NetworkManager
+  service:
+    name: NetworkManager
+    state: reloaded
+  when: '"running" in nm_check.stdout'
diff --git a/roles/network_plugin/calico/tasks/install.yml b/roles/network_plugin/calico/tasks/install.yml
index bd54e0201..ed883ac84 100644
--- a/roles/network_plugin/calico/tasks/install.yml
+++ b/roles/network_plugin/calico/tasks/install.yml
@@ -6,6 +6,28 @@
     mode: 0755
     remote_src: yes
 
+- name: Calico | Check if host has NetworkManager
+  command: systemctl show NetworkManager
+  register: nm_check
+  failed_when: false
+  changed_when: false
+
+- name: Calico | Ensure NetworkManager conf.d dir
+  file:
+    path: "/etc/NetworkManager/conf.d"
+    state: directory
+    recurse: yes
+  when: nm_check.rc == 0
+
+- name: Calico | Prevent NetworkManager from managing Calico interfaces
+  copy:
+    content: |
+      [keyfile]
+      unmanaged-devices=interface-name:cali*;interface-name:tunl*
+    dest: /etc/NetworkManager/conf.d/calico.conf
+  when: nm_check.rc == 0
+  notify: Calico | Reload NetworkManager
+
 - name: Calico | Write Calico cni config
   template:
     src: "cni-calico.conflist.j2"
-- 
GitLab