Commit Graph

22 Commits (16d29398ad6adac36b53a827213044133eb36280)

Author SHA1 Message Date
Derek Nola 3eb4e12c3b
Don't use zgrep in `check-config` if apparmor porfile is enforced (#7939)
* Don't use zgrep if apparmor is enforced for it

* Bump e2e se timeouts for reencryption time

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-12 08:49:05 -07:00
Derek Nola d13ee64403
Enhance `k3s check-config` (#7091)
* Move  CONFIG_CGROUP_PIDS to Required

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-29 09:55:08 -07:00
Derek Nola 9980504196
Fix to Rotate CA e2e test (#7101)
* Include note on service keys

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Fix rotate cert ca test

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Remove periods

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add new test to nightly script

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-16 17:56:17 -07:00
Richard Steinmetz a912902aa7
Add missing kernel config checks (#6946)
Add additional kernel config checks for NETFILTER_XT_MATCH_COMMENT and
NETFILTER_XT_MATCH_MULTIPORT as they are both required to run k3s.

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2023-03-14 12:55:38 -04:00
Brad Davidson 68fcb48a35 Update/rename certs.sh; add default cert rotation script
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-03-13 16:56:28 -07:00
Brad Davidson 2156015521 Improve default umask for certs.sh
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-14 09:39:41 -08:00
Brad Davidson 1ec242d816 Add example certificate generation script
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
Derek Nola fd79a1cfea
Bump testing to opensuse Leap 15.4 (#6337)
* Bump to Leap 15.4 for testing

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-10-26 08:38:18 -07:00
Rowan Thorpe dccee4e87b Fix regression from commit 137e80cd86
Problem:

A false-negative in check-config.sh for cgroups v2 systems was fixed but the
commit introduced a regression based on a small assumption that content of
/sys/fs/cgroup/cgroup.controllers would have the same format as the content
of /proc/self/cgroup. It doesn't.

Solution:

This just tweaks the regex to count occurrences of either cgroup
subsystem-names on each line (as occurs in the sysfs pseudo-file), or those
names with colons either side (as occurs in the procfs pseudo-file).

Signed-off-by: Rowan Thorpe <rowan@rowanthorpe.com>
2021-09-17 11:21:17 -07:00
Rowan Thorpe 137e80cd86 Handle cgroup v1/2/hybrid in check-config.sh more explicitly/accurately
Problem:
 In check-config.sh assumptions are made about cgroups v1/v2/hybrid,
 causes false-negative on pure V2 system.

Solution:
 In check-config.sh implement the same validation as found in
 ./pkg/agent/run.go -> validate(), validateCgroupsV1(), validateCgroupsV2()
 [ which use containerd/cgroups:utils.go -> Mode() ]

Signed-off-by: Rowan Thorpe <rowan@rowanthorpe.com>
2021-09-14 15:53:12 -07:00
Derek Nola 2afa3dbe1c
Changed iptables version check for fail if version is between 1.8.0 and 1.8.3 and using nf_tables mode (#3425)
Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-10 10:47:03 -07:00
Erik Wilson f6153201ba Add diagnostics collection scripts
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-07 11:08:47 -07:00
Erik Wilson 7f0bdf8a1e
check-config: Remove NF_NAT_IPV4 and NF_NAT_NEEDED from kernel check 2020-10-06 14:30:49 -07:00
Jean-Philippe Evrard eabc82c724 Remove trailing whitespaces
To please my OCD, and remove my editor flashing boxes,
I am removing trailing whitespaces. They have no purpose in life.
2020-05-27 17:27:30 +02:00
Erik Wilson 5b98d10e4b Warn if NPC can't start rather than fatal error
If the ip_set kernel module is not available we should warn
that the network policy controller can not start rather than
cause a fatal error.

Also adds module probing and config checks for ip_set.
2020-01-14 14:30:12 -07:00
Erik Wilson 3c945476f6 Revert check-config's "Silence modprobe warnings"
This reverts commit 8edbe30c8c.
2019-11-14 10:56:37 -07:00
Erik Wilson 8edbe30c8c Silence modprobe warnings 2019-11-13 17:39:02 -07:00
Erik Wilson c83ec56cbe Non-fatal warning for check-config modules 2019-11-13 17:08:15 -07:00
Erik Wilson 7b3a2d33d1 Clean up check-config exit code & text 2019-11-13 14:57:58 -07:00
Erik Wilson cc4026e1e2 Search system path for iptables in check-config 2019-11-13 12:21:56 -07:00
Erik Wilson a73f8b1773 Update check-config.sh for k3s 2019-11-13 08:34:24 -07:00
Erik Wilson b0d1ca9c21 Add check-config.sh from moby 2019-11-13 02:16:16 -07:00