Commit Graph

68 Commits (7ef30a2c6099386d47264f36ec20ccf3ff40f317)

Author SHA1 Message Date
zouxianyu 23e87f2521 add missing kernel config check
Signed-off-by: zouxianyu <2979121738@qq.com>
(cherry picked from commit c1cb5d63b9)
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2024-05-31 09:16:55 -07:00
Rishikesh Nair 82cfacb2f3 Update contrib/util/check-config.sh
Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Rishikesh Nair <42700059+rishinair11@users.noreply.github.com>
2024-03-05 15:10:36 -08:00
Rishikesh Nair ce0765c9f8 Rename `RAW_OUTPUT` -> `NO_COLOR`
Also, if NO_COLOR is empty, output will be colored, otherwise not colored.

Signed-off-by: Rishikesh Nair <alienware505@gmail.com>
2024-03-05 15:10:36 -08:00
Rishi ff7cfa2235 Disable color outputs using RAW_OUTPUT env var
Setting this environment variable will not wrap the text in color ANSI code, so that we can print a raw output.

Signed-off-by: Rishikesh Nair <alienware505@gmail.com>
2024-03-05 15:10:36 -08:00
Derek Nola 3eb4e12c3b
Don't use zgrep in `check-config` if apparmor porfile is enforced (#7939)
* Don't use zgrep if apparmor is enforced for it

* Bump e2e se timeouts for reencryption time

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-07-12 08:49:05 -07:00
Derek Nola d13ee64403
Enhance `k3s check-config` (#7091)
* Move  CONFIG_CGROUP_PIDS to Required

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-29 09:55:08 -07:00
Derek Nola 9980504196
Fix to Rotate CA e2e test (#7101)
* Include note on service keys

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Fix rotate cert ca test

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Remove periods

Signed-off-by: Derek Nola <derek.nola@suse.com>

* Add new test to nightly script

Signed-off-by: Derek Nola <derek.nola@suse.com>

---------

Signed-off-by: Derek Nola <derek.nola@suse.com>
2023-03-16 17:56:17 -07:00
Richard Steinmetz a912902aa7
Add missing kernel config checks (#6946)
Add additional kernel config checks for NETFILTER_XT_MATCH_COMMENT and
NETFILTER_XT_MATCH_MULTIPORT as they are both required to run k3s.

Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2023-03-14 12:55:38 -04:00
Brad Davidson 68fcb48a35 Update/rename certs.sh; add default cert rotation script
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-03-13 16:56:28 -07:00
Brad Davidson 2156015521 Improve default umask for certs.sh
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-14 09:39:41 -08:00
Brad Davidson 1ec242d816 Add example certificate generation script
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2023-02-06 15:09:31 -08:00
Derek Nola fd79a1cfea
Bump testing to opensuse Leap 15.4 (#6337)
* Bump to Leap 15.4 for testing

Signed-off-by: Derek Nola <derek.nola@suse.com>
2022-10-26 08:38:18 -07:00
Luther Monson 9a849b1bb7
[master] changing package to k3s-io (#4846)
* changing package to k3s-io

Signed-off-by: Luther Monson <luther.monson@gmail.com>

Co-authored-by: Derek Nola <derek.nola@suse.com>
2022-03-02 15:47:27 -08:00
Rowan Thorpe dccee4e87b Fix regression from commit 137e80cd86
Problem:

A false-negative in check-config.sh for cgroups v2 systems was fixed but the
commit introduced a regression based on a small assumption that content of
/sys/fs/cgroup/cgroup.controllers would have the same format as the content
of /proc/self/cgroup. It doesn't.

Solution:

This just tweaks the regex to count occurrences of either cgroup
subsystem-names on each line (as occurs in the sysfs pseudo-file), or those
names with colons either side (as occurs in the procfs pseudo-file).

Signed-off-by: Rowan Thorpe <rowan@rowanthorpe.com>
2021-09-17 11:21:17 -07:00
Rowan Thorpe 137e80cd86 Handle cgroup v1/2/hybrid in check-config.sh more explicitly/accurately
Problem:
 In check-config.sh assumptions are made about cgroups v1/v2/hybrid,
 causes false-negative on pure V2 system.

Solution:
 In check-config.sh implement the same validation as found in
 ./pkg/agent/run.go -> validate(), validateCgroupsV1(), validateCgroupsV2()
 [ which use containerd/cgroups:utils.go -> Mode() ]

Signed-off-by: Rowan Thorpe <rowan@rowanthorpe.com>
2021-09-14 15:53:12 -07:00
Derek Nola 4cc781b5e3
Moved testing utils into tests directory. Improved gotests template. (#3805)
* Moved testing utils into tests directory. Improved gotests template.
* Updated cgroups2 with util folder rename

Signed-off-by: dereknola <derek.nola@suse.com>
2021-08-10 11:13:26 -07:00
Brian Downs f99b1c8798
add gotests templates (#3709)
add gotests templates
2021-07-24 19:36:36 -07:00
Derek Nola 2afa3dbe1c
Changed iptables version check for fail if version is between 1.8.0 and 1.8.3 and using nf_tables mode (#3425)
Signed-off-by: dereknola <derek.nola@suse.com>
2021-06-10 10:47:03 -07:00
Erik Wilson f6153201ba Add diagnostics collection scripts
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-07 11:08:47 -07:00
Erik Wilson 7f0bdf8a1e
check-config: Remove NF_NAT_IPV4 and NF_NAT_NEEDED from kernel check 2020-10-06 14:30:49 -07:00
Jean-Philippe Evrard eabc82c724 Remove trailing whitespaces
To please my OCD, and remove my editor flashing boxes,
I am removing trailing whitespaces. They have no purpose in life.
2020-05-27 17:27:30 +02:00
Julien DOCHE 55cca7bba3 contrib/ansible: Remove duplication and redirect to new repository
Signed-off-by: Julien DOCHE <julien.doche@gmail.com>
2020-05-12 17:47:20 +02:00
Craig Jellick ad4c542ad5
Merge pull request #1735 from stellirin/performance
[systemd] Add value to LimitNOFILE due to performance problems
2020-05-06 16:37:37 -07:00
David Nuzik de48f0c43d
Merge pull request #1730 from geerlingguy/1729-ansible-changed
Fixes #1729: Use 'is changed' instead of non-existent changed filter.
2020-05-04 09:36:38 -07:00
Adam Farden b4335630b7 [systemd] Add value to LimitNOFILE due to performance problems
When k3s is installed on an OS with default high ulimits, performance
issues can be observed. This was discovered on CoreOS where the default
value is 1073741816. Symptoms include very slow file operations such
as installing a Rook/Ceph cluster will take ~6 hours instead of ~10 minutes.

A google search for 'container LimitNOFILE' will show that most major
projects set this already, including the (unused) containerd systemd unit
found in this repository at /vendor/github.com/containerd/containerd/containerd.service

k3OS is not affected becuasse the default there is already 1048576.

See description in coreos/fedora-coreos-tracker#329
2020-05-03 09:37:00 +02:00
Jeff Geerling 3fef74bcb9 Fix typo in Ansible README file scp command. 2020-05-01 23:02:08 -05:00
Jeff Geerling 27215a5ec0 Fixes #1729: Use 'is changed' instead of non-existent changed filter. 2020-05-01 22:42:42 -05:00
Julien DOCHE 3c98290f0b
contrib/ansible: Add reset role and playbook to reset a node (#1565)
Signed-off-by: Julien DOCHE <julien.doche@gmail.com>
2020-03-25 12:36:28 -07:00
Joakim Roubert 4286ba7163 Fix markdown files according to markdownlint recommendations
There are some issues and quirks in the markdown documentation files
suggested by the markdownlint project checker that might benefit from
being fixed, which this patch does.

Change-Id: I33245825e5bb543b5ce1732204984d4a0b169668
Signed-off-by: Joakim Roubert <joakimr@axis.com>
2020-03-04 11:06:55 +01:00
Arpan Kapoor d01978147e
Add ExecStartPre to ansible systemd node unit files 2020-03-01 19:32:19 +05:30
Arpan Kapoor 4f57cdd5e0
Add Type and TimeoutStartSec to ansible systemd unit files 2020-03-01 19:31:31 +05:30
Erik Wilson 9a1f9a8a4c
Merge pull request #1430 from St0rmingBr4in/fix-home
contrib/ansible: Fix home path and use kubectl to set the server url in conf
2020-02-24 15:24:33 -07:00
Julien DOCHE cddcbe7833 contrib/ansible: Add extra_server_args variable
Signed-off-by: Julien DOCHE <julien.doche@gmail.com>
2020-02-17 21:42:40 +01:00
Julien DOCHE afbef43efd contrib/ansible: Use kubectl to set the server url in conf
Sometimes https://127.0.0.1:6443 can be written in the conf, the regexp does
not account for that.

Signed-off-by: Julien DOCHE <julien.doche@gmail.com>
2020-02-17 20:55:44 +01:00
Julien DOCHE 9c23860ce8 contrib/ansible: Fix home is not necessarily in /home
Signed-off-by: Julien DOCHE <julien.doche@gmail.com>
2020-02-17 20:49:01 +01:00
Julien DOCHE fd891d0bd9 contrib/ansible: Move example inventory to its own subdirectory
Signed-off-by: Julien DOCHE <julien.doche@gmail.com>
2020-02-16 21:08:42 +01:00
Erik Wilson 5b98d10e4b Warn if NPC can't start rather than fatal error
If the ip_set kernel module is not available we should warn
that the network policy controller can not start rather than
cause a fatal error.

Also adds module probing and config checks for ip_set.
2020-01-14 14:30:12 -07:00
Erik Wilson 3c945476f6 Revert check-config's "Silence modprobe warnings"
This reverts commit 8edbe30c8c.
2019-11-14 10:56:37 -07:00
Erik Wilson 8edbe30c8c Silence modprobe warnings 2019-11-13 17:39:02 -07:00
Erik Wilson c83ec56cbe Non-fatal warning for check-config modules 2019-11-13 17:08:15 -07:00
Erik Wilson 7b3a2d33d1 Clean up check-config exit code & text 2019-11-13 14:57:58 -07:00
Erik Wilson cc4026e1e2 Search system path for iptables in check-config 2019-11-13 12:21:56 -07:00
Erik Wilson a73f8b1773 Update check-config.sh for k3s 2019-11-13 08:34:24 -07:00
Erik Wilson b0d1ca9c21 Add check-config.sh from moby 2019-11-13 02:16:16 -07:00
James Harrington 8431b0ead0 Fix indentation 2019-10-27 23:34:34 -04:00
Matthias Riegler 5c870d18da CentOS/RHEL compatibility for Ansible roles
- Setting IPv4 & IPv6 forwarding
- Setting `sysctl:net.bridge.bridge-nf-call-iptables` and `bridge-nf-call-ip6tables` to enabled since it is disabled by default on some CentOS systems
2019-09-29 00:19:18 +02:00
Erik Wilson 9c99578bd6 Update k3s v0.8.0 to v0.8.1 2019-08-20 17:32:49 -07:00
Erik Wilson 7028320ca3 Update v0.7.0 to v0.8.0 2019-08-05 15:11:49 -07:00
Erik Wilson 23501c08cb
Merge pull request #662 from cryptk/systemd-delay
Add a little extra delay between restart attempts
2019-07-27 07:57:45 -07:00
Chris Jowett 612b2c1596 Add RestartSec to ansible systemd unit files 2019-07-26 13:05:54 -05:00