From 9db918c9d1014bf414da1edbd7abf28ffab64208 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Antunes?= Date: Tue, 12 Nov 2024 18:02:32 +0000 Subject: [PATCH 1/9] chore(local-dev): fixes the metadata generation file for the operator version (#1489) --- scripts/ci-build-deps.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/ci-build-deps.sh b/scripts/ci-build-deps.sh index 9f5f0d5ca..aecf586ff 100755 --- a/scripts/ci-build-deps.sh +++ b/scripts/ci-build-deps.sh @@ -23,7 +23,8 @@ function local_artifact_mirror() { function operator() { make -C operator build-ttl.sh build-chart-ttl.sh \ - PACKAGE_VERSION="$EC_VERSION" + PACKAGE_VERSION="$EC_VERSION" \ + VERSION="$EC_VERSION" cp operator/build/image "operator/build/image-$EC_VERSION" cp operator/build/chart "operator/build/chart-$EC_VERSION" } From 7d3a19c49bf377644affed2294eca64fbb25528e Mon Sep 17 00:00:00 2001 From: replicated-ci-ec Date: Wed, 13 Nov 2024 12:05:23 +0000 Subject: [PATCH 2/9] feat: update adminconsole version (#1491) updated adminconsole version Co-authored-by: emosbaugh <371319+emosbaugh@users.noreply.github.com> --- pkg/addons/adminconsole/static/metadata.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/pkg/addons/adminconsole/static/metadata.yaml b/pkg/addons/adminconsole/static/metadata.yaml index eade78fbd..1e73219d3 100644 --- a/pkg/addons/adminconsole/static/metadata.yaml +++ b/pkg/addons/adminconsole/static/metadata.yaml @@ -5,26 +5,26 @@ # $ make buildtools # $ output/bin/buildtools update addon # -version: 1.120.3 +version: 1.121.0 location: oci://proxy.replicated.com/anonymous/registry.replicated.com/library/admin-console images: kotsadm: repo: proxy.replicated.com/anonymous/kotsadm/kotsadm tag: - amd64: v1.120.3-amd64@sha256:884cbaf8213c16bfe2ef12f628f5477a4a75252270282b6451081cd841c5723f - arm64: v1.120.3-arm64@sha256:3d11d7d14bd4305c3fcf64f5a8a52eb1e27fa0bf461232bd63c275c05666487a + amd64: v1.121.0-amd64@sha256:d13e5ee489b067c02d571c49a8ef505a31313ac27bb93c4393e53a3a2c971ba1 + arm64: v1.121.0-arm64@sha256:f9e33c73b5dc950feccd1253d10450d8a3feec1b0cf01a97ed941025bdee905b kotsadm-migrations: repo: proxy.replicated.com/anonymous/kotsadm/kotsadm-migrations tag: - amd64: v1.120.3-amd64@sha256:c56582c4487b829537bfefb40f57addd0da472c5d919066e585879f99b82e377 - arm64: v1.120.3-arm64@sha256:693354624b06d10c37710bf533543948f78659c2771a0fc75a4b03eb2ee37829 + amd64: v1.121.0-amd64@sha256:f18ad85c8e35af5ac5668bda45b8c5d3fcb03d5edb9d8adc6ea7431d50d0ce93 + arm64: v1.121.0-arm64@sha256:3a50f6638ac2686da3714486989d525d9e79b0e9dd2bef31c4065f8aecd17edf kurl-proxy: repo: proxy.replicated.com/anonymous/kotsadm/kurl-proxy tag: - amd64: v1.120.3-amd64@sha256:9dae75b4c5ba933d2f8ce7206101b9858e4ab0da0b9534f6f9742458a7dd3f04 - arm64: v1.120.3-arm64@sha256:13dd2a2e4474f75c56f041ea8366983802407b225e991469a8e91b7d716113de + amd64: v1.121.0-amd64@sha256:07103fe556beda8e7a92f188fb3fb4cb865d8637292d3df754b698eec2d3c95c + arm64: v1.121.0-arm64@sha256:4c3ab0805f2e8c95d7ff526e80f9a93656461bd7d03ec74f8a757fa3097dd677 rqlite: repo: proxy.replicated.com/anonymous/kotsadm/rqlite tag: - amd64: 8.32.7-r0-amd64@sha256:2c3e36a6b146311d2cfa6b6d72f3882a8af9ac4b3aaa9f1df3169760db5c02c7 - arm64: 8.32.7-r0-arm64@sha256:a2df1c987aefdaab8e42797623eb27e2c1e707c55c42a29e60a43e71dfd5bdf3 + amd64: 8.34.0-r0-amd64@sha256:3bcc7027c0dc12bf1bc15740b1b3b0c9a12c0ba54127130ad18cedd158c2eba9 + arm64: 8.34.0-r0-arm64@sha256:401f8e82872ce1abe4f1aaa2e655f987a3a5f47504043de798620bc93ef7ed3a From ded1e0499e96a02e8885a5a58e2cd0066dbfcfd4 Mon Sep 17 00:00:00 2001 From: replicated-ci-ec Date: Wed, 13 Nov 2024 12:05:54 +0000 Subject: [PATCH 3/9] chore: update seaweedfs images (#1492) Update image versions Co-authored-by: sgalsaleh <39952863+sgalsaleh@users.noreply.github.com> --- pkg/addons/seaweedfs/static/metadata.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/addons/seaweedfs/static/metadata.yaml b/pkg/addons/seaweedfs/static/metadata.yaml index d5db26e51..4d933f041 100644 --- a/pkg/addons/seaweedfs/static/metadata.yaml +++ b/pkg/addons/seaweedfs/static/metadata.yaml @@ -11,5 +11,5 @@ images: seaweedfs: repo: proxy.replicated.com/anonymous/replicated/ec-seaweedfs tag: - amd64: 3.79-r0-amd64@sha256:c0d881636d0532601ef40b4721811043ff3b7bda8d1fce3baf2242cbdd404438 - arm64: 3.79-r0-arm64@sha256:b8ce77bd7df62d100fbb4d46c21fe76f5b1b9fae6c15f9ce80b419ad3d2b6ae1 + amd64: 3.79-r0-amd64@sha256:35ab43061501726c1f585ddac5c58e648816c3506a2198d07d6f4cf755a99b38 + arm64: 3.79-r0-arm64@sha256:067a93a25fad6c84ae82fee5e7b300dec728dcb36fe96241084bead2b793eead From 73a36291c577f753cd93e0ec8b169a2a7eee3ff0 Mon Sep 17 00:00:00 2001 From: replicated-ci-ec Date: Wed, 13 Nov 2024 12:06:29 +0000 Subject: [PATCH 4/9] chore: update velero images (#1493) Update image versions Co-authored-by: sgalsaleh <39952863+sgalsaleh@users.noreply.github.com> --- pkg/addons/velero/static/metadata.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/addons/velero/static/metadata.yaml b/pkg/addons/velero/static/metadata.yaml index b31dc8b40..749563208 100644 --- a/pkg/addons/velero/static/metadata.yaml +++ b/pkg/addons/velero/static/metadata.yaml @@ -11,13 +11,13 @@ images: kubectl: repo: proxy.replicated.com/anonymous/replicated/ec-kubectl tag: - amd64: 1.31.2-r1-amd64@sha256:a0c7ac02a487c11b7d059da8de2265049449b9e2ebc5feac86532289b7c1fa76 - arm64: 1.31.2-r1-arm64@sha256:8e30ee747ae996f40114632f65e4d3810eae56f632f72d22a4bf903a3ddd5742 + amd64: 1.31.2-r1-amd64@sha256:ff86169e548c201461e584486c75736bc537fa67bf69eda6abb61fe07c510feb + arm64: 1.31.2-r1-arm64@sha256:11b83dbfde7f9b2d51206bf6616c558889086dc2326c29a306a5d9a8d1032848 velero: repo: proxy.replicated.com/anonymous/replicated/ec-velero tag: - amd64: 1.14.1-r1-amd64@sha256:52521e708a61c24fca30bd928cdf0f49e8201aca6cb48ad23f23a725bdafa495 - arm64: 1.14.1-r1-arm64@sha256:e8e75a4304fa06f43dce3aaa0d34df8fbbaed413eca1d39453859f8fedc876f9 + amd64: 1.14.1-r1-amd64@sha256:622683d49fef78b93db433d06cf7d9d8ff6ecfe5a463fcc0fed63ff2aabb9b06 + arm64: 1.14.1-r1-arm64@sha256:2f8e8d968bd9e19d23816b6f4e1a35aa85f920d3f0e8dcdeb971b46b6657ec4e velero-plugin-for-aws: repo: proxy.replicated.com/anonymous/replicated/ec-velero-plugin-for-aws tag: From 3f4d8bd048a102bd2692b7ec2ecef1759b3e1819 Mon Sep 17 00:00:00 2001 From: replicated-ci-ec Date: Wed, 13 Nov 2024 12:07:00 +0000 Subject: [PATCH 5/9] chore: update openebs images (#1494) Update image versions Co-authored-by: sgalsaleh <39952863+sgalsaleh@users.noreply.github.com> --- pkg/addons/openebs/static/metadata.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/addons/openebs/static/metadata.yaml b/pkg/addons/openebs/static/metadata.yaml index 8dc771c3b..151afdba7 100644 --- a/pkg/addons/openebs/static/metadata.yaml +++ b/pkg/addons/openebs/static/metadata.yaml @@ -11,15 +11,15 @@ images: kubectl: repo: proxy.replicated.com/anonymous/replicated/ec-kubectl tag: - amd64: 1.31.2-r1-amd64@sha256:a0c7ac02a487c11b7d059da8de2265049449b9e2ebc5feac86532289b7c1fa76 - arm64: 1.31.2-r1-arm64@sha256:8e30ee747ae996f40114632f65e4d3810eae56f632f72d22a4bf903a3ddd5742 + amd64: 1.31.2-r1-amd64@sha256:ff86169e548c201461e584486c75736bc537fa67bf69eda6abb61fe07c510feb + arm64: 1.31.2-r1-arm64@sha256:11b83dbfde7f9b2d51206bf6616c558889086dc2326c29a306a5d9a8d1032848 openebs-linux-utils: repo: proxy.replicated.com/anonymous/replicated/ec-openebs-linux-utils tag: - amd64: 4.1.1-amd64@sha256:7d9a5141295411688da70fc226be8f7ead1190c91e214fa5f1e4c0b5c2baaa74 - arm64: 4.1.1-arm64@sha256:d882aa74433c582650b21cabf361660de6ef11601ed57400aa1ac7fb2f727eee + amd64: 4.1.1-amd64@sha256:01fb0149627bbe5af78541ff477542314b6e17e1b82cff79047a062de89d2d16 + arm64: 4.1.1-arm64@sha256:be1d3a6b9cf3be529ccb8687670311b5db9a312e553d930b034941c85b26e107 openebs-provisioner-localpv: repo: proxy.replicated.com/anonymous/replicated/ec-openebs-provisioner-localpv tag: - amd64: 4.1.1-r1-amd64@sha256:d9644f94daf42a28216a3b632d4cbf44b7e7e6fbfcea8ff7a0de5c611efe6ba2 - arm64: 4.1.1-r1-arm64@sha256:31b8cc13e7c0f0bf1131ce34b1c9cdf45e9a4de1ae0eabfde03a9b5e986556d6 + amd64: 4.1.1-r1-amd64@sha256:1388244c8ae9e1415f6225fbcf6d16ab7bfd862085ea070517af1820316bef13 + arm64: 4.1.1-r1-arm64@sha256:a682a555b768c425d1ed8ddab70f7ebf43ae87a85b2e87d696e9d71667e65242 From d44af2b582551856aff03d08723dff1c1d7275ab Mon Sep 17 00:00:00 2001 From: Ricardo Maraschini Date: Wed, 13 Nov 2024 16:14:20 +0100 Subject: [PATCH 6/9] feat: enable ip_forward, disable arp_ignore arp_filter (#1484) * feat: enable ip_forward, disable arp_ignore arp_filter we are now enabling ip_forward on the node, this is required for the embedded-cluster to work properly. we are also disabling arp_ignore and arp_filter to make sure the system is prepared for calico. * chore: do not fail if unable to config sysctl * feat: does not fail if unable to write sysctl config we only fail if the sysctl binary is not present on the system as we know that preflights depend on it. if we fail to configure sysctl we just move on as the preflights are expected to fail later on. * feat: config sysctl on 'run-prelights' command we need to configure sysctl before running the preflights. * chore: add unit tests for the new functions added unit tests around the sysctl configuation functions. --- pkg/cmd/install.go | 6 ++++ pkg/cmd/join.go | 5 +++ pkg/cmd/preflights.go | 9 +++++ pkg/cmd/reset.go | 4 +++ pkg/cmd/restore.go | 5 +++ pkg/configutils/runtime.go | 29 ++++++++++++++++ pkg/configutils/runtime_test.go | 41 +++++++++++++++++++++++ pkg/goods/goods.go | 2 ++ pkg/goods/materializer.go | 12 +++++++ pkg/goods/materializer_test.go | 34 +++++++++++++++++++ pkg/goods/static/99-embedded-cluster.conf | 11 ++++++ 11 files changed, 158 insertions(+) create mode 100644 pkg/configutils/runtime_test.go create mode 100644 pkg/goods/materializer_test.go create mode 100644 pkg/goods/static/99-embedded-cluster.conf diff --git a/pkg/cmd/install.go b/pkg/cmd/install.go index fc8e61940..e9b143fde 100644 --- a/pkg/cmd/install.go +++ b/pkg/cmd/install.go @@ -781,6 +781,12 @@ func installCommand() *cli.Command { } metrics.ReportApplyStarted(c) + + logrus.Debugf("configuring sysctl") + if err := configutils.ConfigureSysctl(provider); err != nil { + return fmt.Errorf("unable to configure sysctl: %w", err) + } + logrus.Debugf("configuring network manager") if err := configureNetworkManager(c, provider); err != nil { return fmt.Errorf("unable to configure network manager: %w", err) diff --git a/pkg/cmd/join.go b/pkg/cmd/join.go index 0b317e22a..405a959cb 100644 --- a/pkg/cmd/join.go +++ b/pkg/cmd/join.go @@ -249,6 +249,11 @@ var joinCommand = &cli.Command{ return err } + logrus.Debugf("configuring sysctl") + if err := configutils.ConfigureSysctl(provider); err != nil { + return fmt.Errorf("unable to configure sysctl: %w", err) + } + // jcmd.InstallationSpec.MetricsBaseURL is the replicated.app endpoint url replicatedAPIURL := jcmd.InstallationSpec.MetricsBaseURL proxyRegistryURL := fmt.Sprintf("https://%s", defaults.ProxyRegistryAddress) diff --git a/pkg/cmd/preflights.go b/pkg/cmd/preflights.go index 693bd9015..5d2138396 100644 --- a/pkg/cmd/preflights.go +++ b/pkg/cmd/preflights.go @@ -6,6 +6,7 @@ import ( "strings" ecv1beta1 "github.com/replicatedhq/embedded-cluster/kinds/apis/v1beta1" + "github.com/replicatedhq/embedded-cluster/pkg/configutils" "github.com/replicatedhq/embedded-cluster/pkg/defaults" "github.com/replicatedhq/embedded-cluster/pkg/versions" "github.com/sirupsen/logrus" @@ -79,6 +80,10 @@ func installRunPreflightsCommand() *cli.Command { return err } + if err := configutils.ConfigureSysctl(provider); err != nil { + return err + } + applier, err := getAddonsApplier(c, runtimeConfig, "", proxy) if err != nil { return err @@ -170,6 +175,10 @@ var joinRunPreflightsCommand = &cli.Command{ return err } + if err := configutils.ConfigureSysctl(provider); err != nil { + return err + } + applier, err := getAddonsApplier(c, jcmd.InstallationSpec.RuntimeConfig, "", jcmd.InstallationSpec.Proxy) if err != nil { return err diff --git a/pkg/cmd/reset.go b/pkg/cmd/reset.go index 3d02759c5..d779d797c 100644 --- a/pkg/cmd/reset.go +++ b/pkg/cmd/reset.go @@ -501,6 +501,10 @@ func resetCommand() *cli.Command { return fmt.Errorf("failed to remove embedded cluster data config: %w", err) } + if err := helpers.RemoveAll("/etc/sysctl.d/99-embedded-cluster.conf"); err != nil { + return fmt.Errorf("failed to remove embedded cluster sysctl config: %w", err) + } + if _, err := helpers.RunCommand("reboot"); err != nil { return err } diff --git a/pkg/cmd/restore.go b/pkg/cmd/restore.go index df8a568cd..ec5e212b4 100644 --- a/pkg/cmd/restore.go +++ b/pkg/cmd/restore.go @@ -969,6 +969,11 @@ func restoreCommand() *cli.Command { } } + logrus.Debugf("configuring sysctl") + if err := configutils.ConfigureSysctl(provider); err != nil { + return fmt.Errorf("unable to configure sysctl: %w", err) + } + proxy, err := getProxySpecFromFlags(c) if err != nil { return fmt.Errorf("unable to get proxy spec from flags: %w", err) diff --git a/pkg/configutils/runtime.go b/pkg/configutils/runtime.go index a0342893b..67f88e1ac 100644 --- a/pkg/configutils/runtime.go +++ b/pkg/configutils/runtime.go @@ -3,14 +3,22 @@ package configutils import ( "fmt" "os" + "os/exec" "path/filepath" "github.com/replicatedhq/embedded-cluster/kinds/apis/v1beta1" "github.com/replicatedhq/embedded-cluster/pkg/defaults" + "github.com/replicatedhq/embedded-cluster/pkg/goods" "github.com/replicatedhq/embedded-cluster/pkg/helpers" + "github.com/sirupsen/logrus" "sigs.k8s.io/yaml" ) +// sysctlConfigPath is the path to the sysctl config file that is used to configure +// the embedded cluster. This could have been a constant but we want to be able to +// override it for testing purposes. +var sysctlConfigPath = "/etc/sysctl.d/99-embedded-cluster.conf" + func WriteRuntimeConfig(spec *v1beta1.RuntimeConfigSpec) error { if spec == nil { return nil @@ -57,3 +65,24 @@ func ReadRuntimeConfig() (*v1beta1.RuntimeConfigSpec, error) { return &spec, nil } + +// ConfigureSysctl writes the sysctl config file for the embedded cluster and +// reloads the sysctl configuration. This function has a distinct behavior: if +// the sysctl binary does not exist it returns an error but if it fails to lay +// down the sysctl config on disk it simply returns nil. +func ConfigureSysctl(provider *defaults.Provider) error { + if _, err := exec.LookPath("sysctl"); err != nil { + return fmt.Errorf("unable to find sysctl binary: %w", err) + } + + materializer := goods.NewMaterializer(provider) + if err := materializer.SysctlConfig(sysctlConfigPath); err != nil { + logrus.Debugf("unable to materialize sysctl config: %v", err) + return nil + } + + if _, err := helpers.RunCommand("sysctl", "--system"); err != nil { + logrus.Debugf("unable to configure sysctl: %v", err) + } + return nil +} diff --git a/pkg/configutils/runtime_test.go b/pkg/configutils/runtime_test.go new file mode 100644 index 000000000..9746de38d --- /dev/null +++ b/pkg/configutils/runtime_test.go @@ -0,0 +1,41 @@ +package configutils + +import ( + "os" + "path/filepath" + "testing" + + "github.com/replicatedhq/embedded-cluster/pkg/defaults" + "github.com/stretchr/testify/assert" +) + +func TestConfigureSysctl(t *testing.T) { + basedir, err := os.MkdirTemp("", "embedded-cluster-test-base-dir") + assert.NoError(t, err) + defer os.RemoveAll(basedir) + + orig := sysctlConfigPath + defer func() { + sysctlConfigPath = orig + }() + + provider := defaults.NewProvider(basedir) + + // happy path. + dstdir, err := os.MkdirTemp("", "embedded-cluster-test") + assert.NoError(t, err) + defer os.RemoveAll(dstdir) + + sysctlConfigPath = filepath.Join(dstdir, "sysctl.conf") + err = ConfigureSysctl(provider) + assert.NoError(t, err) + + // check that the file exists. + _, err = os.Stat(sysctlConfigPath) + assert.NoError(t, err) + + // now use a non-existing directory. + sysctlConfigPath = filepath.Join(dstdir, "non-existing-dir", "sysctl.conf") + // we do not expect an error here. + assert.NoError(t, err) +} diff --git a/pkg/goods/goods.go b/pkg/goods/goods.go index aec8bfff4..c23481d16 100644 --- a/pkg/goods/goods.go +++ b/pkg/goods/goods.go @@ -20,6 +20,8 @@ var ( systemdfs embed.FS //go:embed internal/bins/* internalBinfs embed.FS + //go:embed static/* + staticfs embed.FS ) // K0sBinarySHA256 returns the SHA256 checksum of the embedded k0s binary. diff --git a/pkg/goods/materializer.go b/pkg/goods/materializer.go index 40acb5186..22aff7d99 100644 --- a/pkg/goods/materializer.go +++ b/pkg/goods/materializer.go @@ -76,6 +76,18 @@ func (m *Materializer) CalicoNetworkManagerConfig() error { return nil } +// SysctlConfig writes the embedded sysctl config to the /etc/sysctl.d directory. +func (m *Materializer) SysctlConfig(dstpath string) error { + content, err := staticfs.ReadFile("static/99-embedded-cluster.conf") + if err != nil { + return fmt.Errorf("unable to open embedded sysctl config file: %w", err) + } + if err := os.WriteFile(dstpath, content, 0644); err != nil { + return fmt.Errorf("unable to write file: %w", err) + } + return nil +} + // Materialize writes to disk all embedded assets. func (m *Materializer) Materialize() error { if err := m.Binaries(); err != nil { diff --git a/pkg/goods/materializer_test.go b/pkg/goods/materializer_test.go new file mode 100644 index 000000000..dffb1301f --- /dev/null +++ b/pkg/goods/materializer_test.go @@ -0,0 +1,34 @@ +package goods + +import ( + "os" + "path/filepath" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestMaterializer_SysctlConfig(t *testing.T) { + m := NewMaterializer(nil) + + // happy path. + dstdir, err := os.MkdirTemp("", "embedded-cluster-test") + assert.NoError(t, err) + defer os.RemoveAll(dstdir) + + dstpath := filepath.Join(dstdir, "sysctl.conf") + err = m.SysctlConfig(dstpath) + assert.NoError(t, err) + + expected, err := os.ReadFile(dstpath) + assert.NoError(t, err) + + content, err := staticfs.ReadFile("static/99-embedded-cluster.conf") + assert.NoError(t, err) + assert.Equal(t, string(expected), string(content)) + + // write to a non-existent directory. + dstpath = filepath.Join(dstdir, "dir-does-not-exist", "sysctl.conf") + err = m.SysctlConfig(dstpath) + assert.Contains(t, err.Error(), "no such file or directory") +} diff --git a/pkg/goods/static/99-embedded-cluster.conf b/pkg/goods/static/99-embedded-cluster.conf new file mode 100644 index 000000000..bac2af917 --- /dev/null +++ b/pkg/goods/static/99-embedded-cluster.conf @@ -0,0 +1,11 @@ +# this entry enables ip forwarding. this feature is necessary as embedded +# cluster creates virtual network interfaces and need the traffic among them to +# be forwarded. +net.ipv4.ip_forward = 1 + +# arp filter and ignore need to be disabled otherwise we can't have arp +# resolving across the calico network interfaces. +net.ipv4.conf.default.arp_filter = 0 +net.ipv4.conf.default.arp_ignore = 0 +net.ipv4.conf.all.arp_filter = 0 +net.ipv4.conf.all.arp_ignore = 0 From f805a169c53ddbef7d4797bbeb0cc155495390cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Antunes?= Date: Wed, 13 Nov 2024 17:07:17 +0000 Subject: [PATCH 7/9] feat(preflights): add arp filtering related preflights (#1454) * feat(preflights): add arp filtering related preflights * chore: change to the soon to be added sysctl collector and analyzer * chore: remove the e2e tests (which are now covered in troubleshoot) * fix: individual arp preflights * chore: bump troubleshoot * Update messages and slightly change order * chore: add pass analyzers to arp preflights --------- Co-authored-by: Alex Parker <7272359+ajp-io@users.noreply.github.com> --- Makefile | 2 +- go.mod | 2 +- go.sum | 4 ++-- pkg/preflights/host-preflight.yaml | 37 ++++++++++++++++++++++++++++++ 4 files changed, 41 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 32eac0f5b..75305d1fc 100644 --- a/Makefile +++ b/Makefile @@ -15,7 +15,7 @@ K0S_GO_VERSION = v1.30.5+k0s.0 PREVIOUS_K0S_VERSION ?= v1.29.9+k0s.0-ec.0 PREVIOUS_K0S_GO_VERSION ?= v1.29.9+k0s.0 K0S_BINARY_SOURCE_OVERRIDE = -TROUBLESHOOT_VERSION = v0.107.4 +TROUBLESHOOT_VERSION = v0.109.0 KOTS_VERSION = v$(shell awk '/^version/{print $$2}' pkg/addons/adminconsole/static/metadata.yaml | sed -E 's/([0-9]+\.[0-9]+\.[0-9]+).*/\1/') # When updating KOTS_BINARY_URL_OVERRIDE, also update the KOTS_VERSION above or diff --git a/go.mod b/go.mod index d4ef81dc4..99bd1abd6 100644 --- a/go.mod +++ b/go.mod @@ -31,7 +31,7 @@ require ( github.com/replicatedhq/embedded-cluster/kinds v0.0.0 github.com/replicatedhq/embedded-cluster/utils v0.0.0 github.com/replicatedhq/kotskinds v0.0.0-20240814191029-3f677ee409a0 - github.com/replicatedhq/troubleshoot v0.108.1 + github.com/replicatedhq/troubleshoot v0.109.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.8.1 github.com/spf13/viper v1.19.0 diff --git a/go.sum b/go.sum index 17ff8e76d..04edf88cf 100644 --- a/go.sum +++ b/go.sum @@ -907,8 +907,8 @@ github.com/redis/go-redis/v9 v9.5.2 h1:L0L3fcSNReTRGyZ6AqAEN0K56wYeYAwapBIhkvh0f github.com/redis/go-redis/v9 v9.5.2/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M= github.com/replicatedhq/kotskinds v0.0.0-20240814191029-3f677ee409a0 h1:Gi+Fs6583v7GmgQKJyaZuBzcih0z5YXBREDQ8AWY2JM= github.com/replicatedhq/kotskinds v0.0.0-20240814191029-3f677ee409a0/go.mod h1:QjhIUu3+OmHZ09u09j3FCoTt8F3BYtQglS+OLmftu9I= -github.com/replicatedhq/troubleshoot v0.108.1 h1:Yri05zhzIZRrbSYWsvCWjpcp8KzNj2GfrfQRLnZH9UU= -github.com/replicatedhq/troubleshoot v0.108.1/go.mod h1:mxf8uoKpyFhaYfR3NV1iPwztBf8XWP0B/JpxamZ1UJY= +github.com/replicatedhq/troubleshoot v0.109.0 h1:lw81hf/lD9/YPj+VOyGdDnw7FSCJkignPQYLVpjnl2k= +github.com/replicatedhq/troubleshoot v0.109.0/go.mod h1:mxf8uoKpyFhaYfR3NV1iPwztBf8XWP0B/JpxamZ1UJY= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= diff --git a/pkg/preflights/host-preflight.yaml b/pkg/preflights/host-preflight.yaml index 546a45c7b..a3d68d7ff 100644 --- a/pkg/preflights/host-preflight.yaml +++ b/pkg/preflights/host-preflight.yaml @@ -148,6 +148,7 @@ spec: exclude: '{{ eq .GlobalCIDR.CIDR "" }}' CIDRRangeAlloc: '{{ .GlobalCIDR.CIDR }}' desiredCIDR: {{.GlobalCIDR.Size}} + - sysctl: {} analyzers: - cpu: checkName: CPU @@ -834,3 +835,39 @@ spec: - pass: when: "a-subnet-is-available" message: Specified CIDR is available. + - sysctl: + checkName: "ARP Filter default value for newly created interfaces" + outcomes: + - fail: + when: 'net.ipv4.conf.default.arp_filter > 0' + message: "ARP filtering must be disabled by default for newly created interfaces on the host. To disable it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.default.arp_filter=0', and run 'sudo sysctl -p'." + - pass: + when: 'net.ipv4.conf.default.arp_filter == 0' + message: "ARP filtering is disabled by default for newly created interfaces on the host." + - sysctl: + checkName: "ARP Filter value for all interfaces" + outcomes: + - fail: + when: 'net.ipv4.conf.all.arp_filter > 0' + message: "ARP filtering must be disabled for all interfaces on the host. To disable it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.all.arp_filter=0', and run 'sudo sysctl -p'." + - pass: + when: 'net.ipv4.conf.all.arp_filter == 0' + message: "ARP filtering is disabled for all interfaces on the host." + - sysctl: + checkName: "ARP Ignore default value for newly created interfaces" + outcomes: + - fail: + when: 'net.ipv4.conf.default.arp_ignore > 0' + message: "ARP ignore must be disabled by default for newly created interfaces on the host. To disable it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.default.arp_ignore=0', and run 'sudo sysctl -p'." + - pass: + when: 'net.ipv4.conf.default.arp_ignore == 0' + message: "ARP ignore is disabled by default for newly created interfaces on the host." + - sysctl: + checkName: "ARP Ignore value for all interfaces" + outcomes: + - fail: + when: 'net.ipv4.conf.all.arp_ignore > 0' + message: "ARP ignore must be disabled for all interfaces on the host. To disable it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.all.arp_ignore=0', and run 'sudo sysctl -p'." + - pass: + when: 'net.ipv4.conf.all.arp_ignore == 0' + message: "ARP ignore is disabled for all interfaces on the host." From 69cac01994d5618237dcd72ced9b3e670eb9946c Mon Sep 17 00:00:00 2001 From: Ethan Mosbaugh Date: Wed, 13 Nov 2024 13:18:57 -0600 Subject: [PATCH 8/9] chore: fix message when join node is not included in the no-proxy addresses (#1496) --- pkg/cmd/join.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkg/cmd/join.go b/pkg/cmd/join.go index 405a959cb..5b8f9176a 100644 --- a/pkg/cmd/join.go +++ b/pkg/cmd/join.go @@ -224,7 +224,10 @@ var joinCommand = &cli.Command{ return fmt.Errorf("failed to check proxy config for local IP: %w", err) } if !proxyOK { - return fmt.Errorf("no-proxy config %q does not allow access to local IP %q", jcmd.InstallationSpec.Proxy.NoProxy, localIP) + logrus.Errorf("This node's IP address %s is not included in the no-proxy list (%s).", localIP, jcmd.InstallationSpec.Proxy.NoProxy) + logrus.Infof(`The no-proxy list cannot easily be modified after initial installation.`) + logrus.Infof(`Recreate the first node and pass all node IP addresses to --no-proxy.`) + return ErrNothingElseToAdd } isAirgap := c.String("airgap-bundle") != "" From 0bc1fd77bfd9ba8d13270c9579cd6f69bf611bcf Mon Sep 17 00:00:00 2001 From: Alex Parker <7272359+ajp-io@users.noreply.github.com> Date: Thu, 14 Nov 2024 06:46:41 -0500 Subject: [PATCH 9/9] Use warn function when doing online install after downloading air gap (#1497) Use warn function --- pkg/cmd/install.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/cmd/install.go b/pkg/cmd/install.go index e9b143fde..cb1990d13 100644 --- a/pkg/cmd/install.go +++ b/pkg/cmd/install.go @@ -773,7 +773,7 @@ func installCommand() *cli.Command { if channelRelease, err := release.GetChannelRelease(); err != nil { return fmt.Errorf("unable to read channel release data: %w", err) } else if channelRelease != nil && channelRelease.Airgap && c.String("airgap-bundle") == "" && !c.Bool("no-prompt") { - logrus.Infof("You downloaded an air gap bundle but are performing an online installation.") + logrus.Warnf("You downloaded an air gap bundle but are performing an online installation.") logrus.Infof("To do an air gap installation, pass the air gap bundle with --airgap-bundle.") if !prompts.New().Confirm("Do you want to proceed with an online installation?", false) { return ErrNothingElseToAdd