Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move primary interface sysctl config to netdog #2144

Merged
merged 3 commits into from
May 24, 2022
Merged

Move primary interface sysctl config to netdog #2144

merged 3 commits into from
May 24, 2022

Conversation

zmrow
Copy link
Contributor

@zmrow zmrow commented May 18, 2022
edited
Loading

Description of changes:

    systemd: rename var-run-tmpfiles to systemd-tmpfiles
    
    This renames var-run-tmpfiles to systemd-tmpfiles to better match
    convention in our other packages

    systemd: Add /etc/sysctl.d to tmpfiles
    
    This adds a line to `systemd-tmpfiles` to ensure that the
    `/etc/sysctl.d` directory is created at boot.

    Move primary interface sysctl config to netdog
    
    eth0 is not the default interface for all variants any longer.  This
    change removes the hardcoded `eth0` specific sysctls from default
    settings.  `netdog` is now responsible for setting these default sysctls
    for whatever the primary interface is for the platform.
    
    In order to do this, a new subcommand `prepare-primary-interface` is
    added to `netdog` and run via a oneshot service.  The command reads the
    primary interace from file (previously generated by `netdog`) and writes
    the sysctls for that interface to file in `/etc/sysctl.d`.  It then
    executes `systemd-sysctl`, which sets these sysctls.  Since all of this
    happens early in boot, a user is able to override these via API settings
    as usual.

Testing done:
Boot aws-k8s-1.19, aws-k8s-1.22, and metal-dev and ensure the sysctl file is written and sysctls are set:

bash-5.1# cat /etc/sysctl.d/90-primary_interface.conf 
net.ipv6.conf.eth0.accept_ra = 2
net.ipv4.conf.eth0.rp_filter = 2

bash-5.1# sysctl net.ipv6.conf.eth0.accept_ra
net.ipv6.conf.eth0.accept_ra = 2

bash-5.1# sysctl net.ipv4.conf.eth0.rp_filter
net.ipv4.conf.eth0.rp_filter = 2

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

@zmrow zmrow requested review from bcressey and etungsten May 18, 2022 22:06
@zmrow zmrow changed the title Move eth0 specific sysctls to default settings Move eth0 specific sysctls to default settings May 18, 2022
bcressey
bcressey reviewed May 19, 2022
View reviewed changes
Copy link
Contributor

@bcressey bcressey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What takes care of applying the equivalent of this change to the primary interface on metal hosts? It feels kind of rough to expect the admin to discover they also need to add these sysctl settings.

Since we have the concept of primary interface in netdog now, I'd prefer letting netdog own this via a new oneshot service that runs at the right point in the boot sequence: after /proc/sys/net/ipv4/conf/<primary> exists; before settings are applied so that sysctl settings can still be used to override the defaults.

sources/models/shared-defaults/eth0-sysctls.toml Outdated Show resolved Hide resolved
sources/models/src/aws-dev/defaults.d/15-eth0-sysctls.toml Outdated Show resolved Hide resolved
@zmrow zmrow changed the title Move eth0 specific sysctls to default settings Move primary interface sysctl config to netdog May 20, 2022
bcressey
bcressey reviewed May 23, 2022
View reviewed changes
packages/systemd/systemd-tmpfiles.conf Show resolved Hide resolved
sources/api/netdog/src/main.rs Outdated Show resolved Hide resolved
sources/api/netdog/src/main.rs Outdated Show resolved Hide resolved
zmrow added 3 commits May 24, 2022 15:57
@zmrow
systemd: rename var-run-tmpfiles to systemd-tmpfiles
4a8bda0 
This renames var-run-tmpfiles to systemd-tmpfiles to better match
convention in our other packages.
@zmrow
systemd: Add /etc/sysctl.d to tmpfiles
131ecd7 
This adds a line to `systemd-tmpfiles` to ensure that the
`/etc/sysctl.d` directory is created at boot.
@zmrow
Move primary interface sysctl config to netdog
cd5b7c9 
eth0 is not the default interface for all variants any longer.  This
change removes the hardcoded `eth0` specific sysctls from default
settings.  `netdog` is now responsible for setting these default sysctls
for whatever the primary interface is for the platform.

In order to do this, a new subcommand `prepare-primary-interface` is
added to `netdog` and run via a oneshot service.  The command reads the
primary interace from file (previously generated by `netdog`) and writes
the sysctls for that interface to file in `/etc/sysctl.d`.  It then
executes `systemd-sysctl`, which sets these sysctls.  Since all of this
happens early in boot, a user is able to override these via API settings
as usual.
@zmrow
Copy link
Contributor Author

zmrow commented May 24, 2022

^ Fixes per @bcressey 's suggestions

@zmrow zmrow requested a review from bcressey May 24, 2022 16:22
@zmrow zmrow merged commit d21174d into bottlerocket-os:develop May 24, 2022
@zmrow zmrow deleted the eth0-sysctl branch May 24, 2022 20:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cbgbt cbgbt cbgbt approved these changes

@bcressey bcressey bcressey approved these changes

@webern webern Awaiting requested review from webern

@etungsten etungsten Awaiting requested review from etungsten

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@zmrow @bcressey @cbgbt @etungsten