From d3300696c9b204066a632e3da0f1d89bd7dea198 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Fri, 15 Sep 2023 08:52:49 +0900 Subject: [PATCH] Support Rocky Linux 9 hosts Signed-off-by: Akihiro Suda --- Makefile.d/check-preflight.sh | 13 ++++++++++++- README.md | 23 +++++++++++++++++++---- docker-compose.yaml | 5 +++++ hack/init-host.root.sh | 28 ++++++++++++++++++++++++++-- 4 files changed, 62 insertions(+), 7 deletions(-) diff --git a/Makefile.d/check-preflight.sh b/Makefile.d/check-preflight.sh index 3978498..534b67f 100755 --- a/Makefile.d/check-preflight.sh +++ b/Makefile.d/check-preflight.sh @@ -10,6 +10,8 @@ function ERROR() { } : "${DOCKER:=docker}" +: "${QUICK:=0}" +: "${BUSYBOX_IMAGE:=busybox}" # Check hard dependency commands for f in make jq "${DOCKER}"; do @@ -59,8 +61,17 @@ else fi # Check kernel modules -for f in ip6_tables ip6table_nat ip_tables iptable_nat vxlan; do +for f in br_netfilter ip6_tables ip6table_nat ip_tables iptable_nat vxlan; do if ! grep -qw "^$f" /proc/modules; then WARNING "Kernel module \"${f}\" does not seem loaded? (negligible if built-in to the kernel)" fi done + +if [ "$QUICK" != "1" ]; then + # Check net.ipv4.conf.default.rp_filter in the daemon's network namespace. + # The value can be 0 (disabled) or 2 (loose), must not be 1 (strict). + if [ "$(${DOCKER} run --rm --net=host "${BUSYBOX_IMAGE}" sysctl -n net.ipv4.conf.default.rp_filter)" == "1" ]; then + ERROR "sysctl value \"net.ipv4.conf.default.rp_filter\" must be 0 (disabled) or 2 (loose) in the daemon's network namespace" + exit 1 + fi +fi diff --git a/README.md b/README.md index 8c015f9..87327ab 100644 --- a/README.md +++ b/README.md @@ -22,9 +22,10 @@ but Usernetes (Gen 2) supports creating a cluster with multiple hosts. ## Requirements -> **Note** -> -> Using Ubuntu 22.04 hosts is recommended. +- Host OS should be one of the following: + - Ubuntu 22.04 (recommended) + - Rocky Linux 9 + - AlmaLinux 9 - [Rootless Docker](https://rootlesscontaine.rs/getting-started/docker/): ```bash @@ -52,7 +53,21 @@ sudo systemctl daemon-reload - Kernel modules: ``` -sudo modprobe vxlan +sudo tee /etc/modules-load.d/usernetes.conf </dev/null +br_netfilter +vxlan +EOF + +sudo systemctl restart systemd-modules-load.service +``` + +- sysctl: +``` +cat tee /etc/sysctl.d/99-usernetes.conf </dev/null +net.ipv4.conf.default.rp_filter = 2 +EOF + +sudo sysctl --system ``` ## Usage diff --git a/docker-compose.yaml b/docker-compose.yaml index 9e17676..0a5ba00 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -32,6 +32,11 @@ services: environment: KUBECONFIG: /etc/kubernetes/admin.conf U7S_HOST_IP: ${U7S_HOST_IP} + sysctls: + - net.ipv4.ip_forward=1 + # In addition, `net.ipv4.conf.default.rp_filter` + # has to be set to 0 (disabled) or 2 (loose) + # in the daemon's network namespace. networks: default: ipam: diff --git a/hack/init-host.root.sh b/hack/init-host.root.sh index 20abb9c..8aca580 100755 --- a/hack/init-host.root.sh +++ b/hack/init-host.root.sh @@ -15,9 +15,33 @@ EOF systemctl daemon-reload fi +cat >/etc/modules-load.d/usernetes.conf </etc/sysctl.d/99-usernetes.conf </dev/null 2>&1; then - curl https://get.docker.com | sh + if grep -q centos /etc/os-release; then + # Works with Rocky and Alma too + dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo + dnf -y install docker-ce + else + curl https://get.docker.com | sh + fi fi systemctl disable --now docker -apt-get install -y uidmap make jq +if command -v dnf >/dev/null 2>&1; then + dnf install -y git shadow-utils make jq +else + apt-get install -y git uidmap make jq +fi