Support Rocky Linux 9 and AlmaLinux 9 hosts

Makefile.d/check-preflight.sh

@@ -10,6 +10,8 @@ function ERROR() {
 }
 
 : "${DOCKER:=docker}"
+: "${QUICK:=0}"
+: "${BUSYBOX_IMAGE:=busybox}"
 
 # Check hard dependency commands
 for f in make jq "${DOCKER}"; do
@@ -59,8 +61,17 @@ else
 fi
 
 # Check kernel modules
-for f in ip6_tables ip6table_nat ip_tables iptable_nat vxlan; do
+for f in br_netfilter ip6_tables ip6table_nat ip_tables iptable_nat vxlan; do
 	if ! grep -qw "^$f" /proc/modules; then
 		WARNING "Kernel module \"${f}\" does not seem loaded? (negligible if built-in to the kernel)"
 	fi
 done
+
+if [ "$QUICK" != "1" ]; then
+	# Check net.ipv4.conf.default.rp_filter in the daemon's network namespace.
+	# The value can be 0 (disabled) or 2 (loose), must not be 1 (strict).
+	if [ "$(${DOCKER} run --rm --net=host "${BUSYBOX_IMAGE}" sysctl -n net.ipv4.conf.default.rp_filter)" == "1" ]; then
+		ERROR "sysctl value \"net.ipv4.conf.default.rp_filter\" must be 0 (disabled) or 2 (loose) in the daemon's network namespace"
+		exit 1
+	fi
+fi

README.md

@@ -22,9 +22,10 @@ but Usernetes (Gen 2) supports creating a cluster with multiple hosts.
 
 ## Requirements
 
-> **Note**
->
-> Using Ubuntu 22.04 hosts is recommended.
+- Host OS should be one of the following:
+  - Ubuntu 22.04 (recommended)
+  - Rocky Linux 9
+  - AlmaLinux 9
 
 - [Rootless Docker](https://rootlesscontaine.rs/getting-started/docker/):
 ```bash
@@ -52,7 +53,21 @@ sudo systemctl daemon-reload
 
 - Kernel modules:
 ```
-sudo modprobe vxlan
+sudo tee /etc/modules-load.d/usernetes.conf <<EOF >/dev/null
+br_netfilter
+vxlan
+EOF
+
+sudo systemctl restart systemd-modules-load.service
+```
+
+- sysctl:
+```
+cat tee /etc/sysctl.d/99-usernetes.conf <<EOF >/dev/null
+net.ipv4.conf.default.rp_filter = 2
+EOF
+
+sudo sysctl --system
 ```
 
 ## Usage

docker-compose.yaml

@@ -32,6 +32,11 @@ services:
     environment:
       KUBECONFIG: /etc/kubernetes/admin.conf
       U7S_HOST_IP: ${U7S_HOST_IP}
+    sysctls:
+      - net.ipv4.ip_forward=1
+      # In addition, `net.ipv4.conf.default.rp_filter`
+      # has to be set to 0 (disabled) or 2 (loose)
+      # in the daemon's network namespace.
 networks:
   default:
     ipam:

hack/init-host.root.sh

@@ -15,9 +15,33 @@ EOF
 	systemctl daemon-reload
 fi
 
+cat >/etc/modules-load.d/usernetes.conf <<EOF
+br_netfilter
+vxlan
+EOF
+systemctl restart systemd-modules-load.service
+
+cat >/etc/sysctl.d/99-usernetes.conf <<EOF
+# For VXLAN, net.ipv4.conf.default.rp_filter must not be 1 (strict) in the daemon's netns.
+# It may still remain 1 in the host netns, but there is no robust and simple way to
+# configure sysctl for the daemon's netns. So we are configuring it globally here.
+net.ipv4.conf.default.rp_filter = 2
+EOF
+sysctl --system
+
 if ! command -v dockerd-rootless-setuptool.sh >/dev/null 2>&1; then
-	curl https://get.docker.com | sh
+	if grep -q centos /etc/os-release; then
+		# Works with Rocky and Alma too
+		dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
+		dnf -y install docker-ce
+	else
+		curl https://get.docker.com | sh
+	fi
 fi
 systemctl disable --now docker
 
-apt-get install -y uidmap make jq
+if command -v dnf >/dev/null 2>&1; then
+	dnf install -y git shadow-utils make jq
+else
+	apt-get install -y git uidmap make jq
+fi