Improve ip6 system setup & utilities

2024-06-07 19:41:36 +00:00 · 2019-11-04 11:35:14 -07:00 · 2019-11-04 11:35:14 -07:00 · afa9422ad9
commit afa9422ad9
parent 9823f60605
3 changed files with 14 additions and 20 deletions
--- a/pkg/agent/run.go
+++ b/pkg/agent/run.go
@ -52,10 +52,6 @@ func run(ctx context.Context, cfg cmds.Agent, lb *loadbalancer.LoadBalancer) err
 		}
 	}

-	if err := syssetup.Configure(); err != nil {
-		return err
-	}
-
 	if err := tunnel.Setup(ctx, nodeConfig, lb.Update); err != nil {
 		return err
 	}
@ -90,6 +86,7 @@ func Run(ctx context.Context, cfg cmds.Agent) error {
 	if err := validate(); err != nil {
 		return err
 	}
+	syssetup.Configure()

 	if cfg.Rootless && !cfg.RootlessAlreadyUnshared {
 		if err := rootless.Rootless(cfg.DataDir); err != nil {
--- a/pkg/agent/syssetup/setup.go
+++ b/pkg/agent/syssetup/setup.go
@ -8,11 +8,6 @@ import (
 	"github.com/sirupsen/logrus"
 )

-var (
-	callIPTablesFile = "/proc/sys/net/bridge/bridge-nf-call-iptables"
-	forward          = "/proc/sys/net/ipv4/ip_forward"
-)
-
 func loadKernelModule(moduleName string) {
 	if _, err := os.Stat("/sys/module/" + moduleName); err == nil {
 		logrus.Infof("module %s was already loaded", moduleName)
@ -24,20 +19,19 @@ func loadKernelModule(moduleName string) {
 	}
 }

-func Configure() error {
-	loadKernelModule("br_netfilter")
-
-	if err := ioutil.WriteFile(callIPTablesFile, []byte("1"), 0640); err != nil {
-		logrus.Warnf("failed to write value 1 at %s: %v", callIPTablesFile, err)
-		return nil
-	}
-	if err := ioutil.WriteFile(forward, []byte("1"), 0640); err != nil {
-		logrus.Warnf("failed to write value 1 at %s: %v", forward, err)
-		return nil
+func enableSystemControl(file string) {
+	if err := ioutil.WriteFile(file, []byte("1"), 0640); err != nil {
+		logrus.Warnf("failed to write value 1 at %s: %v", file, err)
 	}
+}

+func Configure() {
 	loadKernelModule("overlay")
 	loadKernelModule("nf_conntrack")
+	loadKernelModule("br_netfilter")

-	return nil
+	enableSystemControl("/proc/sys/net/ipv4/ip_forward")
+	enableSystemControl("/proc/sys/net/ipv6/conf/all/forwarding")
+	enableSystemControl("/proc/sys/net/bridge/bridge-nf-call-iptables")
+	enableSystemControl("/proc/sys/net/bridge/bridge-nf-call-ip6tables")
 }
--- a/scripts/download
+++ b/scripts/download
@ -12,6 +12,9 @@ mkdir -p ${CHARTS_DIR}

 curl --compressed -sfL https://github.com/rancher/k3s-root/releases/download/${ROOT_VERSION}/k3s-root-${ARCH}.tar | tar xf -
 ln -sf pigz bin/unpigz
+for target in iptables iptables-save iptables-restore ip6tables ip6tables-save ip6tables-restore; do
+  ln -sf xtables-legacy-multi bin/$target
+done
 mkdir -p bin/aux && rm bin/mount && ln -sf ../busybox bin/aux/mount

 TRAEFIK_FILE=traefik-${TRAEFIK_VERSION}.tgz