Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(preflights): add arp filtering related preflights #1454

Merged
merged 7 commits into from
Nov 13, 2024
Merged

feat(preflights): add arp filtering related preflights #1454

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
518af2d
feat(preflights): add arp filtering related preflights
JGAntunes Nov 5, 2024
514b33a
chore: change to the soon to be added sysctl collector and analyzer
JGAntunes Nov 8, 2024
0d58f62
chore: remove the e2e tests (which are now covered in troubleshoot)
JGAntunes Nov 8, 2024
40faa3f
fix: individual arp preflights
JGAntunes Nov 11, 2024
3bb1fef
chore: bump troubleshoot
JGAntunes Nov 11, 2024
a5c30aa
Update messages and slightly change order
ajp-io Nov 12, 2024
3735481
chore: add pass analyzers to arp preflights
JGAntunes Nov 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ K0S_GO_VERSION = v1.30.5+k0s.0
PREVIOUS_K0S_VERSION ?= v1.29.9+k0s.0-ec.0
PREVIOUS_K0S_GO_VERSION ?= v1.29.9+k0s.0
K0S_BINARY_SOURCE_OVERRIDE =
TROUBLESHOOT_VERSION = v0.107.4
TROUBLESHOOT_VERSION = v0.109.0

KOTS_VERSION = v$(shell awk '/^version/{print $$2}' pkg/addons/adminconsole/static/metadata.yaml | sed -E 's/([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
# When updating KOTS_BINARY_URL_OVERRIDE, also update the KOTS_VERSION above or
Expand Down
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ require (
github.com/replicatedhq/embedded-cluster/kinds v0.0.0
github.com/replicatedhq/embedded-cluster/utils v0.0.0
github.com/replicatedhq/kotskinds v0.0.0-20240814191029-3f677ee409a0
github.com/replicatedhq/troubleshoot v0.108.1
github.com/replicatedhq/troubleshoot v0.109.0
github.com/sirupsen/logrus v1.9.3
github.com/spf13/cobra v1.8.1
github.com/spf13/viper v1.19.0
Expand Down
4 changes: 2 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -907,8 +907,8 @@ github.com/redis/go-redis/v9 v9.5.2 h1:L0L3fcSNReTRGyZ6AqAEN0K56wYeYAwapBIhkvh0f
github.com/redis/go-redis/v9 v9.5.2/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
github.com/replicatedhq/kotskinds v0.0.0-20240814191029-3f677ee409a0 h1:Gi+Fs6583v7GmgQKJyaZuBzcih0z5YXBREDQ8AWY2JM=
github.com/replicatedhq/kotskinds v0.0.0-20240814191029-3f677ee409a0/go.mod h1:QjhIUu3+OmHZ09u09j3FCoTt8F3BYtQglS+OLmftu9I=
github.com/replicatedhq/troubleshoot v0.108.1 h1:Yri05zhzIZRrbSYWsvCWjpcp8KzNj2GfrfQRLnZH9UU=
github.com/replicatedhq/troubleshoot v0.108.1/go.mod h1:mxf8uoKpyFhaYfR3NV1iPwztBf8XWP0B/JpxamZ1UJY=
github.com/replicatedhq/troubleshoot v0.109.0 h1:lw81hf/lD9/YPj+VOyGdDnw7FSCJkignPQYLVpjnl2k=
github.com/replicatedhq/troubleshoot v0.109.0/go.mod h1:mxf8uoKpyFhaYfR3NV1iPwztBf8XWP0B/JpxamZ1UJY=
github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
Expand Down
37 changes: 37 additions & 0 deletions pkg/preflights/host-preflight.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ spec:
exclude: '{{ eq .GlobalCIDR.CIDR "" }}'
CIDRRangeAlloc: '{{ .GlobalCIDR.CIDR }}'
desiredCIDR: {{.GlobalCIDR.Size}}
- sysctl: {}
analyzers:
- cpu:
checkName: CPU
Expand Down Expand Up @@ -834,3 +835,39 @@ spec:
- pass:
when: "a-subnet-is-available"
message: Specified CIDR is available.
- sysctl:
checkName: "ARP Filter default value for newly created interfaces"
outcomes:
- fail:
when: 'net.ipv4.conf.default.arp_filter > 0'
message: "ARP filtering must be disabled by default for newly created interfaces on the host. To disable it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.default.arp_filter=0', and run 'sudo sysctl -p'."
- pass:
when: 'net.ipv4.conf.default.arp_filter == 0'
message: "ARP filtering is disabled by default for newly created interfaces on the host."
- sysctl:
checkName: "ARP Filter value for all interfaces"
outcomes:
- fail:
when: 'net.ipv4.conf.all.arp_filter > 0'
message: "ARP filtering must be disabled for all interfaces on the host. To disable it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.all.arp_filter=0', and run 'sudo sysctl -p'."
- pass:
when: 'net.ipv4.conf.all.arp_filter == 0'
message: "ARP filtering is disabled for all interfaces on the host."
- sysctl:
checkName: "ARP Ignore default value for newly created interfaces"
outcomes:
- fail:
when: 'net.ipv4.conf.default.arp_ignore > 0'
message: "ARP ignore must be disabled by default for newly created interfaces on the host. To disable it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.default.arp_ignore=0', and run 'sudo sysctl -p'."
- pass:
when: 'net.ipv4.conf.default.arp_ignore == 0'
message: "ARP ignore is disabled by default for newly created interfaces on the host."
- sysctl:
checkName: "ARP Ignore value for all interfaces"
outcomes:
- fail:
when: 'net.ipv4.conf.all.arp_ignore > 0'
message: "ARP ignore must be disabled for all interfaces on the host. To disable it, edit /etc/sysctl.conf, add the line 'net.ipv4.conf.all.arp_ignore=0', and run 'sudo sysctl -p'."
- pass:
when: 'net.ipv4.conf.all.arp_ignore == 0'
message: "ARP ignore is disabled for all interfaces on the host."
Loading