Skip to content

Commit cadb51e

Browse files
tibordptibordp
committed
fix: Make sure swap (zram) is disabled on Fedora 36
1 parent 5424378 commit cadb51e

File tree

3 files changed

+58
-45
lines changed

3 files changed

+58
-45
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ The module should work on most major RPM and DEB distros. It been tested on thes
7676
- Centos Stream 8 (`centos-stream-8`)
7777
- Centos Stream 9 (`centos-stream-9`)
7878
- Rocky Linux 8 (`rocky-8`)
79-
- Fedora 35 (`fedora-35`, needs to be passed by ID as it is deprecated - [see issue](https://github.com/hetznercloud/terraform-provider-hcloud/issues/527))
79+
- Fedora 36 (`fedora-36`)
8080

8181
Others may work as well, but have not been tested.
8282

modules/kubernetes-node/scripts/prepare-node.sh.tpl

Lines changed: 53 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,11 @@
11
#!/bin/bash
22
set -euo pipefail
33

4+
if [ "$EUID" -ne 0 ]; then
5+
echo "This script must be run as root"
6+
exit 1
7+
fi
8+
49
os_id="$(. /etc/os-release && echo $ID)"
510
if [ -f "/etc/debian_version" ]; then
611
is_debian_like=1
@@ -11,22 +16,22 @@ fi
1116
install_prerequisites() {
1217
if [ $is_debian_like == 1 ]; then
1318
# Install prerequisites
14-
sudo apt-get -qq update
15-
sudo apt-get -qq install apt-transport-https ca-certificates curl gnupg lsb-release ipvsadm wireguard apparmor
16-
curl -fsSL https://download.docker.com/linux/$os_id/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
17-
curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor -o /usr/share/keyrings/kubernetes-archive-keyring.gpg
18-
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/$os_id $(lsb_release -cs) stable" | \
19-
sudo tee /etc/apt/sources.list.d/docker.list >/dev/null
20-
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | \
21-
sudo tee /etc/apt/sources.list.d/kubernetes.list >/dev/null
19+
apt-get -qq update
20+
apt-get -qq install apt-transport-https ca-certificates curl gnupg lsb-release ipvsadm wireguard apparmor
21+
curl -fsSL https://download.docker.com/linux/$os_id/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
22+
curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/kubernetes-archive-keyring.gpg
23+
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/$os_id $(lsb_release -cs) stable" \
24+
>/etc/apt/sources.list.d/docker.list
25+
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" \
26+
>/etc/apt/sources.list.d/kubernetes.list
2227

2328
# Install container runtime
24-
sudo apt-get -qq update
25-
sudo apt-get -qq install containerd.io
29+
apt-get -qq update
30+
apt-get -qq install containerd.io
2631
else
2732
# Install prerequisites
2833

29-
cat <<-EOF | sudo tee /etc/yum.repos.d/kubernetes.repo > /dev/null
34+
cat <<-EOF > /etc/yum.repos.d/kubernetes.repo
3035
[kubernetes]
3136
name=Kubernetes
3237
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
@@ -38,88 +43,96 @@ install_prerequisites() {
3843
EOF
3944

4045
if [ "$os_id" == "fedora" ]; then
41-
sudo dnf -qy config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
42-
sudo dnf -qy install containerd.io ipvsadm wireguard-tools iproute-tc
46+
dnf -qy config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo
47+
dnf -qy install containerd.io ipvsadm wireguard-tools iproute-tc
4348
elif [ "$(. /etc/os-release && echo $PLATFORM_ID)" = "platform:el9" ]; then
4449
# Wireguard is installed by default on EL9-like systems
45-
sudo dnf -qy config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
46-
sudo dnf -qy install containerd.io ipvsadm wireguard-tools iproute-tc
50+
dnf -qy config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
51+
dnf -qy install containerd.io ipvsadm wireguard-tools iproute-tc
4752
else
48-
sudo dnf -qy config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
49-
sudo dnf -qy install elrepo-release epel-release
50-
sudo dnf -qy install containerd.io ipvsadm kmod-wireguard wireguard-tools iproute-tc
53+
dnf -qy config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
54+
dnf -qy install elrepo-release epel-release
55+
dnf -qy install containerd.io ipvsadm kmod-wireguard wireguard-tools iproute-tc
5156
fi
5257
fi
5358
}
5459

5560
configure_system() {
5661
# Disable SELinux, if it is enabled
57-
if [ $is_debian_like == 0 ] && [ "$(getenforce)" != "Permissive" ]; then
58-
sudo setenforce 0
59-
sudo sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
62+
if [ -x "$(command -v getenforce)" ] && [ "$(getenforce)" != "Permissive" ]; then
63+
setenforce 0
64+
sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
65+
fi
66+
67+
# Disable swap
68+
if grep -q '/dev/zram0' /proc/swaps; then
69+
# https://fedoraproject.org/wiki/Changes/SwapOnZRAM
70+
touch /etc/systemd/zram-generator.conf
71+
swapoff /dev/zram0
72+
zramctl --reset /dev/zram0
6073
fi
6174

6275
# Kernel modules
63-
cat <<-EOF | sudo tee /etc/modules-load.d/containerd.conf > /dev/null
76+
cat <<-EOF > /etc/modules-load.d/containerd.conf
6477
overlay
6578
br_netfilter
6679
ip_tables
6780
ip6_tables
6881
wireguard
6982
EOF
7083

71-
sudo modprobe -a overlay br_netfilter ip_tables ip6_tables wireguard
84+
modprobe -a overlay br_netfilter ip_tables ip6_tables wireguard
7285

7386
# Setup required sysctl params, these persist across reboots.
74-
cat <<-EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf > /dev/null
87+
cat <<-EOF > /etc/sysctl.d/99-kubernetes-cri.conf
7588
net.bridge.bridge-nf-call-iptables = 1
7689
net.ipv4.ip_forward = 1
7790
net.ipv6.conf.all.forwarding = 1
7891
net.bridge.bridge-nf-call-ip6tables = 1
7992
EOF
8093

81-
sudo sysctl --system
94+
sysctl --system
8295
}
8396

8497
configure_containerd() {
8598
# Enable systemd cgroups driver
86-
sudo mkdir -p /etc/containerd
99+
mkdir -p /etc/containerd
87100
containerd config default | \
88101
grep -v 'SystemdCgroup' | \
89-
sed -re 's/(\s+)(\[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options\])/\1\2\n\1 SystemdCgroup = true/g' | \
90-
sudo tee /etc/containerd/config.toml >/dev/null
102+
sed -re 's/(\s+)(\[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options\])/\1\2\n\1 SystemdCgroup = true/g' \
103+
> /etc/containerd/config.toml
91104
}
92105

93106
install_kubernetes() {
94107
if [ $is_debian_like == 1 ]; then
95-
sudo apt-get -qq install kubelet=${kubernetes_version}-00 kubeadm=${kubernetes_version}-00 kubectl=${kubernetes_version}-00
96-
sudo apt-mark hold kubelet kubeadm kubectl
108+
apt-get -qq install kubelet=${kubernetes_version}-00 kubeadm=${kubernetes_version}-00 kubectl=${kubernetes_version}-00
109+
apt-mark hold kubelet kubeadm kubectl
97110

98-
cat <<-EOF | sudo tee /etc/systemd/system/kubelet.service.d/20-hcloud.conf > /dev/null
111+
cat <<-EOF > /etc/systemd/system/kubelet.service.d/20-hcloud.conf
99112
[Service]
100113
Environment="KUBELET_EXTRA_ARGS=--cloud-provider=external --node-ip=::"
101114
EOF
102115

103-
sudo systemctl daemon-reload
104-
sudo systemctl restart containerd kubelet
116+
systemctl daemon-reload
117+
systemctl restart containerd kubelet
105118
else
106119
if [ "$os_id" == "fedora" ]; then
107120
# Fedora containernetworking-plugins RPM installs the plugins in /usr/libexec/cni/
108121
# https://src.fedoraproject.org/rpms/containernetworking-plugins/blob/rawhide/f/containernetworking-plugins.spec
109-
sudo mkdir -p /opt/cni
110-
sudo ln -s /usr/libexec/cni/ /opt/cni/bin
122+
mkdir -p /opt/cni
123+
ln -s /usr/libexec/cni/ /opt/cni/bin
111124
fi
112125

113-
echo 'KUBELET_EXTRA_ARGS=--cloud-provider=external --node-ip=::' | sudo tee /etc/sysconfig/kubelet > /dev/null
114-
sudo dnf -qy install kubelet-${kubernetes_version}-0 kubeadm-${kubernetes_version}-0 kubectl-${kubernetes_version}-0 --disableexcludes=kubernetes
115-
sudo systemctl enable --now containerd kubelet
126+
echo 'KUBELET_EXTRA_ARGS=--cloud-provider=external --node-ip=::' > /etc/sysconfig/kubelet
127+
dnf -qy install kubelet-${kubernetes_version}-0 kubeadm-${kubernetes_version}-0 kubectl-${kubernetes_version}-0 --disableexcludes=kubernetes
128+
systemctl enable --now containerd kubelet
116129
fi
117130
}
118131

119132
configure_wigglenet() {
120133
# Determine the IPv6 pod subnet based on the /64 assigned to eth0 interface (take 2nd /80)
121-
sudo mkdir -p /etc/wigglenet
122-
sudo python3 <<-EOF
134+
mkdir -p /etc/wigglenet
135+
python3 <<-EOF
123136
import re
124137
import os
125138
import ipaddress

scripts/cluster-join.sh

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,11 +10,11 @@ fi
1010

1111
if [[ -f "join-command.sh" ]]; then
1212
chmod +x join-command.sh
13-
sudo ./join-command.sh
13+
./join-command.sh
1414
else
15-
sudo kubeadm init --config cluster.yaml --upload-certs
15+
kubeadm init --config cluster.yaml --upload-certs
1616
fi
1717

1818
mkdir -p $HOME/.kube
19-
sudo cp -f /etc/kubernetes/admin.conf $HOME/.kube/config
20-
sudo chown $(id -u):$(id -g) $HOME/.kube/config
19+
cp -f /etc/kubernetes/admin.conf $HOME/.kube/config
20+
chown $(id -u):$(id -g) $HOME/.kube/config

0 commit comments

Comments
 (0)