fix network bridge modules and sysctl

[rdxmb]

fix #92

[rdxmb]

if this looks good to you I can create another PR with sqashed commits.

[rdxmb]

This could also be part of the containerd-role, like it is described here: https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd .

What do you think?

[gleichda]

@rdxmb @geerlingguy what about this PR tested it on Ubuntu 21.04 Server on a raspberry Pi and can confirm it works

[geerlingguy]

Is there some reason the sysctl module can't be used for these modifications (and lineinfile used instead)?

[rdxmb]

I do not remember exactly.

I've just complied with https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#letting-iptables-see-bridged-traffic .

[aanoaa]

This is immediately applied, but will only last 'till the next boot, so it is not a permanent change.
to make sysctl changes permanently write token = value formatted file into below dirs.

FILES
       /run/sysctl.d/*.conf
       /etc/sysctl.d/*.conf
       /usr/local/lib/sysctl.d/*.conf
       /usr/lib/sysctl.d/*.conf
       /lib/sysctl.d/*.conf
       /etc/sysctl.conf
              The paths where sysctl preload files usually exist.  See also sysctl option --system.

[terryzwt]

I apply the patch mannually, works for me.

[stale]

This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark pull requests as stale.

[rdxmb]

/no-stale-please

[stale]

This issue is no longer marked for closure.

[gleichda]

See the original issue or https://stackoverflow.com/a/63692277 where @geerlingguy answered the question already on stackoverflow. Validated today with Ubuntu LTS 20.04 on a RPI 4

Edit the net.ipv4.ip_forward = 1 is still required. So my pre tasks currently look:

- name: Ensure br_netfilter is enabled.
  modprobe:
    name: br_netfilter
    state: present
  become: true

- name: Let iptables see bridged traffic.
  sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    state: present
  become: true

I would suggest to include these tasks into the module. Whats your opinion on that @geerlingguy @rdxmb

[rdxmb]

If this works, this sounds good.
However, I prefer using a config-file under /etc/sysctl.d , which can also be done via ansible's sysctl.

https://docs.ansible.com/ansible/latest/collections/ansible/posix/sysctl_module.html#parameter-sysctl_file

This way a later change / cleanup can be done through ansible by deleting this file.

[gleichda]

Sounds valid no objections there. Will you rewrite your PR or should I create a new one!

[rdxmb]

feel free to create a new one. Rewrite is bad because of missing squash. Thanks.

[stale]

This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark pull requests as stale.

[rdxmb]

no-stale

@gleichda will you continue with your pr?

[stale]

This issue is no longer marked for closure.

[gleichda]

@rdxmb unfortunately not at the moment due to missing time. But as soon as I find some spare time I will.
In the meantime if you want to and have time pls go ahead

[stale]

This issue is no longer marked for closure.

[stale]

This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!

Please read this blog post to see the reasons why I mark pull requests as stale.

[stale]

This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.