From 79b794dba2cfb669c4f35566ee5875106cc46d4f Mon Sep 17 00:00:00 2001 From: Danny Bessems Date: Thu, 26 Jan 2023 16:58:15 +0100 Subject: [PATCH] Configure inotify limits;Filter updating image references --- ansible/requirements.yml | 2 ++ .../workloadcluster/tasks/clusterapi.yml | 4 ++-- ansible/roles/os/tasks/main.yml | 24 ++++++------------- ansible/roles/os/tasks/sysctl.yml | 11 +++++++++ 4 files changed, 22 insertions(+), 19 deletions(-) create mode 100644 ansible/roles/os/tasks/sysctl.yml diff --git a/ansible/requirements.yml b/ansible/requirements.yml index a5505ce..8c56e54 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -1,4 +1,6 @@ collections: + - name: https://github.com/ansible-collections/ansible.posix + type: git - name: https://github.com/ansible-collections/ansible.utils type: git - name: https://github.com/ansible-collections/community.general diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml index 3a93035..88ac69d 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml @@ -52,7 +52,7 @@ version: "{{ components.clusterapi.workload.version.k8s }}" vip: "{{ vapp['workloadcluster.vip'] }}" -- name: Update image references to use local registry +- name: WORKAROUND - Update image references to use local registry ansible.builtin.replace: dest: "{{ item.root ~ '/' ~ item.path }}" regexp: '([ ]+image:[ "]+)(?!({{ _template.pattern }}|"{{ _template.pattern }}))' @@ -65,7 +65,7 @@ label: "{{ item.path }}" when: - item.path is search('.yaml') - - item.path is not search("clusterctl.yaml|metadata.yaml") + - item.path is not search("cert-manager.yaml|clusterctl.yaml|components.yaml|metadata.yaml") - name: Generate kustomization template ansible.builtin.template: diff --git a/ansible/roles/os/tasks/main.yml b/ansible/roles/os/tasks/main.yml index 4f100f7..5ebfd01 100644 --- a/ansible/roles/os/tasks/main.yml +++ b/ansible/roles/os/tasks/main.yml @@ -1,17 +1,7 @@ -- name: Disable tty logins - import_tasks: tty.yml - -- name: Remove snapd - import_tasks: snapd.yml - -- name: Remove cloud-init - import_tasks: cloud-init.yml - -- name: Configure default logging - import_tasks: logging.yml - -- name: Configure services - import_tasks: services.yml - -- name: Install packages - import_tasks: packages.yml +- import_tasks: tty.yml +- import_tasks: snapd.yml +- import_tasks: cloud-init.yml +- import_tasks: logging.yml +- import_tasks: services.yml +- import_tasks: packages.yml +- import_tasks: sysctl.yml diff --git a/ansible/roles/os/tasks/sysctl.yml b/ansible/roles/os/tasks/sysctl.yml new file mode 100644 index 0000000..d3bc777 --- /dev/null +++ b/ansible/roles/os/tasks/sysctl.yml @@ -0,0 +1,11 @@ +- name: Configure inotify limits + ansible.posix.sysctl: + name: "{{ item.name }}" + value: "{{ item.value }}" + loop: + - name: fs.inotify.max_user_instances + value: '512' + - name: fs.inotify.max_user_watches + value: '524288' + loop_control: + label: "{{ item.name ~ '=' ~ item.value }}"