set sysctl variables on cni server startup

kubeovn · Aug 1, 2022 · 0a89bc8 · 0a89bc8
1 parent 3551315
commit 0a89bc8
Showing 1 changed file with 20 additions and 3 deletions.
diff --git a/dist/images/start-cniserver.sh b/dist/images/start-cniserver.sh
@@ -4,16 +4,25 @@ set -euo pipefail
 CNI_SOCK=/run/openvswitch/kube-ovn-daemon.sock
 OVS_SOCK=/run/openvswitch/db.sock
 ENABLE_SSL=${ENABLE_SSL:-false}
+SYSCTL_NF_CONNTRACK_TCP_BE_LIBERAL=${SYSCTL_NF_CONNTRACK_TCP_BE_LIBERAL:-1}
+SYSCTL_IPV4_NEIGH_DEFAULT_GC_THRESH=${SYSCTL_IPV4_NEIGH_DEFAULT_GC_THRESH:-"2048 4096 8192"}
+
+# usage: set_sysctl key value
+function set_sysctl {
+  set -e
+  echo "setting sysctl variable \"$1\" to \"$2\""
+  sysctl -w "$1" "$2"
+}
 
 function quit {
-    rm -rf CNI_CONF
-    exit 0
+  rm -rf $CNI_SOCK
+  exit 0
 }
 trap quit EXIT
 
 if [[ -e "$CNI_SOCK" ]]
 then
-    echo "previous socket exists, remove and continue"
+  echo "previous socket exists, remove and continue"
 	rm ${CNI_SOCK}
 fi
 
@@ -34,4 +43,12 @@ iptables -P FORWARD ACCEPT
 iptables-nft -P FORWARD ACCEPT
 set -e
 
+gc_thresh1=$(echo "$SYSCTL_IPV4_NEIGH_DEFAULT_GC_THRESH" | awk '{print $1}')
+gc_thresh2=$(echo "$SYSCTL_IPV4_NEIGH_DEFAULT_GC_THRESH" | awk '{print $2}')
+gc_thresh3=$(echo "$SYSCTL_IPV4_NEIGH_DEFAULT_GC_THRESH" | awk '{print $3}')
+set_sysctl net.ipv4.neigh.default.gc_thresh1 $gc_thresh1
+set_sysctl net.ipv4.neigh.default.gc_thresh2 $gc_thresh2
+set_sysctl net.ipv4.neigh.default.gc_thresh3 $gc_thresh3
+set_sysctl net.netfilter.nf_conntrack_tcp_be_liberal $SYSCTL_NF_CONNTRACK_TCP_BE_LIBERAL
+
 ./kube-ovn-daemon --ovs-socket=${OVS_SOCK} --bind-socket=${CNI_SOCK} "$@"