Set the tcp_rmem sysctl in bootstrap script

This ensures that we're using our settings for downloading nodeup
itself and any assets that nodeup downloads.  This is a workaround for
reported problems with the initial download on some kernels otherwise.

Issue #10206

pkg/model/bootstrapscript.go

@@ -380,6 +380,12 @@ func (b *BootstrapScript) Run(c *fi.Context) error {
 		"GzipBase64": func(data string) (string, error) {
 			return gzipBase64(data)
 		},
+
+		"SetSysctls": func() string {
+			// By setting some sysctls early, we avoid broken configurations that prevent nodeup download.
+			// See https://github.com/kubernetes/kops/issues/10206 for details.
+			return "sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true\n"
+		},
 	}
 
 	awsNodeUpTemplate, err := resources.AWSNodeUpTemplate(b.ig)

pkg/model/resources/nodeup.go

@@ -40,6 +40,8 @@ NODEUP_HASH_ARM64={{ NodeUpSourceHashArm64 }}
 
 {{ ProxyEnv }}
 
+{{ SetSysctls }}
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

pkg/model/tests/data/bootstrapscript_0.txt

@@ -29,6 +29,9 @@ systemctl daemon-reload
 systemctl daemon-reexec
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

pkg/model/tests/data/bootstrapscript_1.txt

@@ -29,6 +29,9 @@ systemctl daemon-reload
 systemctl daemon-reexec
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

pkg/model/tests/data/bootstrapscript_2.txt

@@ -29,6 +29,9 @@ systemctl daemon-reload
 systemctl daemon-reexec
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

pkg/model/tests/data/bootstrapscript_3.txt

@@ -29,6 +29,9 @@ systemctl daemon-reload
 systemctl daemon-reexec
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

pkg/model/tests/data/bootstrapscript_4.txt

@@ -29,6 +29,9 @@ systemctl daemon-reload
 systemctl daemon-reexec
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

pkg/model/tests/data/bootstrapscript_5.txt

@@ -29,6 +29,9 @@ systemctl daemon-reload
 systemctl daemon-reexec
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_master-us-test-1a.masters.bastionuserdata.example.com_user_data

@@ -13,6 +13,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/bastionadditional_user-data/data/aws_launch_template_nodes.bastionuserdata.example.com_user_data

@@ -22,6 +22,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/complex/cloudformation.json.extracted.yaml

@@ -23,6 +23,9 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscomplexexamplecom.Properties.
 
 
 
+  sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
   function ensure-install-dir() {
     INSTALL_DIR="/opt/kops"
     # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec
@@ -379,6 +382,9 @@ Resources.AWSEC2LaunchTemplatenodescomplexexamplecom.Properties.LaunchTemplateDa
 
 
 
+  sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
   function ensure-install-dir() {
     INSTALL_DIR="/opt/kops"
     # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/complex/data/aws_launch_template_master-us-test-1a.masters.complex.example.com_user_data

@@ -22,6 +22,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/complex/data/aws_launch_template_nodes.complex.example.com_user_data

@@ -22,6 +22,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/compress/data/aws_launch_template_master-us-test-1a.masters.compress.example.com_user_data

@@ -22,6 +22,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/compress/data/aws_launch_template_nodes.compress.example.com_user_data

@@ -22,6 +22,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/containerd-custom/cloudformation.json.extracted.yaml

@@ -14,6 +14,9 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom.Properti
 
 
 
+  sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
   function ensure-install-dir() {
     INSTALL_DIR="/opt/kops"
     # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec
@@ -362,6 +365,9 @@ Resources.AWSEC2LaunchTemplatenodescontainerdexamplecom.Properties.LaunchTemplat
 
 
 
+  sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
   function ensure-install-dir() {
     INSTALL_DIR="/opt/kops"
     # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/containerd/cloudformation.json.extracted.yaml

@@ -14,6 +14,9 @@ Resources.AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom.Properti
 
 
 
+  sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
   function ensure-install-dir() {
     INSTALL_DIR="/opt/kops"
     # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec
@@ -344,6 +347,9 @@ Resources.AWSEC2LaunchTemplatenodescontainerdexamplecom.Properties.LaunchTemplat
 
 
 
+  sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
   function ensure-install-dir() {
     INSTALL_DIR="/opt/kops"
     # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/docker-custom/cloudformation.json.extracted.yaml

@@ -14,6 +14,9 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersdockerexamplecom.Properties.L
 
 
 
+  sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
   function ensure-install-dir() {
     INSTALL_DIR="/opt/kops"
     # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec
@@ -350,6 +353,9 @@ Resources.AWSEC2LaunchTemplatenodesdockerexamplecom.Properties.LaunchTemplateDat
 
 
 
+  sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
   function ensure-install-dir() {
     INSTALL_DIR="/opt/kops"
     # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1a.masters.existing-iam.example.com_user_data

@@ -13,6 +13,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1b.masters.existing-iam.example.com_user_data

@@ -13,6 +13,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/existing_iam/data/aws_launch_template_master-us-test-1c.masters.existing-iam.example.com_user_data

@@ -13,6 +13,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/existing_iam/data/aws_launch_template_nodes.existing-iam.example.com_user_data

@@ -13,6 +13,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json.extracted.yaml

@@ -14,6 +14,9 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersminimalexamplecom.Properties.
 
 
 
+  sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
   function ensure-install-dir() {
     INSTALL_DIR="/opt/kops"
     # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec
@@ -344,6 +347,9 @@ Resources.AWSEC2LaunchTemplatenodesminimalexamplecom.Properties.LaunchTemplateDa
 
 
 
+  sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
   function ensure-install-dir() {
     INSTALL_DIR="/opt/kops"
     # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1a.masters.existingsg.example.com_user_data

@@ -13,6 +13,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1b.masters.existingsg.example.com_user_data

@@ -13,6 +13,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/existing_sg/data/aws_launch_template_master-us-test-1c.masters.existingsg.example.com_user_data

@@ -13,6 +13,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/existing_sg/data/aws_launch_template_nodes.existingsg.example.com_user_data

@@ -13,6 +13,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/externallb/cloudformation.json.extracted.yaml

@@ -14,6 +14,9 @@ Resources.AWSEC2LaunchTemplatemasterustest1amastersexternallbexamplecom.Properti
 
 
 
+  sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
   function ensure-install-dir() {
     INSTALL_DIR="/opt/kops"
     # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec
@@ -344,6 +347,9 @@ Resources.AWSEC2LaunchTemplatenodesexternallbexamplecom.Properties.LaunchTemplat
 
 
 
+  sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
   function ensure-install-dir() {
     INSTALL_DIR="/opt/kops"
     # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/externallb/data/aws_launch_template_master-us-test-1a.masters.externallb.example.com_user_data

@@ -13,6 +13,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/externallb/data/aws_launch_template_nodes.externallb.example.com_user_data

@@ -13,6 +13,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/externalpolicies/data/aws_launch_template_master-us-test-1a.masters.externalpolicies.example.com_user_data

@@ -13,6 +13,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/externalpolicies/data/aws_launch_template_nodes.externalpolicies.example.com_user_data

@@ -13,6 +13,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec

tests/integration/update_cluster/ha/data/aws_launch_template_master-us-test-1a.masters.ha.example.com_user_data

@@ -13,6 +13,9 @@ export AWS_REGION=us-test-1
 
 
 
+sysctl -w net.ipv4.tcp_rmem='4096 12582912 16777216' || true
+
+
 function ensure-install-dir() {
   INSTALL_DIR="/opt/kops"
   # On ContainerOS, we install under /var/lib/toolbox; /opt is ro and noexec