Add disable udp service for ubuntu on vmware (aws#2326)

abhay-krishna · Jul 25, 2023 · d9305be · d9305be
1 parent da80fa1
commit d9305be
Show file tree

Hide file tree

Showing 19 changed files with 154 additions and 104 deletions.
diff --git a/...kubernetes-sigs/image-builder/patches/0001-Add-goss-validations-for-EKS-D-artifacts.patch b/...kubernetes-sigs/image-builder/patches/0001-Add-goss-validations-for-EKS-D-artifacts.patch
@@ -1,4 +1,4 @@
-From 4b485baad0b89680444e4a994bdc384b26f304a3 Mon Sep 17 00:00:00 2001
+From 1c8a0f202a9cec579266a8fed17a86165539b8c8 Mon Sep 17 00:00:00 2001
 From: Vignesh Goutham Ganesh <vgg@amazon.com>
 Date: Tue, 11 Jan 2022 18:36:56 -0800
 Subject: [PATCH 01/18] Add goss validations for EKS-D artifacts
@@ -31,5 +31,5 @@ index 189b5a4cc..1ab83545e 100644
      stderr: []
      timeout: 0
 -- 
-2.39.2
+2.39.1
 
diff --git a/...igs/image-builder/patches/0002-Output-vsphere-builds-to-content-library-instead-of-.patch b/...igs/image-builder/patches/0002-Output-vsphere-builds-to-content-library-instead-of-.patch
@@ -1,4 +1,4 @@
-From bcdde1a417a6123bac4685edfa246c486281cabd Mon Sep 17 00:00:00 2001
+From 7825eeb1333575bbc6ffad6e922ec82a5d17d461 Mon Sep 17 00:00:00 2001
 From: Vignesh Goutham Ganesh <vgg@amazon.com>
 Date: Tue, 11 Jan 2022 21:00:12 -0800
 Subject: [PATCH 02/18] Output vsphere builds to content library instead of
@@ -98,5 +98,5 @@ index d6fc80fdd..0b3e48792 100644
    }
  }
 -- 
-2.39.2
+2.39.1
 
diff --git a/...igs/image-builder/patches/0003-Create-etc-pki-tls-certs-dir-as-part-of-image-builds.patch b/...igs/image-builder/patches/0003-Create-etc-pki-tls-certs-dir-as-part-of-image-builds.patch
@@ -1,4 +1,4 @@
-From 2e01dc5b2d41b33cbff9b516df5380dcdf9c6452 Mon Sep 17 00:00:00 2001
+From bd4a51d1cb15048cf8daa8c38b166065c91ec22c Mon Sep 17 00:00:00 2001
 From: Vignesh Goutham Ganesh <vgg@amazon.com>
 Date: Tue, 11 Jan 2022 21:05:13 -0800
 Subject: [PATCH 03/18] Create /etc/pki/tls/certs dir as part of image-builds
@@ -29,5 +29,5 @@ index 04a07ad7f..0114e934d 100644
    file:
      path: /etc/systemd/system/containerd.service.d/http-proxy.conf
 -- 
-2.39.2
+2.39.1
 
diff --git a/...igs/image-builder/patches/0004-Add-etcdadm-and-etcd.tar.gz-to-image-for-unstacked-e.patch b/...igs/image-builder/patches/0004-Add-etcdadm-and-etcd.tar.gz-to-image-for-unstacked-e.patch
@@ -1,4 +1,4 @@
-From 514f9841d9747a970b7f91ff916ce30d01b4c6ee Mon Sep 17 00:00:00 2001
+From e2e3348655b316f9cc336331d674b6be42741960 Mon Sep 17 00:00:00 2001
 From: Vignesh Goutham Ganesh <vgg@amazon.com>
 Date: Tue, 11 Jan 2022 21:12:53 -0800
 Subject: [PATCH 04/18] Add etcdadm and etcd.tar.gz to image for unstacked etcd
@@ -83,5 +83,5 @@ index 4d3a5f5a8..80f93c5c3 100644
    "kubernetes_series": "v1.25",
    "kubernetes_source_type": "pkg",
 -- 
-2.39.2
+2.39.1
 
diff --git a/...bernetes-sigs/image-builder/patches/0005-Additional-EKS-A-specific-goss-validations.patch b/...bernetes-sigs/image-builder/patches/0005-Additional-EKS-A-specific-goss-validations.patch
@@ -1,4 +1,4 @@
-From efbe109ab433663f0846582c4bf637363888db76 Mon Sep 17 00:00:00 2001
+From d2b23cda807ba4782c6d6a6af7d5a9e929bb70c7 Mon Sep 17 00:00:00 2001
 From: Vignesh Goutham Ganesh <vgg@amazon.com>
 Date: Tue, 11 Jan 2022 21:26:09 -0800
 Subject: [PATCH 05/18] Additional EKS-A specific goss validations
@@ -128,5 +128,5 @@ index 0b3e48792..ff6430db3 100644
        "version": "{{user `goss_version`}}"
      }
 -- 
-2.39.2
+2.39.1
 
diff --git a/projects/kubernetes-sigs/image-builder/patches/0006-Tweak-Product-info-in-OVF.patch b/projects/kubernetes-sigs/image-builder/patches/0006-Tweak-Product-info-in-OVF.patch
@@ -1,4 +1,4 @@
-From 09051e0599528bac2033abef1512698d35b1f415 Mon Sep 17 00:00:00 2001
+From e7622d7c38951b1d19b98638e5a027439327eb7a Mon Sep 17 00:00:00 2001
 From: Vignesh Goutham Ganesh <vgg@amazon.com>
 Date: Tue, 11 Jan 2022 21:29:16 -0800
 Subject: [PATCH 06/18] Tweak Product info in OVF
@@ -35,5 +35,5 @@ index 316427ec3..ca23db5f9 100644
        <Property ovf:userConfigurable="false" ovf:value="${BUILD_TIMESTAMP}" ovf:type="string" ovf:key="BUILD_TIMESTAMP"/>
        <Property ovf:userConfigurable="false" ovf:value="${BUILD_DATE}" ovf:type="string" ovf:key="BUILD_DATE"/>
 -- 
-2.39.2
+2.39.1
 
diff --git a/...netes-sigs/image-builder/patches/0007-Support-crictl-validation-from-input-checksum.patch b/...netes-sigs/image-builder/patches/0007-Support-crictl-validation-from-input-checksum.patch
@@ -1,7 +1,7 @@
-From eb0ec6499bcf05e4683215c6bbcee1a74cbecdcc Mon Sep 17 00:00:00 2001
+From 466adc2ce78964efe944d698ff27f9bffc73db61 Mon Sep 17 00:00:00 2001
 From: Vignesh Goutham Ganesh <vgg@amazon.com>
 Date: Fri, 2 Sep 2022 14:32:21 -0700
-Subject: [PATCH 08/18] Support crictl validation from input checksum
+Subject: [PATCH 07/18] Support crictl validation from input checksum
 
 Signed-off-by: Vignesh Goutham Ganesh <vgg@amazon.com>
 ---
@@ -38,5 +38,5 @@ index 9ae4f81b1..1ef16318a 100644
      mode: 0600
 
 -- 
-2.39.2
+2.39.1
 
diff --git a/...etes-sigs/image-builder/patches/0008-Exclude-kernel-and-cloud-init-from-yum-updates.patch b/...etes-sigs/image-builder/patches/0008-Exclude-kernel-and-cloud-init-from-yum-updates.patch
@@ -1,7 +1,7 @@
-From 4aeccc58b24b6bed94f752ed73b593641e4fe004 Mon Sep 17 00:00:00 2001
+From 014e064f435e54a7651ff73593f9dad01efd8ba8 Mon Sep 17 00:00:00 2001
 From: Vignesh Goutham Ganesh <vgg@amazon.com>
 Date: Tue, 6 Dec 2022 15:42:02 -0600
-Subject: [PATCH 09/18] Exclude kernel and cloud-init from yum updates
+Subject: [PATCH 08/18] Exclude kernel and cloud-init from yum updates
 
 Signed-off-by: Vignesh Goutham Ganesh <vgg@amazon.com>
 ---
@@ -21,5 +21,5 @@ index 66d9c8cac..0961f37d4 100644
 
  - name: install baseline dependencies
 -- 
-2.39.2
+2.39.1
 
diff --git a/...igs/image-builder/patches/0009-Patch-cloud-init-systemd-unit-to-wait-for-network-ma.patch b/...igs/image-builder/patches/0009-Patch-cloud-init-systemd-unit-to-wait-for-network-ma.patch
@@ -1,7 +1,7 @@
-From f2b68b5226209c244c3cb243f75cd9da1a53bd0b Mon Sep 17 00:00:00 2001
+From 1d2f0a81b1560756ce9362be03a4a106a92790d5 Mon Sep 17 00:00:00 2001
 From: Vignesh Goutham Ganesh <vgg@amazon.com>
 Date: Mon, 9 Jan 2023 14:11:18 -0600
-Subject: [PATCH 10/18] Patch cloud-init systemd unit to wait for network
+Subject: [PATCH 09/18] Patch cloud-init systemd unit to wait for network
  manager online
 
 Signed-off-by: Vignesh Goutham Ganesh <vgg@amazon.com>
@@ -47,5 +47,5 @@ index 28c609177..e5f2ed16c 100644
  # Enable all cloud-init services on boot.
  - name: Make sure all cloud init services are enabled
 -- 
-2.39.2
+2.39.1
 
diff --git a/...etes-sigs/image-builder/patches/0010-Add-instance-metadata-options-to-Packer-config.patch b/...etes-sigs/image-builder/patches/0010-Add-instance-metadata-options-to-Packer-config.patch
@@ -1,7 +1,7 @@
-From 42f5a3b2caa7c5713d76df8ceefaa0d960a272b5 Mon Sep 17 00:00:00 2001
+From 80b701ee528b6cb5de1d642eee75eeee2b107680 Mon Sep 17 00:00:00 2001
 From: Abhay Krishna Arunachalam <arnchlm@amazon.com>
 Date: Thu, 2 Feb 2023 01:39:15 -0800
-Subject: [PATCH 11/18] Add instance metadata options to Packer config
+Subject: [PATCH 10/18] Add instance metadata options to Packer config
 
 Signed-off-by: Abhay Krishna Arunachalam <arnchlm@amazon.com>
 ---
@@ -35,5 +35,5 @@ index 7b957a8d6..d2c742649 100644
      "ib_version": "{{env `IB_VERSION`}}",
      "iops": "3000",
 -- 
-2.39.2
+2.39.1
 
diff --git a/...igs/image-builder/patches/0011-Rename-Snow-node-image-to-reflect-appropriate-CAPI-p.patch b/...igs/image-builder/patches/0011-Rename-Snow-node-image-to-reflect-appropriate-CAPI-p.patch
@@ -1,7 +1,7 @@
-From f07bc7270d61743a6dfed026ea1dc49dc7da1bf0 Mon Sep 17 00:00:00 2001
+From f1d37d26168f74ab9c100547a0aba19e3a59298a Mon Sep 17 00:00:00 2001
 From: Abhay Krishna Arunachalam <arnchlm@amazon.com>
 Date: Fri, 10 Feb 2023 16:08:18 -0800
-Subject: [PATCH 12/18] Rename Snow node image to reflect appropriate CAPI
+Subject: [PATCH 11/18] Rename Snow node image to reflect appropriate CAPI
  provider
 
 Signed-off-by: Abhay Krishna Arunachalam <arnchlm@amazon.com>
@@ -23,5 +23,5 @@ index d2c742649..d64b22278 100644
        "ami_regions": "{{user `ami_regions`}}",
        "ami_users": "{{user `ami_users`}}",
 -- 
-2.39.2
+2.39.1
 
diff --git a/...igs/image-builder/patches/0012-Add-EKS-A-specific-inline-Goss-vars-to-all-supported.patch b/...igs/image-builder/patches/0012-Add-EKS-A-specific-inline-Goss-vars-to-all-supported.patch
@@ -1,7 +1,7 @@
-From 7d29f0f259dffc29129306dc9bd36738e4bfe921 Mon Sep 17 00:00:00 2001
+From 74fad131b42949bbbdd033c4f51129408d2a564c Mon Sep 17 00:00:00 2001
 From: Abhay Krishna Arunachalam <arnchlm@amazon.com>
 Date: Thu, 2 Mar 2023 19:27:50 -0800
-Subject: [PATCH 13/18] Add EKS-A specific inline Goss vars to all supported
+Subject: [PATCH 12/18] Add EKS-A specific inline Goss vars to all supported
  providers
 
 Signed-off-by: Abhay Krishna Arunachalam <arnchlm@amazon.com>
@@ -85,5 +85,5 @@ index e790e67d5..dc494a1e8 100644
        "version": "{{user `goss_version`}}"
      }
 -- 
-2.39.2
+2.39.1
 
diff --git a/...rnetes-sigs/image-builder/patches/0013-Use-tar.gz-extension-for-CNI-plugins-tarball.patch b/...rnetes-sigs/image-builder/patches/0013-Use-tar.gz-extension-for-CNI-plugins-tarball.patch
@@ -1,7 +1,7 @@
-From 695c60b097619f4c1c1b3b39fa5fe60e18e150fc Mon Sep 17 00:00:00 2001
+From 2a291e5f7626d87f04b6a60c45a09f203d77dcb7 Mon Sep 17 00:00:00 2001
 From: Abhay Krishna Arunachalam <arnchlm@amazon.com>
 Date: Thu, 9 Mar 2023 16:05:22 -0800
-Subject: [PATCH 14/18] Use tar.gz extension for CNI plugins tarball
+Subject: [PATCH 13/18] Use tar.gz extension for CNI plugins tarball
 
 Signed-off-by: Abhay Krishna Arunachalam <arnchlm@amazon.com>
 ---
@@ -22,5 +22,5 @@ index 48a4a2177..99bf2f843 100644
      dest: /tmp/cni.tar.gz
      mode: 0755
 -- 
-2.39.2
+2.39.1
 
diff --git a/projects/kubernetes-sigs/image-builder/patches/0014-uses-latest-ubuntu-22.04-iso.patch b/projects/kubernetes-sigs/image-builder/patches/0014-uses-latest-ubuntu-22.04-iso.patch
@@ -1,4 +1,4 @@
-From 2e69267b8f8ceb079ac263aafa5ea480d02d4d8e Mon Sep 17 00:00:00 2001
+From 06b287df708bbb86f101cf26ea60aadb0abfe27e Mon Sep 17 00:00:00 2001
 From: Jackson West <jgw@amazon.com>
 Date: Fri, 23 Jun 2023 10:50:08 -0500
 Subject: [PATCH 14/18] uses latest ubuntu 22.04 iso
@@ -41,5 +41,5 @@ index badbf1045..dffc6967f 100644
    "shutdown_command": "shutdown -P now",
    "vsphere_guest_os_type": "ubuntu64Guest"
 -- 
-2.39.2
+2.39.1
 
diff --git a/projects/kubernetes-sigs/image-builder/patches/0015-Shrink-qemu-ubuntu-image-size.patch b/projects/kubernetes-sigs/image-builder/patches/0015-Shrink-qemu-ubuntu-image-size.patch
@@ -1,4 +1,4 @@
-From 5d7f131e2ed7190f3cb9c2a7f82b2d2a5ba25845 Mon Sep 17 00:00:00 2001
+From de8d2056f14d6c6bb9a782eb9d11b0d39ae1084c Mon Sep 17 00:00:00 2001
 From: Roman Hros <roman.hros@dnation.cloud>
 Date: Mon, 5 Jun 2023 16:29:45 +0200
 Subject: [PATCH 15/18] Shrink qemu ubuntu image size
@@ -112,5 +112,5 @@ index 24bdce560..fdcb56c26 100644
 +    - curtin in-target --target=/target -- apt-get clean
 +    - curtin in-target --target=/target -- rm -rf /var/lib/apt/lists/*
 -- 
-2.39.2
+2.39.1
 
diff --git a/...kubernetes-sigs/image-builder/patches/0016-adds-support-for-raw-ubuntu-22.04-builds.patch b/...kubernetes-sigs/image-builder/patches/0016-adds-support-for-raw-ubuntu-22.04-builds.patch
@@ -1,4 +1,4 @@
-From 91daaa82f64c7c0a80c63b739f2a01c54640873d Mon Sep 17 00:00:00 2001
+From 2787a5bd657cb37f2fb1d9be90b1ce34238526ce Mon Sep 17 00:00:00 2001
 From: Jackson West <jgw@amazon.com>
 Date: Fri, 16 Jun 2023 15:27:15 -0500
 Subject: [PATCH 16/18] adds support for raw ubuntu 22.04 builds
@@ -311,5 +311,5 @@ index 000000000..38e827ef1
 +  "shutdown_command": "shutdown -P now"
 +  }
 -- 
-2.39.2
+2.39.1
 
diff --git a/...igs/image-builder/patches/0017-sets-OS_VERSION-for-goss-validation-on-raw-image-bui.patch b/...igs/image-builder/patches/0017-sets-OS_VERSION-for-goss-validation-on-raw-image-bui.patch
@@ -1,7 +1,7 @@
-From 38977df506b782e779085b6a0cebe87ea080de5c Mon Sep 17 00:00:00 2001
+From 2dfca2a7cdad5941c05f9f070b126d4b80398ce3 Mon Sep 17 00:00:00 2001
 From: Jackson West <jgw@amazon.com>
 Date: Wed, 28 Jun 2023 12:42:22 -0500
-Subject: [PATCH 16/18] sets OS_VERSION for goss validation on raw image builds
+Subject: [PATCH 17/18] sets OS_VERSION for goss validation on raw image builds
 
 ---
  images/capi/packer/raw/packer.json              | 1 +
@@ -87,5 +87,5 @@ index 38e827ef1..7a7b3109f 100644
    "iso_checksum": "5e38b55d57d94ff029719342357325ed3bda38fa80054f9330dc789cd2d43931",
    "iso_checksum_type": "sha256",
 -- 
-2.40.1
+2.39.1
 
diff --git a/...s-sigs/image-builder/patches/0018-Disable-UDP-offload-service-for-Redhat-and-Ubuntu.patch b/...s-sigs/image-builder/patches/0018-Disable-UDP-offload-service-for-Redhat-and-Ubuntu.patch
@@ -0,0 +1,112 @@
+From b1d69b87ea150387e738af951ef4723a8f2c040a Mon Sep 17 00:00:00 2001
+From: Taylor Neyland <tneyla@amazon.com>
+Date: Wed, 19 Jul 2023 12:51:30 -0500
+Subject: [PATCH 18/18] Disable UDP offload service for Redhat and Ubuntu
+
+---
+ .../system/disable-udp-offload-redhat.service  | 15 +++++++++++++++
+ .../system/disable-udp-offload-ubuntu.service  | 15 +++++++++++++++
+ .../roles/providers/tasks/vmware-redhat.yml    | 18 ++++++++++++++++++
+ .../roles/providers/tasks/vmware-ubuntu.yml    | 17 +++++++++++++++++
+ 4 files changed, 65 insertions(+)
+ create mode 100644 images/capi/ansible/roles/providers/files/etc/systemd/system/disable-udp-offload-redhat.service
+ create mode 100644 images/capi/ansible/roles/providers/files/etc/systemd/system/disable-udp-offload-ubuntu.service
+
+diff --git a/images/capi/ansible/roles/providers/files/etc/systemd/system/disable-udp-offload-redhat.service b/images/capi/ansible/roles/providers/files/etc/systemd/system/disable-udp-offload-redhat.service
+new file mode 100644
+index 000000000..d445e4763
+--- /dev/null
++++ b/images/capi/ansible/roles/providers/files/etc/systemd/system/disable-udp-offload-redhat.service
+@@ -0,0 +1,15 @@
++[Unit]
++Description=Disables UDP offload
++After=NetworkManager-wait-online.service
++# Block manual interactions with this service
++RefuseManualStart=true
++RefuseManualStop=true
++
++[Service]
++Type=oneshot
++ExecStart=/usr/sbin/ethtool -K eth0 tx-udp_tnl-segmentation off
++ExecStart=/usr/sbin/ethtool -K eth0 tx-udp_tnl-csum-segmentation off
++RemainAfterExit=true
++
++[Install]
++WantedBy=multi-user.target
+diff --git a/images/capi/ansible/roles/providers/files/etc/systemd/system/disable-udp-offload-ubuntu.service b/images/capi/ansible/roles/providers/files/etc/systemd/system/disable-udp-offload-ubuntu.service
+new file mode 100644
+index 000000000..7f5d50a8e
+--- /dev/null
++++ b/images/capi/ansible/roles/providers/files/etc/systemd/system/disable-udp-offload-ubuntu.service
+@@ -0,0 +1,15 @@
++[Unit]
++Description=Disables UDP offload for Ubuntu
++After=systemd-networkd-wait-online.service
++# Block manual interactions with this service
++RefuseManualStart=true
++RefuseManualStop=true
++
++[Service]
++Type=oneshot
++ExecStart=/usr/sbin/ethtool -K eth0 tx-udp_tnl-segmentation off
++ExecStart=/usr/sbin/ethtool -K eth0 tx-udp_tnl-csum-segmentation off
++RemainAfterExit=true
++
++[Install]
++WantedBy=network-online.target
+\ No newline at end of file
+diff --git a/images/capi/ansible/roles/providers/tasks/vmware-redhat.yml b/images/capi/ansible/roles/providers/tasks/vmware-redhat.yml
+index 0047e90a7..616098859 100644
+--- a/images/capi/ansible/roles/providers/tasks/vmware-redhat.yml
++++ b/images/capi/ansible/roles/providers/tasks/vmware-redhat.yml
+@@ -49,3 +49,21 @@
+   file:
+     path:  /tmp/cloud-init-vmware.sh
+     state: absent
++
++- name: Create service disable udp offload
++  copy:
++    src: files/etc/systemd/system/disable-udp-offload-redhat.service
++    dest: /etc/systemd/system/disable-udp-offload-redhat.service
++    owner: root
++    group: root
++    mode: 0644
++  when: ansible_os_family != "Flatcar"
++
++- name: Enable disable-udp-offload-redhat.service
++  systemd:
++    name: disable-udp-offload-redhat.service
++    daemon_reload: yes
++    enabled: True
++    state: stopped
++  when: ansible_os_family != "Flatcar"
++  
+\ No newline at end of file
+diff --git a/images/capi/ansible/roles/providers/tasks/vmware-ubuntu.yml b/images/capi/ansible/roles/providers/tasks/vmware-ubuntu.yml
+index 8a63b50ce..392a6fc4e 100644
+--- a/images/capi/ansible/roles/providers/tasks/vmware-ubuntu.yml
++++ b/images/capi/ansible/roles/providers/tasks/vmware-ubuntu.yml
+@@ -51,3 +51,20 @@
+     content: |
+       datasource: VMware
+   when: ansible_distribution_version is version('22.04', '>=')
++
++- name: Create service disable udp offload
++  copy:
++    src: files/etc/systemd/system/disable-udp-offload-ubuntu.service
++    dest: /etc/systemd/system/disable-udp-offload-ubuntu.service
++    owner: root
++    group: root
++    mode: 0644
++  when: ansible_distribution_version is version('22.04', '>=')
++
++- name: Enable disable-udp-offload-ubuntu.service
++  systemd:
++    name: disable-udp-offload-ubuntu.service
++    daemon_reload: yes
++    enabled: True
++    state: stopped
++  when: ansible_distribution_version is version('22.04', '>=')
+-- 
+2.39.1
+