From b2dcb9f3ec4169345bfd8d88df126c66d7c6d498 Mon Sep 17 00:00:00 2001
From: Lantao Liu <lantaol@google.com>
Date: Fri, 22 Sep 2017 23:21:58 +0000
Subject: [PATCH] Add net.ipv4.ip_forward=1 and use ansible sysctl.

Signed-off-by: Lantao Liu <lantaol@google.com>
---
 contrib/ansible/cri-containerd.yaml | 33 +++++++++++++++--------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/contrib/ansible/cri-containerd.yaml b/contrib/ansible/cri-containerd.yaml
index 85cb417ae..0fec8ddde 100644
--- a/contrib/ansible/cri-containerd.yaml
+++ b/contrib/ansible/cri-containerd.yaml
@@ -15,16 +15,17 @@
     
     - name: "Start CRI-Containerd"
       systemd: name=cri-containerd daemon_reload=yes state=started enabled=yes
-    
-    - name: "Set bridge-nf-call-iptables"
-      lineinfile:
-        line: "net/bridge/bridge-nf-call-iptables = 1"
-        dest: /etc/sysctl.conf
-        insertafter: 'EOF'
-        regexp: '\/net\/bridge\/bridge-nf-call-iptables = 1'
-        state: present
-      ignore_errors: true
-    
+
+    - name: "Set bridge-nf-call-iptables" 
+      sysctl:
+        name: net.bridge.bridge-nf-call-iptables
+        value: 1
+
+    - name: "Set ip_forward" 
+      sysctl:
+        name: net.ipv4.ip_forward
+        value: 1
+
     - name: "Check kubelet args in kubelet config"
       shell: grep "^Environment=\"KUBELET_EXTRA_ARGS=" /etc/systemd/system/kubelet.service.d/10-kubeadm.conf 
       ignore_errors: true
@@ -32,9 +33,9 @@
 
     - name: "Add runtime args in kubelet conf"
       lineinfile:
-                dest: "/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"
-                line: "Environment=\"KUBELET_EXTRA_ARGS= --container-runtime=remote --runtime-request-timeout=15m --image-service-endpoint=/var/run/cri-containerd.sock --container-runtime-endpoint=/var/run/cri-containerd.sock\""
-                insertafter: '\[Service\]'
+        dest: "/etc/systemd/system/kubelet.service.d/10-kubeadm.conf"
+        line: "Environment=\"KUBELET_EXTRA_ARGS= --container-runtime=remote --runtime-request-timeout=15m --image-service-endpoint=/var/run/cri-containerd.sock --container-runtime-endpoint=/var/run/cri-containerd.sock\""
+        insertafter: '\[Service\]'
       when: check_args.stdout == ""
     
     - name: "Start Kubelet"
@@ -43,6 +44,6 @@
     # TODO This needs to be removed once we have consistent concurrent pull results
     - name: "Pre-pull pause container image"
       shell: |
-             /usr/local/bin/ctr pull gcr.io/google_containers/pause:3.0
-             /usr/local/bin/crictl --runtime-endpoint /var/run/cri-containerd.sock \
-             pull gcr.io/google_containers/pause:3.0
+        /usr/local/bin/ctr pull gcr.io/google_containers/pause:3.0
+        /usr/local/bin/crictl --runtime-endpoint /var/run/cri-containerd.sock \
+        pull gcr.io/google_containers/pause:3.0