Skip to content

fix: create /etc/sysctl.d/ for Flatcar before sysctl tasks run#1991

Merged
k8s-ci-robot merged 1 commit into
kubernetes-sigs:mainfrom
giantswarm:fix/flatcar-create-sysctl-dir
May 5, 2026
Merged

fix: create /etc/sysctl.d/ for Flatcar before sysctl tasks run#1991
k8s-ci-robot merged 1 commit into
kubernetes-sigs:mainfrom
giantswarm:fix/flatcar-create-sysctl-dir

Conversation

@njuettner
Copy link
Copy Markdown
Member

@njuettner njuettner commented Apr 29, 2026
edited
Loading

Change description

Flatcar uses a stateless /etc/ model. Its baselayout package only pre-creates a small set of /etc/ directories (tmpfiles.d/baselayout-etc.conf: /etc/profile.d, /etc/vim, /etc/sudoers.d, …) — /etc/sysctl.d/ is not among them and is never pre-created.

The node role's "Set and persist kernel params" task writes to /etc/sysctl.d/99-sysctl.conf (per node defaults for Flatcar) via ansible.posix.sysctl, which calls mkstemp in the parent directory and fails with FileNotFoundError when the directory is missing.

Fix: add a file task in the setup role's flatcar.yml that ensures /etc/sysctl.d/ exists before any sysctl task runs. This mirrors the existing pattern in node/tasks/flatcar.yml for /etc/modprobe.d/, which is created the same way with the inline note "because of the read-only filesystem on Flatcar in /etc". Aligns with Flatcar's documented convention for persistent sysctl overrides: https://www.flatcar.org/docs/latest/setup/customization/other-settings/

  • Is this change including a new Provider or a new OS? (y/n) n

Additional context

Failing task excerpt:

TASK [node : Set and persist kernel params]
FileNotFoundError: [Errno 2] No such file or directory:
'/etc/sysctl.d/.ansible_m_sysctl_<hash>.conf'

@njuettner
fix: create /etc/sysctl.d directory for Flatcar
e6ee1fe 
Flatcar Stable 4593.2.0+ ships without /etc/sysctl.d/ pre-created
(part of the broader filesystem reshuffle in that release). The node
role's 'Set and persist kernel params' task writes to
/etc/sysctl.d/99-sysctl.conf via ansible.posix.sysctl, which uses
mkstemp in the parent directory and fails with FileNotFoundError
when the directory is missing.

Add a file task in the setup role's flatcar.yml to ensure the
directory exists before any sysctl tasks run.
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Apr 29, 2026
@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Apr 29, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Apr 29, 2026

@njuettner: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-ova-all e6ee1fe link false /test pull-ova-all

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@njuettner
Copy link
Copy Markdown
Member Author

njuettner commented Apr 29, 2026

The pull-ova-all failure is unrelated — photon-5 fails at TASK [setup : Perform a tdnf distro-sync] (before any sysctl task runs) with the upstream iptables / alternatives resolution error already tracked in #1989. The other 5 OVA targets pass, and pull-azure-vhds, pull-gcp-all, and pull-lint are green. pull-ova-all is non-required.

cc @AverageMarcus for review.

drew-viles
drew-viles reviewed Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@drew-viles drew-viles left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 29, 2026
@AverageMarcus
Copy link
Copy Markdown
Member

AverageMarcus commented May 5, 2026

/lgtm
/approve

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented May 5, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: AverageMarcus

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 5, 2026
@k8s-ci-robot k8s-ci-robot merged commit 7e36cad into kubernetes-sigs:main May 5, 2026
9 of 10 checks passed
vomba pushed a commit to elastisys/image-builder that referenced this pull request May 13, 2026
@k8s-ci-robot @vomba
Merge pull request kubernetes-sigs#1991 from giantswarm/fix/flatcar-c…
649a354 
…reate-sysctl-dir

fix: create /etc/sysctl.d/ for Flatcar before sysctl tasks run
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@drew-viles drew-viles drew-viles left review comments

@jsturtevant jsturtevant Awaiting requested review from jsturtevant

Assignees

@drew-viles drew-viles

@AverageMarcus AverageMarcus

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@njuettner @k8s-ci-robot @AverageMarcus @drew-viles