Encapsulate sysctl test and log

pkg/proxy/iptables/proxier.go

@@ -269,11 +269,8 @@ func NewProxier(ipt utiliptables.Interface,
 	nodePortAddresses []string,
 ) (*Proxier, error) {
 	// Set the route_localnet sysctl we need for
-	if val, _ := sysctl.GetSysctl(sysctlRouteLocalnet); val != 1 {
-		if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil {
-			return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err)
-		}
-		klog.V(1).Infof("Set sysctl %q to 1", sysctlRouteLocalnet)
+	if err := utilproxy.EnsureSysctl(sysctl, sysctlRouteLocalnet, 1); err != nil {
+		return nil, err
 	}
 
 	// Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers

pkg/proxy/ipvs/proxier.go

@@ -347,11 +347,8 @@ func NewProxier(ipt utiliptables.Interface,
 	kernelHandler KernelHandler,
 ) (*Proxier, error) {
 	// Set the route_localnet sysctl we need for
-	if val, _ := sysctl.GetSysctl(sysctlRouteLocalnet); val != 1 {
-		if err := sysctl.SetSysctl(sysctlRouteLocalnet, 1); err != nil {
-			return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlRouteLocalnet, err)
-		}
-		klog.V(1).Infof("Set sysctl %q to 1", sysctlRouteLocalnet)
+	if err := utilproxy.EnsureSysctl(sysctl, sysctlRouteLocalnet, 1); err != nil {
+		return nil, err
 	}
 
 	// Proxy needs br_netfilter and bridge-nf-call-iptables=1 when containers
@@ -362,11 +359,8 @@ func NewProxier(ipt utiliptables.Interface,
 	}
 
 	// Set the conntrack sysctl we need for
-	if val, _ := sysctl.GetSysctl(sysctlVSConnTrack); val != 1 {
-		if err := sysctl.SetSysctl(sysctlVSConnTrack, 1); err != nil {
-			return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlVSConnTrack, err)
-		}
-		klog.V(1).Infof("Set sysctl %q to 1", sysctlVSConnTrack)
+	if err := utilproxy.EnsureSysctl(sysctl, sysctlVSConnTrack, 1); err != nil {
+		return nil, err
 	}
 
 	kernelVersionStr, err := kernelHandler.GetKernelVersion()
@@ -381,53 +375,35 @@ func NewProxier(ipt utiliptables.Interface,
 		klog.Errorf("can't set sysctl %s, kernel version must be at least %s", sysctlConnReuse, connReuseMinSupportedKernelVersion)
 	} else {
 		// Set the connection reuse mode
-		if val, _ := sysctl.GetSysctl(sysctlConnReuse); val != 0 {
-			if err := sysctl.SetSysctl(sysctlConnReuse, 0); err != nil {
-				return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlConnReuse, err)
-			}
-			klog.V(1).Infof("Set sysctl %q to 0", sysctlConnReuse)
+		if err := utilproxy.EnsureSysctl(sysctl, sysctlConnReuse, 0); err != nil {
+			return nil, err
 		}
 	}
 
 	// Set the expire_nodest_conn sysctl we need for
-	if val, _ := sysctl.GetSysctl(sysctlExpireNoDestConn); val != 1 {
-		if err := sysctl.SetSysctl(sysctlExpireNoDestConn, 1); err != nil {
-			return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlExpireNoDestConn, err)
-		}
-		klog.V(1).Infof("Set sysctl %q to 1", sysctlExpireNoDestConn)
+	if err := utilproxy.EnsureSysctl(sysctl, sysctlExpireNoDestConn, 1); err != nil {
+		return nil, err
 	}
 
 	// Set the expire_quiescent_template sysctl we need for
-	if val, _ := sysctl.GetSysctl(sysctlExpireQuiescentTemplate); val != 1 {
-		if err := sysctl.SetSysctl(sysctlExpireQuiescentTemplate, 1); err != nil {
-			return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlExpireQuiescentTemplate, err)
-		}
-		klog.V(1).Infof("Set sysctl %q to 1", sysctlExpireQuiescentTemplate)
+	if err := utilproxy.EnsureSysctl(sysctl, sysctlExpireQuiescentTemplate, 1); err != nil {
+		return nil, err
 	}
 
 	// Set the ip_forward sysctl we need for
-	if val, _ := sysctl.GetSysctl(sysctlForward); val != 1 {
-		if err := sysctl.SetSysctl(sysctlForward, 1); err != nil {
-			return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlForward, err)
-		}
-		klog.V(1).Infof("Set sysctl %q to 1", sysctlForward)
+	if err := utilproxy.EnsureSysctl(sysctl, sysctlForward, 1); err != nil {
+		return nil, err
 	}
 
 	if strictARP {
 		// Set the arp_ignore sysctl we need for
-		if val, _ := sysctl.GetSysctl(sysctlArpIgnore); val != 1 {
-			if err := sysctl.SetSysctl(sysctlArpIgnore, 1); err != nil {
-				return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlArpIgnore, err)
-			}
-			klog.V(1).Infof("Set sysctl %q to 1", sysctlArpIgnore)
+		if err := utilproxy.EnsureSysctl(sysctl, sysctlArpIgnore, 1); err != nil {
+			return nil, err
 		}
 
 		// Set the arp_announce sysctl we need for
-		if val, _ := sysctl.GetSysctl(sysctlArpAnnounce); val != 2 {
-			if err := sysctl.SetSysctl(sysctlArpAnnounce, 2); err != nil {
-				return nil, fmt.Errorf("can't set sysctl %s: %v", sysctlArpAnnounce, err)
-			}
-			klog.V(1).Infof("Set sysctl %q to 2", sysctlArpAnnounce)
+		if err := utilproxy.EnsureSysctl(sysctl, sysctlArpAnnounce, 2); err != nil {
+			return nil, err
 		}
 	}
 

pkg/proxy/util/BUILD

@@ -12,6 +12,7 @@ go_library(
     visibility = ["//visibility:public"],
     deps = [
         "//pkg/apis/core/v1/helper:go_default_library",
+        "//pkg/util/sysctl:go_default_library",
         "//staging/src/k8s.io/api/core/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/rand:go_default_library",

pkg/proxy/util/utils.go

@@ -29,6 +29,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/client-go/tools/record"
 	helper "k8s.io/kubernetes/pkg/apis/core/v1/helper"
+	utilsysctl "k8s.io/kubernetes/pkg/util/sysctl"
 	utilnet "k8s.io/utils/net"
 
 	"k8s.io/klog"
@@ -288,3 +289,14 @@ func ShuffleStrings(s []string) []string {
 	}
 	return shuffled
 }
+
+// EnsureSysctl sets a kernel sysctl to a given numeric value.
+func EnsureSysctl(sysctl utilsysctl.Interface, name string, newVal int) error {
+	if oldVal, _ := sysctl.GetSysctl(name); oldVal != newVal {
+		if err := sysctl.SetSysctl(name, newVal); err != nil {
+			return fmt.Errorf("can't set sysctl %s to %d: %v", name, newVal, err)
+		}
+		klog.V(1).Infof("Changed sysctl %q: %d -> %d", name, oldVal, newVal)
+	}
+	return nil
+}