Merge "[k8s_fedora] Add heat-agent to worker nodes"

2019-02-13 11:48:03 +00:00 · 2019-02-13 11:48:03 +00:00 · 61173ec6fb
parent 0b5f4260d9 b2a6a7715a
commit 61173ec6fb
3 changed files with 38 additions and 1 deletions
--- a/magnum/drivers/common/templates/kubernetes/fragments/start-container-agent.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/start-container-agent.sh
@ -2,7 +2,32 @@

 . /etc/sysconfig/heat-params

-set -ux
+set -uxe
+
+# Create a keypair for the heat-container-agent to
+# access the node over ssh. It is useful to operate
+# in host mount namespace and apply configuration.
+mkdir -p /srv/magnum/.ssh
+chmod 700 /srv/magnum/.ssh
+ssh-keygen -t rsa -N '' -f /srv/magnum/.ssh/heat_agent_rsa
+chmod 400 /srv/magnum/.ssh/heat_agent_rsa
+chmod 400 /srv/magnum/.ssh/heat_agent_rsa.pub
+# Add the public to the host authorized_keys file.
+cat /srv/magnum/.ssh/heat_agent_rsa.pub > /root/.ssh/authorized_keys
+# Add localost to know_hosts
+ssh-keyscan 127.0.0.1 > /srv/magnum/.ssh/known_hosts
+# ssh configguration file, to be specified with ssh -F
+cat > /srv/magnum/.ssh/config <<EOF
+Host localhost
+     HostName 127.0.0.1
+     User root
+     IdentityFile /srv/magnum/.ssh/heat_agent_rsa
+     UserKnownHostsFile /srv/magnum/.ssh/known_hosts
+EOF
+
+sed -i '/^PermitRootLogin/ s/ .*/ without-password/' /etc/ssh/sshd_config
+systemctl restart sshd
+

 _prefix=${CONTAINER_INFRA_PREFIX:-docker.io/openstackmagnum/}
 atomic install \
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
@ -282,6 +282,12 @@ parameters:

 resources:

+  start_container_agent:
+    type: OS::Heat::SoftwareConfig
+    properties:
+      group: ungrouped
+      config: {get_file: ../../common/templates/kubernetes/fragments/start-container-agent.sh}
+
  minion_wait_handle:
    type: OS::Heat::WaitConditionHandle

@ -454,6 +460,7 @@ resources:
        - config: {get_resource: install_openstack_ca}
        - config: {get_resource: disable_selinux}
        - config: {get_resource: write_heat_params}
+        - config: {get_resource: start_container_agent}
        - config: {get_resource: write_kube_os_config}
        - config: {get_resource: make_cert}
        - config: {get_resource: configure_docker_storage}
--- a/releasenotes/notes/heat-container-agent-tag-fe7cec6b890329af.yaml
+++ b/releasenotes/notes/heat-container-agent-tag-fe7cec6b890329af.yaml
@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Add heat container agent into Kubernetes cluster worker nodes to support
+    cluster rolling upgrade.