Upgrade to Fedora 25
Atomic image contains: kubernetes-1.5.3-1.fc25.x86_64 docker-1.12.6-5.git037a2f5.fc25.x86_64 flannel-0.5.5-8.fc25.x86_64 etcd-3.0.15-1.fc25.x86_64 The ironic image contains exactly the same packages. * For this upgrade the upstream image is used, which is uploaded here [1]. * Minor changes for flannel and docker-storage-setup were needed. * The image will be built in the CI and uploaded to tarballs.openstack.org as soon as possible. * Ironic image [2]. Notes: * docker-storage-setup config changes were needed because in the previous images it was disabled and it was started by us. * We can have selinux enables in containers since the images have kernel 4.9.x. * relabel selinux tags for swarm-manager certificates directory [1] https://fedorapeople.org/groups/magnum/fedora-atomic-25-latest.qcow2 [2] https://fedorapeople.org/groups/magnum/fedora-25-kubernetes-ironic.tar.gz Conflicts: magnum/drivers/common/templates/fragments/configure_docker_storage_driver_atomic.sh magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh magnum/drivers/common/templates/kubernetes/fragments/network-config-service.sh magnum/drivers/common/templates/kubernetes/fragments/write-network-config.sh magnum/drivers/k8s_fedora_atomic_v1/version.py magnum/drivers/k8s_fedora_ironic_v1/version.py magnum/drivers/swarm_fedora_atomic_v1/version.py magnum/tests/contrib/gate_hook.sh (Cherry-picked fromd2532a3af2
) Add docker-d options in sysconfig/docker Remove custom docker unit file and pass the necessary options through /etc/sysconfig/docker file. Closes-Bug: #1646123 (Cherry-picked from4dd178e7ca
) Change-Id: If0a430893af582e2efbd57dc171d056b109ee803
This commit is contained in:
parent
a3d6007160
commit
9fb7d7fa68
|
@ -1,9 +1,17 @@
|
|||
# This file contains docker storage drivers configuration for fedora
|
||||
# atomic hosts. Currently, devicemapper and overlay are supported.
|
||||
|
||||
# Remove any existing docker-storage configuration. In case of an
|
||||
# existing configuration, docker-storage-setup will fail.
|
||||
clear_docker_storage_congiguration () {
|
||||
# * Remove any existing docker-storage configuration. In case of an
|
||||
# existing configuration, docker-storage-setup will fail.
|
||||
# * Remove docker storage graph
|
||||
clear_docker_storage () {
|
||||
# stop docker
|
||||
systemctl stop docker
|
||||
# clear storage graph
|
||||
rm -rf /var/lib/docker/*
|
||||
# remove current LVs
|
||||
docker-storage-setup --reset
|
||||
|
||||
if [ -f /etc/sysconfig/docker-storage ]; then
|
||||
sed -i "/^DOCKER_STORAGE_OPTIONS=/ s/=.*/=/" /etc/sysconfig/docker-storage
|
||||
fi
|
||||
|
@ -11,9 +19,7 @@ clear_docker_storage_congiguration () {
|
|||
|
||||
# Configure docker storage with xfs as backing filesystem.
|
||||
configure_overlay () {
|
||||
clear_docker_storage_congiguration
|
||||
|
||||
rm -rf /var/lib/docker/*
|
||||
clear_docker_storage
|
||||
|
||||
if [ -n "$DOCKER_VOLUME_SIZE" ] && [ "$DOCKER_VOLUME_SIZE" -gt 0 ]; then
|
||||
mkfs.xfs -f ${device_path}
|
||||
|
@ -23,20 +29,29 @@ configure_overlay () {
|
|||
|
||||
echo "STORAGE_DRIVER=overlay" > /etc/sysconfig/docker-storage-setup
|
||||
|
||||
# SELinux must be enabled and in enforcing mode on the physical
|
||||
# machine, but must be disabled in the container when performing
|
||||
# container separation
|
||||
sed -i "/^OPTIONS=/ s/--selinux-enabled/--selinux-enabled=false/" /etc/sysconfig/docker
|
||||
docker-storage-setup
|
||||
|
||||
local lvname=$(lvdisplay | grep "LV\ Path" | awk '{print $3}')
|
||||
local pvname=$(pvdisplay | grep "PV\ Name" | awk '{print $3}')
|
||||
lvextend -r $lvname $pvname
|
||||
}
|
||||
|
||||
# Configure docker storage with devicemapper using direct LVM
|
||||
configure_devicemapper () {
|
||||
clear_docker_storage_congiguration
|
||||
clear_docker_storage
|
||||
|
||||
echo "GROWROOT=True" > /etc/sysconfig/docker-storage-setup
|
||||
echo "ROOT_SIZE=5GB" >> /etc/sysconfig/docker-storage-setup
|
||||
|
||||
if [ -n "$DOCKER_VOLUME_SIZE" ] && [ "$DOCKER_VOLUME_SIZE" -gt 0 ]; then
|
||||
|
||||
pvcreate -f ${device_path}
|
||||
vgcreate docker ${device_path}
|
||||
|
||||
echo "VG=docker" > /etc/sysconfig/docker-storage-setup
|
||||
echo "VG=docker" >> /etc/sysconfig/docker-storage-setup
|
||||
else
|
||||
echo "DATA_SIZE=95%FREE" >> /etc/sysconfig/docker-storage-setup
|
||||
fi
|
||||
|
||||
docker-storage-setup
|
||||
}
|
||||
|
|
|
@ -52,12 +52,12 @@ sed -i '
|
|||
|
||||
if [ "$NETWORK_DRIVER" = "flannel" ]; then
|
||||
sed -i '
|
||||
/^FLANNEL_ETCD=/ s|=.*|="http://'"$ETCD_SERVER_IP"':2379"|
|
||||
/^FLANNEL_ETCD_ENDPOINTS=/ s|=.*|="http://'"$ETCD_SERVER_IP"':2379"|
|
||||
' /etc/sysconfig/flanneld
|
||||
|
||||
# Make sure etcd has a flannel configuration
|
||||
. /etc/sysconfig/flanneld
|
||||
until curl -sf "$FLANNEL_ETCD/v2/keys${FLANNEL_ETCD_KEY}/config?quorum=false&recursive=false&sorted=false"
|
||||
until curl -sf "$FLANNEL_ETCD_ENDPOINTS/v2/keys${FLANNEL_ETCD_PREFIX}/config?quorum=false&recursive=false&sorted=false"
|
||||
do
|
||||
echo "Waiting for flannel configuration in etcd..."
|
||||
sleep 5
|
||||
|
|
|
@ -21,14 +21,14 @@ if ! [ -f "$FLANNEL_JSON" ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
if ! [ "$FLANNEL_ETCD" ] && [ "$FLANNEL_ETCD_KEY" ]; then
|
||||
if [ -z "$FLANNEL_ETCD_ENDPOINTS" ] || [ -z "$FLANNEL_ETCD_PREFIX" ]; then
|
||||
echo "ERROR: missing required configuration" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "creating flanneld config in etcd"
|
||||
while ! curl -sf -L $FLANNEL_ETCD/v2/keys${FLANNEL_ETCD_KEY}/config \
|
||||
-X PUT --data-urlencode value@${FLANNEL_JSON}; do
|
||||
while ! curl -sf -L $FLANNEL_ETCD_ENDPOINTS/v2/keys${FLANNEL_ETCD_PREFIX}/config \
|
||||
-X PUT --data-urlencode value@${FLANNEL_JSON}; do
|
||||
echo "waiting for etcd"
|
||||
sleep 1
|
||||
done
|
||||
|
|
|
@ -12,7 +12,7 @@ FLANNEL_JSON=/etc/sysconfig/flannel-network.json
|
|||
FLANNELD_CONFIG=/etc/sysconfig/flanneld
|
||||
|
||||
sed -i '
|
||||
/^FLANNEL_ETCD=/ s/=.*/="http:\/\/127.0.0.1:2379"/
|
||||
/^FLANNEL_ETCD_ENDPOINTS=/ s/=.*/="http:\/\/127.0.0.1:2379"/
|
||||
' /etc/sysconfig/flanneld
|
||||
|
||||
# Generate a flannel configuration that we will
|
||||
|
|
|
@ -256,7 +256,7 @@ parameters:
|
|||
kube_version:
|
||||
type: string
|
||||
description: version of kubernetes used for kubernetes cluster
|
||||
default: v1.2.0
|
||||
default: v1.5.3
|
||||
|
||||
insecure_registry_url:
|
||||
type: string
|
||||
|
|
|
@ -13,5 +13,5 @@
|
|||
# limitations under the License.
|
||||
|
||||
version = '1.0.0'
|
||||
driver = 'k8s_fedora_atomic'
|
||||
container_version = '1.9.1'
|
||||
driver = 'k8s_fedora_atomic_v1'
|
||||
container_version = '1.12.6'
|
||||
|
|
|
@ -269,7 +269,7 @@ parameters:
|
|||
kube_version:
|
||||
type: string
|
||||
description: version of kubernetes used for kubernetes cluster
|
||||
default: v1.2.0
|
||||
default: v1.5.3
|
||||
|
||||
insecure_registry_url:
|
||||
type: string
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
version = '1.0.0'
|
||||
driver = 'k8s_fedora_ironic_v1'
|
||||
container_version = '1.12.6'
|
|
@ -0,0 +1,13 @@
|
|||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
|
||||
opts="-H fd:// -H tcp://0.0.0.0:2375 "
|
||||
|
||||
if [ "$TLS_DISABLED" = 'False' ]; then
|
||||
opts=$opts"--tlsverify --tlscacert=/etc/docker/ca.crt "
|
||||
opts=$opts"--tlskey=/etc/docker/server.key "
|
||||
opts=$opts"--tlscert=/etc/docker/server.crt "
|
||||
fi
|
||||
|
||||
sed -i '/^OPTIONS=/ s#\(OPTIONS='"'"'\)#\1'"$opts"'#' /etc/sysconfig/docker
|
|
@ -1,5 +1,9 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -x
|
||||
|
||||
systemctl stop docker
|
||||
|
||||
echo "starting services"
|
||||
systemctl daemon-reload
|
||||
for service in $NODE_SERVICES; do
|
||||
|
|
|
@ -1,52 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
. /etc/sysconfig/heat-params
|
||||
|
||||
mkdir -p /etc/systemd/system/docker.service.d
|
||||
|
||||
cat > /etc/systemd/system/docker.service << END_SERVICE_TOP
|
||||
[Unit]
|
||||
Description=Docker Application Container Engine
|
||||
Documentation=http://docs.docker.com
|
||||
After=network.target docker.socket
|
||||
Requires=docker.socket
|
||||
Wants=docker-storage-setup.service
|
||||
|
||||
[Service]
|
||||
TimeoutStartSec=300
|
||||
Type=notify
|
||||
EnvironmentFile=-/etc/sysconfig/docker
|
||||
EnvironmentFile=-/etc/sysconfig/docker-storage
|
||||
EnvironmentFile=-/etc/sysconfig/docker-network
|
||||
Environment=GOTRACEBACK=crash
|
||||
ExecStart=/usr/bin/docker daemon -H fd:// \\
|
||||
-H tcp://0.0.0.0:2375 \\
|
||||
END_SERVICE_TOP
|
||||
|
||||
if [ "$TLS_DISABLED" = 'False' ]; then
|
||||
|
||||
cat >> /etc/systemd/system/docker.service << END_TLS
|
||||
--tlsverify \\
|
||||
--tlscacert="/etc/docker/ca.crt" \\
|
||||
--tlskey="/etc/docker/server.key" \\
|
||||
--tlscert="/etc/docker/server.crt" \\
|
||||
END_TLS
|
||||
|
||||
fi
|
||||
|
||||
cat >> /etc/systemd/system/docker.service << END_SERVICE_BOTTOM
|
||||
\$OPTIONS \\
|
||||
\$DOCKER_STORAGE_OPTIONS \\
|
||||
\$DOCKER_NETWORK_OPTIONS \\
|
||||
\$INSECURE_REGISTRY
|
||||
LimitNOFILE=1048576
|
||||
LimitNPROC=1048576
|
||||
LimitCORE=infinity
|
||||
MountFlags=slave
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
END_SERVICE_BOTTOM
|
||||
|
||||
chown root:root /etc/systemd/system/docker.service
|
||||
chmod 644 /etc/systemd/system/docker.service
|
|
@ -9,6 +9,7 @@ write_files:
|
|||
Description=Docker Socket for the API
|
||||
PartOf=docker.service
|
||||
After=docker-storage-setup.service
|
||||
Before=docker.service
|
||||
|
||||
[Socket]
|
||||
ListenStream=/var/run/docker.sock
|
||||
|
|
|
@ -13,7 +13,7 @@ ExecStartPre=-/usr/bin/docker kill swarm-manager
|
|||
ExecStartPre=-/usr/bin/docker rm swarm-manager
|
||||
ExecStartPre=-/usr/bin/docker pull swarm:$SWARM_VERSION
|
||||
ExecStart=/usr/bin/docker run --name swarm-manager \\
|
||||
-v /etc/docker:/etc/docker \\
|
||||
-v /etc/docker:/etc/docker:Z \\
|
||||
-p 2376:2375 \\
|
||||
-e http_proxy=$HTTP_PROXY \\
|
||||
-e https_proxy=$HTTPS_PROXY \\
|
||||
|
|
|
@ -275,11 +275,11 @@ resources:
|
|||
group: ungrouped
|
||||
config: {get_file: fragments/make-cert.py}
|
||||
|
||||
write_docker_service:
|
||||
add_docker_daemon_options:
|
||||
type: "OS::Heat::SoftwareConfig"
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/write-docker-service.sh}
|
||||
config: {get_file: fragments/add-docker-daemon-options.sh}
|
||||
|
||||
write_swarm_manager_failure_service:
|
||||
type: "OS::Heat::SoftwareConfig"
|
||||
|
@ -325,7 +325,7 @@ resources:
|
|||
str_replace:
|
||||
template: {get_file: fragments/enable-services.sh}
|
||||
params:
|
||||
"$NODE_SERVICES": "etcd docker.socket swarm-manager"
|
||||
"$NODE_SERVICES": "etcd docker.socket docker swarm-manager"
|
||||
|
||||
cfn_signal:
|
||||
type: "OS::Heat::SoftwareConfig"
|
||||
|
@ -365,7 +365,7 @@ resources:
|
|||
- config: {get_resource: network_service}
|
||||
- config: {get_resource: configure_docker_storage}
|
||||
- config: {get_resource: write_swarm_manager_failure_service}
|
||||
- config: {get_resource: write_docker_service}
|
||||
- config: {get_resource: add_docker_daemon_options}
|
||||
- config: {get_resource: write_docker_socket}
|
||||
- config: {get_resource: write_swarm_master_service}
|
||||
- config: {get_resource: add_proxy}
|
||||
|
|
|
@ -246,11 +246,11 @@ resources:
|
|||
group: ungrouped
|
||||
config: {get_file: ../../common/templates/fragments/configure-docker-registry.sh}
|
||||
|
||||
write_docker_service:
|
||||
add_docker_daemon_options:
|
||||
type: "OS::Heat::SoftwareConfig"
|
||||
properties:
|
||||
group: ungrouped
|
||||
config: {get_file: fragments/write-docker-service.sh}
|
||||
config: {get_file: fragments/add-docker-daemon-options.sh}
|
||||
|
||||
write_docker_socket:
|
||||
type: "OS::Heat::SoftwareConfig"
|
||||
|
@ -296,7 +296,7 @@ resources:
|
|||
str_replace:
|
||||
template: {get_file: fragments/enable-services.sh}
|
||||
params:
|
||||
"$NODE_SERVICES": "docker.socket swarm-agent"
|
||||
"$NODE_SERVICES": "docker.socket docker swarm-agent"
|
||||
|
||||
cfn_signal:
|
||||
type: "OS::Heat::SoftwareConfig"
|
||||
|
@ -335,7 +335,7 @@ resources:
|
|||
- config: {get_resource: configure_docker_registry}
|
||||
- config: {get_resource: write_swarm_agent_failure_service}
|
||||
- config: {get_resource: write_swarm_agent_service}
|
||||
- config: {get_resource: write_docker_service}
|
||||
- config: {get_resource: add_docker_daemon_options}
|
||||
- config: {get_resource: write_docker_socket}
|
||||
- config: {get_resource: add_proxy}
|
||||
- config: {get_resource: enable_docker_registry}
|
||||
|
|
|
@ -13,5 +13,5 @@
|
|||
# limitations under the License.
|
||||
|
||||
version = '1.0.0'
|
||||
driver = 'swarm_atomic'
|
||||
container_version = '1.9.1'
|
||||
driver = 'swarm_fedora_atomic_v1'
|
||||
container_version = '1.12.6'
|
||||
|
|
|
@ -42,6 +42,8 @@ function remote_exec {
|
|||
|
||||
mkdir -p $LOG_PATH
|
||||
|
||||
cat /proc/cpuinfo > /opt/stack/logs/cpuinfo.log
|
||||
|
||||
if [[ "$COE" == "kubernetes" ]]; then
|
||||
SSH_USER=fedora
|
||||
remote_exec $SSH_USER "sudo systemctl --full list-units --no-pager" systemctl_list_units.log
|
||||
|
@ -81,6 +83,7 @@ elif [[ "$COE" == "swarm" ]]; then
|
|||
remote_exec $SSH_USER "sudo journalctl -u cloud-final --no-pager" cloud-final.log
|
||||
remote_exec $SSH_USER "sudo journalctl -u cloud-init-local --no-pager" cloud-init-local.log
|
||||
remote_exec $SSH_USER "sudo journalctl -u cloud-init --no-pager" cloud-init.log
|
||||
remote_exec $SSH_USER "sudo cat /var/log/cloud-init-output.log" cloud-init-output.log
|
||||
remote_exec $SSH_USER "sudo journalctl -u etcd --no-pager" etcd.log
|
||||
remote_exec $SSH_USER "sudo journalctl -u swarm-manager --no-pager" swarm-manager.log
|
||||
remote_exec $SSH_USER "sudo journalctl -u swarm-agent --no-pager" swarm-agent.log
|
||||
|
@ -89,6 +92,9 @@ elif [[ "$COE" == "swarm" ]]; then
|
|||
remote_exec $SSH_USER "sudo systemctl show docker-storage-setup --no-pager" docker-storage-setup.service.show.log
|
||||
remote_exec $SSH_USER "sudo cat /etc/sysconfig/docker-storage-setup 2>/dev/null" docker-storage-setup.sysconfig.env.log
|
||||
remote_exec $SSH_USER "sudo journalctl -u docker --no-pager" docker.log
|
||||
remote_exec $SSH_USER "sudo journalctl -u docker-containerd --no-pager" docker-containerd.log
|
||||
remote_exec $SSH_USER "sudo systemctl status docker.socket -l" docker.socket.status.log
|
||||
remote_exec $SSH_USER "sudo systemctl show docker.socket --no-pager" docker.socket.show.log
|
||||
remote_exec $SSH_USER "sudo systemctl status docker -l" docker.service.status.log
|
||||
remote_exec $SSH_USER "sudo systemctl show docker --no-pager" docker.service.show.log
|
||||
remote_exec $SSH_USER "sudo cat /etc/sysconfig/docker" docker.sysconfig.env.log
|
||||
|
|
|
@ -32,8 +32,8 @@ if [ "$coe" = "mesos" ]; then
|
|||
elif [ "$coe" = "k8s-coreos" ]; then
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL=http://beta.release.core-os.net/amd64-usr/1153.4.0/coreos_production_openstack_image.img.bz2"
|
||||
elif [ "${coe}${special}" = "k8s-ironic" ]; then
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='https://fedorapeople.org/groups/magnum/fedora-24-kubernetes-ironic.tar.gz'"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-24-kubernetes-ironic'"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='https://fedorapeople.org/groups/magnum/fedora-kubernetes-ironic-latest.tar.gz'"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-kubernetes-ironic-latest'"
|
||||
|
||||
export DEVSTACK_GATE_VIRT_DRIVER="ironic"
|
||||
# NOTE(yuanying): Current implementation requires only 1 subnet under network
|
||||
|
@ -78,8 +78,8 @@ elif [ "${coe}${special}" = "k8s-ironic" ]; then
|
|||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_SPECS_DISK=10"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_EPHEMERAL_DISK=5"
|
||||
else
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='http://tarballs.openstack.org/magnum/images/fedora-atomic-f23-dib.qcow2'"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-atomic-f23-dib'"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='https://fedorapeople.org/groups/magnum/fedora-atomic-latest.qcow2'"
|
||||
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-atomic-latest'"
|
||||
fi
|
||||
|
||||
# Enable magnum plugin in the last step
|
||||
|
|
Loading…
Reference in New Issue