openstack
/
magnum
Code Issues Proposed changes

Upgrade to Fedora 25 

Atomic image contains:
kubernetes-1.5.3-1.fc25.x86_64
docker-1.12.6-5.git037a2f5.fc25.x86_64
flannel-0.5.5-8.fc25.x86_64
etcd-3.0.15-1.fc25.x86_64

The ironic image contains exactly the same packages.

* For this upgrade the upstream image is used, which is
  uploaded here [1].
* Minor changes for flannel and docker-storage-setup
  were needed.
* The image will be built in the CI and uploaded to
  tarballs.openstack.org as soon as possible.
* Ironic image [2].

Notes:
* docker-storage-setup config changes were needed because in
  the previous images it was disabled and it was started by us.
* We can have selinux enables in containers since the images
  have kernel 4.9.x.
* relabel selinux tags for swarm-manager certificates directory

[1] https://fedorapeople.org/groups/magnum/fedora-atomic-25-latest.qcow2
[2] https://fedorapeople.org/groups/magnum/fedora-25-kubernetes-ironic.tar.gz

 Conflicts:
	magnum/drivers/common/templates/fragments/configure_docker_storage_driver_atomic.sh
	magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
	magnum/drivers/common/templates/kubernetes/fragments/network-config-service.sh
	magnum/drivers/common/templates/kubernetes/fragments/write-network-config.sh
	magnum/drivers/k8s_fedora_atomic_v1/version.py
	magnum/drivers/k8s_fedora_ironic_v1/version.py
	magnum/drivers/swarm_fedora_atomic_v1/version.py
	magnum/tests/contrib/gate_hook.sh

(Cherry-picked from d2532a3af2)

Add docker-d options in sysconfig/docker

Remove custom docker unit file and pass the necessary options
through /etc/sysconfig/docker file.

Closes-Bug: #1646123
(Cherry-picked from 4dd178e7ca)

Change-Id: If0a430893af582e2efbd57dc171d056b109ee803
This commit is contained in:
Spyros Trigazis 2016-11-30 15:20:28 +01:00
parent a3d6007160
commit 9fb7d7fa68
18 changed files with 91 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
magnum/drivers/common/templates/fragments/configure_docker_storage_driver_atomic.sh
View File

@ -1,9 +1,17 @@
# This file contains docker storage drivers configuration for fedora
# atomic hosts. Currently, devicemapper and overlay are supported.
# Remove any existing docker-storage configuration. In case of an
# existing configuration, docker-storage-setup will fail.
clear_docker_storage_congiguration () {
# * Remove any existing docker-storage configuration. In case of an
# existing configuration, docker-storage-setup will fail.
# * Remove docker storage graph
clear_docker_storage () {
# stop docker
systemctl stop docker
# clear storage graph
rm -rf /var/lib/docker/*
# remove current LVs
docker-storage-setup --reset
if [ -f /etc/sysconfig/docker-storage ]; then
sed -i "/^DOCKER_STORAGE_OPTIONS=/ s/=.*/=/" /etc/sysconfig/docker-storage
fi
@ -11,9 +19,7 @@ clear_docker_storage_congiguration () {
# Configure docker storage with xfs as backing filesystem.
configure_overlay () {
clear_docker_storage_congiguration
rm -rf /var/lib/docker/*
clear_docker_storage
if [ -n "$DOCKER_VOLUME_SIZE" ] && [ "$DOCKER_VOLUME_SIZE" -gt 0 ]; then
mkfs.xfs -f ${device_path}
@ -23,20 +29,29 @@ configure_overlay () {
echo "STORAGE_DRIVER=overlay" > /etc/sysconfig/docker-storage-setup
# SELinux must be enabled and in enforcing mode on the physical
# machine, but must be disabled in the container when performing
# container separation
sed -i "/^OPTIONS=/ s/--selinux-enabled/--selinux-enabled=false/" /etc/sysconfig/docker
docker-storage-setup
local lvname=$(lvdisplay | grep "LV\ Path" | awk '{print $3}')
local pvname=$(pvdisplay | grep "PV\ Name" | awk '{print $3}')
lvextend -r $lvname $pvname
}
# Configure docker storage with devicemapper using direct LVM
configure_devicemapper () {
clear_docker_storage_congiguration
clear_docker_storage
echo "GROWROOT=True" > /etc/sysconfig/docker-storage-setup
echo "ROOT_SIZE=5GB" >> /etc/sysconfig/docker-storage-setup
if [ -n "$DOCKER_VOLUME_SIZE" ] && [ "$DOCKER_VOLUME_SIZE" -gt 0 ]; then
pvcreate -f ${device_path}
vgcreate docker ${device_path}
echo "VG=docker" > /etc/sysconfig/docker-storage-setup
echo "VG=docker" >> /etc/sysconfig/docker-storage-setup
else
echo "DATA_SIZE=95%FREE" >> /etc/sysconfig/docker-storage-setup
fi
docker-storage-setup
}

4
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
View File

@ -52,12 +52,12 @@ sed -i '
if [ "$NETWORK_DRIVER" = "flannel" ]; then
sed -i '
/^FLANNEL_ETCD=/ s|=.*|="http://'"$ETCD_SERVER_IP"':2379"|
/^FLANNEL_ETCD_ENDPOINTS=/ s|=.*|="http://'"$ETCD_SERVER_IP"':2379"|
' /etc/sysconfig/flanneld
# Make sure etcd has a flannel configuration
. /etc/sysconfig/flanneld
until curl -sf "$FLANNEL_ETCD/v2/keys${FLANNEL_ETCD_KEY}/config?quorum=false&recursive=false&sorted=false"
until curl -sf "$FLANNEL_ETCD_ENDPOINTS/v2/keys${FLANNEL_ETCD_PREFIX}/config?quorum=false&recursive=false&sorted=false"
do
echo "Waiting for flannel configuration in etcd..."
sleep 5

6
magnum/drivers/common/templates/kubernetes/fragments/network-config-service.sh
View File

@ -21,14 +21,14 @@ if ! [ -f "$FLANNEL_JSON" ]; then
exit 1
fi
if ! [ "$FLANNEL_ETCD" ] && [ "$FLANNEL_ETCD_KEY" ]; then
if [ -z "$FLANNEL_ETCD_ENDPOINTS" ] || [ -z "$FLANNEL_ETCD_PREFIX" ]; then
echo "ERROR: missing required configuration" >&2
exit 1
fi
echo "creating flanneld config in etcd"
while ! curl -sf -L $FLANNEL_ETCD/v2/keys${FLANNEL_ETCD_KEY}/config \
-X PUT --data-urlencode value@${FLANNEL_JSON}; do
while ! curl -sf -L $FLANNEL_ETCD_ENDPOINTS/v2/keys${FLANNEL_ETCD_PREFIX}/config \
-X PUT --data-urlencode value@${FLANNEL_JSON}; do
echo "waiting for etcd"
sleep 1
done

2
magnum/drivers/common/templates/kubernetes/fragments/write-network-config.sh
View File

@ -12,7 +12,7 @@ FLANNEL_JSON=/etc/sysconfig/flannel-network.json
FLANNELD_CONFIG=/etc/sysconfig/flanneld
sed -i '
/^FLANNEL_ETCD=/ s/=.*/="http:\/\/127.0.0.1:2379"/
/^FLANNEL_ETCD_ENDPOINTS=/ s/=.*/="http:\/\/127.0.0.1:2379"/
' /etc/sysconfig/flanneld
# Generate a flannel configuration that we will

2
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
View File

@ -256,7 +256,7 @@ parameters:
kube_version:
type: string
description: version of kubernetes used for kubernetes cluster
default: v1.2.0
default: v1.5.3
insecure_registry_url:
type: string

4
magnum/drivers/k8s_fedora_atomic_v1/version.py
View File

@ -13,5 +13,5 @@
# limitations under the License.
version = '1.0.0'
driver = 'k8s_fedora_atomic'
container_version = '1.9.1'
driver = 'k8s_fedora_atomic_v1'
container_version = '1.12.6'

2
magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml
View File

@ -269,7 +269,7 @@ parameters:
kube_version:
type: string
description: version of kubernetes used for kubernetes cluster
default: v1.2.0
default: v1.5.3
insecure_registry_url:
type: string

15
magnum/drivers/k8s_fedora_ironic_v1/version.py Normal file
View File

@ -0,0 +1,15 @@
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
version = '1.0.0'
driver = 'k8s_fedora_ironic_v1'
container_version = '1.12.6'

13
magnum/drivers/swarm_fedora_atomic_v1/templates/fragments/add-docker-daemon-options.sh Normal file
View File

@ -0,0 +1,13 @@
#!/bin/sh
. /etc/sysconfig/heat-params
opts="-H fd:// -H tcp://0.0.0.0:2375 "
if [ "$TLS_DISABLED" = 'False' ]; then
opts=$opts"--tlsverify --tlscacert=/etc/docker/ca.crt "
opts=$opts"--tlskey=/etc/docker/server.key "
opts=$opts"--tlscert=/etc/docker/server.crt "
fi
sed -i '/^OPTIONS=/ s#\(OPTIONS='"'"'\)#\1'"$opts"'#' /etc/sysconfig/docker

4
magnum/drivers/swarm_fedora_atomic_v1/templates/fragments/enable-services.sh
View File

@ -1,5 +1,9 @@
#!/bin/sh
set -x
systemctl stop docker
echo "starting services"
systemctl daemon-reload
for service in $NODE_SERVICES; do

52
magnum/drivers/swarm_fedora_atomic_v1/templates/fragments/write-docker-service.sh
View File

@ -1,52 +0,0 @@
#!/bin/sh
. /etc/sysconfig/heat-params
mkdir -p /etc/systemd/system/docker.service.d
cat > /etc/systemd/system/docker.service << END_SERVICE_TOP
[Unit]
Description=Docker Application Container Engine
Documentation=http://docs.docker.com
After=network.target docker.socket
Requires=docker.socket
Wants=docker-storage-setup.service
[Service]
TimeoutStartSec=300
Type=notify
EnvironmentFile=-/etc/sysconfig/docker
EnvironmentFile=-/etc/sysconfig/docker-storage
EnvironmentFile=-/etc/sysconfig/docker-network
Environment=GOTRACEBACK=crash
ExecStart=/usr/bin/docker daemon -H fd:// \\
-H tcp://0.0.0.0:2375 \\
END_SERVICE_TOP
if [ "$TLS_DISABLED" = 'False' ]; then
cat >> /etc/systemd/system/docker.service << END_TLS
--tlsverify \\
--tlscacert="/etc/docker/ca.crt" \\
--tlskey="/etc/docker/server.key" \\
--tlscert="/etc/docker/server.crt" \\
END_TLS
fi
cat >> /etc/systemd/system/docker.service << END_SERVICE_BOTTOM
\$OPTIONS \\
\$DOCKER_STORAGE_OPTIONS \\
\$DOCKER_NETWORK_OPTIONS \\
\$INSECURE_REGISTRY
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
MountFlags=slave
[Install]
WantedBy=multi-user.target
END_SERVICE_BOTTOM
chown root:root /etc/systemd/system/docker.service
chmod 644 /etc/systemd/system/docker.service

1
magnum/drivers/swarm_fedora_atomic_v1/templates/fragments/write-docker-socket.yaml
View File

@ -9,6 +9,7 @@ write_files:
Description=Docker Socket for the API
PartOf=docker.service
After=docker-storage-setup.service
Before=docker.service
[Socket]
ListenStream=/var/run/docker.sock

2
magnum/drivers/swarm_fedora_atomic_v1/templates/fragments/write-swarm-master-service.sh
View File

@ -13,7 +13,7 @@ ExecStartPre=-/usr/bin/docker kill swarm-manager
ExecStartPre=-/usr/bin/docker rm swarm-manager
ExecStartPre=-/usr/bin/docker pull swarm:$SWARM_VERSION
ExecStart=/usr/bin/docker run --name swarm-manager \\
-v /etc/docker:/etc/docker \\
-v /etc/docker:/etc/docker:Z \\
-p 2376:2375 \\
-e http_proxy=$HTTP_PROXY \\
-e https_proxy=$HTTPS_PROXY \\

8
magnum/drivers/swarm_fedora_atomic_v1/templates/swarmmaster.yaml
View File

@ -275,11 +275,11 @@ resources:
group: ungrouped
config: {get_file: fragments/make-cert.py}
write_docker_service:
add_docker_daemon_options:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/write-docker-service.sh}
config: {get_file: fragments/add-docker-daemon-options.sh}
write_swarm_manager_failure_service:
type: "OS::Heat::SoftwareConfig"
@ -325,7 +325,7 @@ resources:
str_replace:
template: {get_file: fragments/enable-services.sh}
params:
"$NODE_SERVICES": "etcd docker.socket swarm-manager"
"$NODE_SERVICES": "etcd docker.socket docker swarm-manager"
cfn_signal:
type: "OS::Heat::SoftwareConfig"
@ -365,7 +365,7 @@ resources:
- config: {get_resource: network_service}
- config: {get_resource: configure_docker_storage}
- config: {get_resource: write_swarm_manager_failure_service}
- config: {get_resource: write_docker_service}
- config: {get_resource: add_docker_daemon_options}
- config: {get_resource: write_docker_socket}
- config: {get_resource: write_swarm_master_service}
- config: {get_resource: add_proxy}

8
magnum/drivers/swarm_fedora_atomic_v1/templates/swarmnode.yaml
View File

@ -246,11 +246,11 @@ resources:
group: ungrouped
config: {get_file: ../../common/templates/fragments/configure-docker-registry.sh}
write_docker_service:
add_docker_daemon_options:
type: "OS::Heat::SoftwareConfig"
properties:
group: ungrouped
config: {get_file: fragments/write-docker-service.sh}
config: {get_file: fragments/add-docker-daemon-options.sh}
write_docker_socket:
type: "OS::Heat::SoftwareConfig"
@ -296,7 +296,7 @@ resources:
str_replace:
template: {get_file: fragments/enable-services.sh}
params:
"$NODE_SERVICES": "docker.socket swarm-agent"
"$NODE_SERVICES": "docker.socket docker swarm-agent"
cfn_signal:
type: "OS::Heat::SoftwareConfig"
@ -335,7 +335,7 @@ resources:
- config: {get_resource: configure_docker_registry}
- config: {get_resource: write_swarm_agent_failure_service}
- config: {get_resource: write_swarm_agent_service}
- config: {get_resource: write_docker_service}
- config: {get_resource: add_docker_daemon_options}
- config: {get_resource: write_docker_socket}
- config: {get_resource: add_proxy}
- config: {get_resource: enable_docker_registry}

4
magnum/drivers/swarm_fedora_atomic_v1/version.py
View File

@ -13,5 +13,5 @@
# limitations under the License.
version = '1.0.0'
driver = 'swarm_atomic'
container_version = '1.9.1'
driver = 'swarm_fedora_atomic_v1'
container_version = '1.12.6'

6
magnum/tests/contrib/copy_instance_logs.sh
View File

@ -42,6 +42,8 @@ function remote_exec {
mkdir -p $LOG_PATH
cat /proc/cpuinfo > /opt/stack/logs/cpuinfo.log
if [[ "$COE" == "kubernetes" ]]; then
SSH_USER=fedora
remote_exec $SSH_USER "sudo systemctl --full list-units --no-pager" systemctl_list_units.log
@ -81,6 +83,7 @@ elif [[ "$COE" == "swarm" ]]; then
remote_exec $SSH_USER "sudo journalctl -u cloud-final --no-pager" cloud-final.log
remote_exec $SSH_USER "sudo journalctl -u cloud-init-local --no-pager" cloud-init-local.log
remote_exec $SSH_USER "sudo journalctl -u cloud-init --no-pager" cloud-init.log
remote_exec $SSH_USER "sudo cat /var/log/cloud-init-output.log" cloud-init-output.log
remote_exec $SSH_USER "sudo journalctl -u etcd --no-pager" etcd.log
remote_exec $SSH_USER "sudo journalctl -u swarm-manager --no-pager" swarm-manager.log
remote_exec $SSH_USER "sudo journalctl -u swarm-agent --no-pager" swarm-agent.log
@ -89,6 +92,9 @@ elif [[ "$COE" == "swarm" ]]; then
remote_exec $SSH_USER "sudo systemctl show docker-storage-setup --no-pager" docker-storage-setup.service.show.log
remote_exec $SSH_USER "sudo cat /etc/sysconfig/docker-storage-setup 2>/dev/null" docker-storage-setup.sysconfig.env.log
remote_exec $SSH_USER "sudo journalctl -u docker --no-pager" docker.log
remote_exec $SSH_USER "sudo journalctl -u docker-containerd --no-pager" docker-containerd.log
remote_exec $SSH_USER "sudo systemctl status docker.socket -l" docker.socket.status.log
remote_exec $SSH_USER "sudo systemctl show docker.socket --no-pager" docker.socket.show.log
remote_exec $SSH_USER "sudo systemctl status docker -l" docker.service.status.log
remote_exec $SSH_USER "sudo systemctl show docker --no-pager" docker.service.show.log
remote_exec $SSH_USER "sudo cat /etc/sysconfig/docker" docker.sysconfig.env.log

8
magnum/tests/contrib/gate_hook.sh
View File

@ -32,8 +32,8 @@ if [ "$coe" = "mesos" ]; then
elif [ "$coe" = "k8s-coreos" ]; then
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL=http://beta.release.core-os.net/amd64-usr/1153.4.0/coreos_production_openstack_image.img.bz2"
elif [ "${coe}${special}" = "k8s-ironic" ]; then
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='https://fedorapeople.org/groups/magnum/fedora-24-kubernetes-ironic.tar.gz'"
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-24-kubernetes-ironic'"
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='https://fedorapeople.org/groups/magnum/fedora-kubernetes-ironic-latest.tar.gz'"
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-kubernetes-ironic-latest'"
export DEVSTACK_GATE_VIRT_DRIVER="ironic"
# NOTE(yuanying): Current implementation requires only 1 subnet under network
@ -78,8 +78,8 @@ elif [ "${coe}${special}" = "k8s-ironic" ]; then
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_SPECS_DISK=10"
export DEVSTACK_LOCAL_CONFIG+=$'\n'"IRONIC_VM_EPHEMERAL_DISK=5"
else
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='http://tarballs.openstack.org/magnum/images/fedora-atomic-f23-dib.qcow2'"
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-atomic-f23-dib'"
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_GUEST_IMAGE_URL='https://fedorapeople.org/groups/magnum/fedora-atomic-latest.qcow2'"
export DEVSTACK_LOCAL_CONFIG+=$'\n'"MAGNUM_IMAGE_NAME='fedora-atomic-latest'"
fi
# Enable magnum plugin in the last step