Merge "initial commit of deis"
This commit is contained in:
commit
a9e0c26fc3
|
@ -0,0 +1,4 @@
|
|||
*.tfstate
|
||||
*.tfstate.backup
|
||||
files/discovery_url
|
||||
*.override
|
|
@ -0,0 +1,14 @@
|
|||
Copyright 2013, 2014 Engine Yard, Inc.
|
||||
Copyright 2016 Paul Czarkowski
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
|
@ -0,0 +1,235 @@
|
|||
# DEIS on Openstack with Terraform
|
||||
|
||||
Provision a DEIS cluster with [Terraform](https://www.terraform.io) on
|
||||
Openstack.
|
||||
|
||||
## Status
|
||||
|
||||
This will install a DEIS cluster on an Openstack Cloud. It is tested on a
|
||||
OpenStack Cloud provided by [BlueBox](https://www.blueboxcloud.com/) and
|
||||
should work on most modern installs of OpenStack that support the basic
|
||||
services.
|
||||
|
||||
## Requirements
|
||||
|
||||
- [Install Terraform](https://www.terraform.io/intro/getting-started/install.html)
|
||||
- [Install DEIS CLI](http://docs.deis.io/en/latest/using_deis/install-client/)
|
||||
- ]Upload a CoreOS](https://coreos.com/os/docs/latest/booting-on-openstack.html) image to glance and remember the image name.
|
||||
|
||||
## Terraform
|
||||
|
||||
Terraform will be used to provision all of the OpenStack resources required to
|
||||
run Docker Swarm. It is also used to deploy and provision the software
|
||||
requirements.
|
||||
|
||||
### Prep
|
||||
|
||||
#### OpenStack
|
||||
|
||||
Ensure your OpenStack credentials are loaded in environment variables. This is
|
||||
how I do it:
|
||||
|
||||
```
|
||||
$ source ~/.stackrc
|
||||
```
|
||||
|
||||
You will need two networks before installing, an internal network and
|
||||
an external (floating IP Pool) network. The internet network can be shared as
|
||||
we use security groups to provide network segregation. Due to the many
|
||||
differences between OpenStack installs the Terraform does not attempt to create
|
||||
these for you.
|
||||
|
||||
By default Terraform will expect that your networks are called `internal` and
|
||||
`external`. You can change this by altering the Terraform variables `network_name` and `floatingip_pool`.
|
||||
|
||||
You can also change the number of instances `cluster_size` (default `3`); the
|
||||
path to your public key `public_key_path` (default `~/.ssh/id_rsa.pub`); and
|
||||
the flavor `flavor` to use (default `m1.medium`).
|
||||
|
||||
All OpenStack resources will use the Terraform variable `cluster_name` (
|
||||
default `example`) in their name to make it easier to track. For example the
|
||||
first compute resource will be named `example-deis-1`.
|
||||
|
||||
#### Terraform
|
||||
|
||||
Ensure your local ssh-agent is running and your ssh key has been added. This
|
||||
step is required by the terraform provisioner:
|
||||
|
||||
```
|
||||
$ eval $(ssh-agent -s)
|
||||
$ ssh-add ~/.ssh/id_rsa
|
||||
```
|
||||
|
||||
|
||||
Ensure that you have your Openstack credentials loaded into Terraform
|
||||
environment variables. Likely via a command similar to:
|
||||
|
||||
```
|
||||
$ export TF_VAR_username=${OS_USERNAME}
|
||||
$ export TF_VAR_password=${OS_PASSWORD}
|
||||
$ export TF_VAR_tenant=${OS_TENANT_NAME}
|
||||
$ export TF_VAR_auth_url=${OS_AUTH_URL}
|
||||
```
|
||||
|
||||
Terraform expects an SSH keypair to exist `keys/deis` and `keys/deis.pub`
|
||||
which it will upload to the instances so they can communicate with eachother
|
||||
over SSH, if this keypair doesn't exist it will attempt to create them.
|
||||
|
||||
Terraform will attempt to fetch a _Discovery URL_ for etcd. If you want to
|
||||
provide your own write it to the text file `files/discovery_url` and set the
|
||||
Terraform variable `generate_discovery_url` to `0`.
|
||||
|
||||
You can also change the version of DEIS to install by setting `deisctl_version`
|
||||
and you can set `deis_domain` if you have a custom URL (otherwise it will use
|
||||
`.xip.io`).
|
||||
|
||||
|
||||
# Provision a Deis Cluster on OpenStack
|
||||
|
||||
With all our variables set we can go ahead and provision our cluster adding any
|
||||
extra variables you wish to pass through like this:
|
||||
|
||||
_The steps that install and start deis can take quite some time, be patient._
|
||||
|
||||
```
|
||||
$ terraform apply \
|
||||
-var "image=coreos-alpha-884-0-0"
|
||||
...
|
||||
...
|
||||
Apply complete! Resources: 12 added, 0 changed, 0 destroyed.
|
||||
|
||||
The state of your infrastructure has been saved to the path
|
||||
below. This state is required to modify and destroy your
|
||||
infrastructure, so keep it safe. To inspect the complete state
|
||||
use the `terraform show` command.
|
||||
|
||||
State path: terraform.tfstate
|
||||
|
||||
Outputs:
|
||||
|
||||
msg = Your hosts are ready to go! Continue following the documentation to install and start Deis. Your hosts are: x.x.x.x, y.y.y.y, z.z.z.z
|
||||
register = Run the following to register your first [admin] user: $ deis register http://deis.x.x.x.x.xip.io
|
||||
|
||||
```
|
||||
|
||||
# Create first user and deploy a demonstration app:
|
||||
|
||||
Create admin user:
|
||||
|
||||
```
|
||||
$ deis register http://deis.x.x.x.x.xip.io
|
||||
username: admin
|
||||
password:
|
||||
password (confirm):
|
||||
email: admin@example.com
|
||||
Registered admin
|
||||
upgrading.
|
||||
Logged in as admin
|
||||
```
|
||||
|
||||
Upload a SSH key:
|
||||
|
||||
```
|
||||
$ deis keys:add ~/.ssh/id_rsa.pub
|
||||
Uploading id_rsa.pub to deis... done
|
||||
```
|
||||
|
||||
Deploy an example application:
|
||||
|
||||
```
|
||||
$ git clone https://github.com/deis/example-python-flask.git
|
||||
$ cd example-python-flask
|
||||
$ deis create
|
||||
Creating Application... o..done, created hungry-knapsack
|
||||
|
||||
$ git push deis master
|
||||
Counting objects: 98, done.
|
||||
Delta compression using up to 8 threads.
|
||||
Compressing objects: 100% (88/88), done.
|
||||
Writing objects: 100% (98/98), 22.55 KiB | 0 bytes/s, done.
|
||||
Total 98 (delta 38), reused 0 (delta 0)
|
||||
-----> Python app detected
|
||||
-----> Installing runtime (python-2.7.10)
|
||||
-----> Installing dependencies with pip
|
||||
...
|
||||
-----> Discovering process types
|
||||
-----> Compiled slug size is 37M
|
||||
-----> Building Docker image
|
||||
remote: Sending build context to Docker daemon 38.33 MB
|
||||
...
|
||||
Step 1 : ENV GIT_SHA 774eded22b5bab907c89a29b100ccc7f2423b729
|
||||
---> Running in 75274e449a86
|
||||
---> 3ec06b68ed87
|
||||
Removing intermediate container 75274e449a86
|
||||
Successfully built 3ec06b68ed87
|
||||
-----> Pushing image to private registry
|
||||
-----> Launching...
|
||||
done, hungry-knapsack:v2 deployed to Deis
|
||||
http://hungry-knapsack.x.x.x.x.xip.io
|
||||
To learn more, use `deis help` or visit http://deis.io
|
||||
To ssh://git@deis.x.x.x.x.xip.io:2222/hungry-knapsack.git
|
||||
* [new branch] master -> master
|
||||
|
||||
```
|
||||
|
||||
Test that it works:
|
||||
|
||||
```
|
||||
$ curl http://hungry-knapsack.x.x.x.x.xip.io/
|
||||
Powered by Deis
|
||||
```
|
||||
|
||||
Scale it up:
|
||||
|
||||
```
|
||||
$ deis scale web=3
|
||||
Scaling processes... but first, coffee!
|
||||
..o
|
||||
=== hungry-knapsack Processes
|
||||
--- web:
|
||||
web.1 up (v2)
|
||||
web.2 up (v2)
|
||||
web.3 up (v2)
|
||||
$ curl http://hungry-knapsack.x.x.x.x.xip.io/
|
||||
Powered by Deis
|
||||
```
|
||||
|
||||
Configure it:
|
||||
|
||||
```
|
||||
$ deis config:set POWERED_BY=OpenStack
|
||||
Creating config... ..o
|
||||
done, v3
|
||||
=== hungry-knapsack Config
|
||||
POWERED_BY OpenStack
|
||||
|
||||
$ curl http://hungry-knapsack.x.x.x.x.xip.io/
|
||||
Powered by OpenStack
|
||||
```
|
||||
|
||||
Destroy it:
|
||||
|
||||
```
|
||||
$ deis destroy
|
||||
! WARNING: Potentially Destructive Action
|
||||
! This command will destroy the application: hungry-knapsack
|
||||
! To proceed, type "hungry-knapsack" or re-run this command with --confirm=hungry-knapsack
|
||||
> hungry-knapsack
|
||||
Destroying hungry-knapsack...
|
||||
done in 3s
|
||||
Git remote deis removed
|
||||
```
|
||||
|
||||
# clean up:
|
||||
|
||||
```
|
||||
$ terraform destroy
|
||||
Do you really want to destroy?
|
||||
Terraform will delete all your managed infrastructure.
|
||||
There is no undo. Only 'yes' will be accepted to confirm.
|
||||
|
||||
Enter a value: yes
|
||||
...
|
||||
...
|
||||
Apply complete! Resources: 0 added, 0 changed, 12 destroyed.
|
||||
```
|
|
@ -0,0 +1,145 @@
|
|||
resource "null_resource" "discovery_url" {
|
||||
count = "${var.generate_discovery_url}"
|
||||
provisioner "local-exec" {
|
||||
command = "curl -s 'https://discovery.etcd.io/new?size=${var.cluster_size}' > files/discovery_url"
|
||||
}
|
||||
}
|
||||
|
||||
resource "null_resource" "update_cloud_init" {
|
||||
provisioner "local-exec" {
|
||||
command = "sed -i \"s|^ discovery:.*$| discovery: $(cat files/discovery_url)|\" files/cloud-init"
|
||||
}
|
||||
depends_on = [
|
||||
"null_resource.discovery_url"
|
||||
]
|
||||
}
|
||||
|
||||
resource "null_resource" "generate_ssh_keys" {
|
||||
provisioner "local-exec" {
|
||||
command = "if [ ! -e keys/${var.deis_keyname} ]; then ssh-keygen -f keys/${var.deis_keyname} -P ''; fi"
|
||||
}
|
||||
}
|
||||
|
||||
resource "openstack_networking_floatingip_v2" "deis" {
|
||||
count = "${var.cluster_size}"
|
||||
pool = "${var.floatingip_pool}"
|
||||
}
|
||||
|
||||
resource "openstack_compute_keypair_v2" "deis" {
|
||||
name = "${var.cluster_name}-deis"
|
||||
public_key = "${file(var.public_key_path)}"
|
||||
}
|
||||
|
||||
resource "openstack_compute_secgroup_v2" "deis" {
|
||||
name = "${var.cluster_name}-deis"
|
||||
description = "Deis Security Group"
|
||||
rule {
|
||||
ip_protocol = "tcp"
|
||||
from_port = "22"
|
||||
to_port = "22"
|
||||
cidr = "0.0.0.0/0"
|
||||
}
|
||||
rule {
|
||||
ip_protocol = "tcp"
|
||||
from_port = "2222"
|
||||
to_port = "2222"
|
||||
cidr = "0.0.0.0/0"
|
||||
}
|
||||
rule {
|
||||
ip_protocol = "tcp"
|
||||
from_port = "80"
|
||||
to_port = "80"
|
||||
cidr = "0.0.0.0/0"
|
||||
}
|
||||
rule {
|
||||
ip_protocol = "icmp"
|
||||
from_port = "-1"
|
||||
to_port = "-1"
|
||||
cidr = "0.0.0.0/0"
|
||||
}
|
||||
rule {
|
||||
ip_protocol = "icmp"
|
||||
from_port = "-1"
|
||||
to_port = "-1"
|
||||
self = true
|
||||
}
|
||||
rule {
|
||||
ip_protocol = "tcp"
|
||||
from_port = "1"
|
||||
to_port = "65535"
|
||||
self = true
|
||||
}
|
||||
rule {
|
||||
ip_protocol = "udp"
|
||||
from_port = "1"
|
||||
to_port = "65535"
|
||||
self = true
|
||||
}
|
||||
}
|
||||
|
||||
resource "openstack_compute_instance_v2" "deis" {
|
||||
name = "${var.cluster_name}-deis-${count.index+1}"
|
||||
count = "${var.cluster_size}"
|
||||
image_name = "${var.image}"
|
||||
flavor_id = "${var.flavor}"
|
||||
key_pair = "${openstack_compute_keypair_v2.deis.name}"
|
||||
user_data = "${file("files/cloud-init")}"
|
||||
network {
|
||||
name = "${var.network_name}"
|
||||
}
|
||||
security_groups = [ "${openstack_compute_secgroup_v2.deis.name}" ]
|
||||
floating_ip = "${element(openstack_networking_floatingip_v2.deis.*.address, count.index)}"
|
||||
provisioner "file" {
|
||||
source = "keys/"
|
||||
destination = "/home/core/.ssh/"
|
||||
connection {
|
||||
user = "core"
|
||||
}
|
||||
}
|
||||
provisioner "remote-exec" {
|
||||
inline = [
|
||||
"chown core:core /home/core/.ssh/${var.deis_keyname}*",
|
||||
"chmod 0600 /home/core/.ssh/${var.deis_keyname}",
|
||||
"cat /home/core/.ssh/${var.deis_keyname}.pub >> /home/core/.ssh/authorized_keys",
|
||||
]
|
||||
connection {
|
||||
user = "core"
|
||||
}
|
||||
}
|
||||
depends_on = [
|
||||
"null_resource.update_cloud_init",
|
||||
"null_resource.generate_ssh_keys"
|
||||
]
|
||||
}
|
||||
|
||||
resource "null_resource" "install_deis" {
|
||||
provisioner "remote-exec" {
|
||||
inline = [
|
||||
"sudo mkdir -p /opt/bin",
|
||||
"if [[ ! -e /opt/bin/deictl ]]; then curl -sSL http://deis.io/deisctl/install.sh | sudo sh -s ${var.deisctl_version}; fi",
|
||||
"export DOMAIN=${var.deis_domain}",
|
||||
"if [[ -z $DOMAIN ]]; then export DOMAIN=${openstack_networking_floatingip_v2.deis.0.address}.xip.io; fi",
|
||||
"/opt/bin/deisctl config platform set domain=$DOMAIN",
|
||||
"/opt/bin/deisctl config platform set sshPrivateKey=/home/core/.ssh/${var.deis_keyname}",
|
||||
"/opt/bin/deisctl install platform",
|
||||
"/opt/bin/deisctl start platform",
|
||||
]
|
||||
connection {
|
||||
user = "core"
|
||||
host = "${openstack_networking_floatingip_v2.deis.0.address}"
|
||||
}
|
||||
}
|
||||
depends_on = [
|
||||
"openstack_compute_instance_v2.deis",
|
||||
]
|
||||
}
|
||||
|
||||
|
||||
output "msg" {
|
||||
value = "Your hosts are ready to go! Continue following the documentation to install and start Deis. Your hosts are: ${join(", ", openstack_networking_floatingip_v2.deis.*.address )}"
|
||||
}
|
||||
|
||||
output "register" {
|
||||
value = "Run the following to register your first [admin] user: $ deis register http://deis.${openstack_networking_floatingip_v2.deis.0.address}.xip.io"
|
||||
}
|
||||
|
|
@ -0,0 +1,279 @@
|
|||
#cloud-config
|
||||
|
||||
coreos:
|
||||
etcd2:
|
||||
# generate a new token for each unique cluster from https://discovery.etcd.io/new
|
||||
discovery: https://discovery.etcd.io/f492560139d27c040399c5b1e0ef8440
|
||||
# multi-region and multi-cloud deployments need to use $public_ipv4
|
||||
advertise-client-urls: http://$private_ipv4:2379
|
||||
initial-advertise-peer-urls: http://$private_ipv4:2380
|
||||
# listen on both the official ports and the legacy ports
|
||||
# legacy ports can be omitted if your application doesn't depend on them
|
||||
listen-client-urls: http://0.0.0.0:2379,http://0.0.0.0:4001
|
||||
listen-peer-urls: http://$private_ipv4:2380,http://$private_ipv4:7001
|
||||
data-dir: /var/lib/etcd2
|
||||
fleet:
|
||||
public-ip: $private_ipv4
|
||||
metadata: controlPlane=true,dataPlane=true,routerMesh=true
|
||||
update:
|
||||
reboot-strategy: "off"
|
||||
units:
|
||||
- name: etcd.service
|
||||
mask: true
|
||||
- name: etcd2.service
|
||||
command: start
|
||||
- name: fleet.service
|
||||
command: start
|
||||
- name: docker-tcp.socket
|
||||
command: start
|
||||
enable: true
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Docker Socket for the API
|
||||
|
||||
[Socket]
|
||||
ListenStream=2375
|
||||
Service=docker.service
|
||||
BindIPv6Only=both
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
||||
- name: update-engine.service
|
||||
command: stop
|
||||
enable: false
|
||||
- name: docker.service
|
||||
drop-ins:
|
||||
- name: 10-require-flannel.conf
|
||||
content: |
|
||||
[Unit]
|
||||
Requires=flanneld.service
|
||||
After=flanneld.service
|
||||
- name: 50-insecure-registry.conf
|
||||
content: |
|
||||
[Service]
|
||||
Environment="DOCKER_OPTS=--insecure-registry 10.0.0.0/8 --insecure-registry 172.16.0.0/12 --insecure-registry 192.168.0.0/16 --insecure-registry 100.64.0.0/10"
|
||||
- name: flanneld.service
|
||||
command: start
|
||||
drop-ins:
|
||||
- name: 50-network-config.conf
|
||||
content: |
|
||||
[Service]
|
||||
ExecStartPre=-/usr/bin/etcdctl mk /coreos.com/network/config '{"Network": "10.244.0.0/16", "SubnetLen": 24, "SubnetMin": "10.244.0.0", "Backend": {"Type": "vxlan"}}'
|
||||
- name: graceful-deis-shutdown.service
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Clean up
|
||||
DefaultDependencies=no
|
||||
After=fleet.service etcd2.service docker.service docker.socket deis-store-admin.service deis-store-daemon.service deis-store-volume.service deis-store-monitor.service
|
||||
Requires=fleet.service etcd2.service deis-store-admin.service deis-store-daemon.service deis-store-volume.service docker.service docker.socket deis-store-monitor.service
|
||||
|
||||
[Install]
|
||||
WantedBy=shutdown.target halt.target reboot.target
|
||||
|
||||
[Service]
|
||||
ExecStop=/opt/bin/graceful-shutdown.sh --really
|
||||
Type=oneshot
|
||||
TimeoutSec=1200
|
||||
RemainAfterExit=yes
|
||||
- name: install-deisctl.service
|
||||
command: start
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Install deisctl utility
|
||||
ConditionPathExists=!/opt/bin/deisctl
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/bin/sh -c 'curl -sSL --retry 5 --retry-delay 2 http://deis.io/deisctl/install.sh | sh -s 1.12.2'
|
||||
- name: increase-nf_conntrack-connections.service
|
||||
command: start
|
||||
content: |
|
||||
[Unit]
|
||||
Description=Increase the number of connections in nf_conntrack. default is 65536
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStartPre=/usr/sbin/modprobe nf_conntrack
|
||||
ExecStart=/bin/sh -c "sysctl -w net.netfilter.nf_conntrack_max=262144"
|
||||
write_files:
|
||||
- path: /etc/deis-release
|
||||
content: |
|
||||
DEIS_RELEASE=v1.12.2
|
||||
- path: /etc/motd
|
||||
content: " \e[31m* * \e[34m* \e[32m***** \e[39mddddd eeeeeee iiiiiii ssss\n\e[31m* * \e[34m* * \e[32m* * \e[39md d e e i s s\n \e[31m* * \e[34m***** \e[32m***** \e[39md d e i s\n\e[32m***** \e[31m* * \e[34m* \e[39md d e i s\n\e[32m* * \e[31m* * \e[34m* * \e[39md d eee i sss\n\e[32m***** \e[31m* * \e[34m***** \e[39md d e i s\n \e[34m* \e[32m***** \e[31m* * \e[39md d e i s\n \e[34m* * \e[32m* * \e[31m* * \e[39md d e e i s s\n\e[34m***** \e[32m***** \e[31m* * \e[39mddddd eeeeeee iiiiiii ssss\n\n\e[39mWelcome to Deis\t\t\tPowered by Core\e[38;5;45mO\e[38;5;206mS\e[39m\n"
|
||||
- path: /etc/profile.d/nse-function.sh
|
||||
permissions: '0755'
|
||||
content: |
|
||||
function nse() {
|
||||
docker exec -it $1 bash
|
||||
}
|
||||
- path: /run/deis/bin/get_image
|
||||
permissions: '0755'
|
||||
content: |
|
||||
#!/usr/bin/env bash
|
||||
# usage: get_image <component_path>
|
||||
IMAGE=`etcdctl get $1/image 2>/dev/null`
|
||||
|
||||
# if no image was set in etcd, we use the default plus the release string
|
||||
if [ $? -ne 0 ]; then
|
||||
RELEASE=`etcdctl get /deis/platform/version 2>/dev/null`
|
||||
|
||||
# if no release was set in etcd, use the default provisioned with the server
|
||||
if [ $? -ne 0 ]; then
|
||||
source /etc/deis-release
|
||||
RELEASE=$DEIS_RELEASE
|
||||
fi
|
||||
|
||||
IMAGE=$1:$RELEASE
|
||||
fi
|
||||
|
||||
# remove leading slash
|
||||
echo ${IMAGE#/}
|
||||
- path: /run/deis/bin/preseed
|
||||
permissions: '0755'
|
||||
content: |
|
||||
#!/usr/bin/env bash
|
||||
|
||||
COMPONENTS=(builder controller database logger logspout publisher registry router store-daemon store-gateway store-metadata store-monitor)
|
||||
for c in "${COMPONENTS[@]}"; do
|
||||
image=`/run/deis/bin/get_image /deis/$c`
|
||||
docker history $image >/dev/null 2>&1 || docker pull $image
|
||||
done
|
||||
- path: /opt/bin/deis-debug-logs
|
||||
permissions: '0755'
|
||||
content: |
|
||||
#!/usr/bin/env bash
|
||||
|
||||
echo '--- VERSIONS ---'
|
||||
source /etc/os-release
|
||||
echo $PRETTY_NAME
|
||||
source /etc/deis-release
|
||||
echo "Deis $DEIS_RELEASE"
|
||||
etcd2 -version | head -n1
|
||||
fleet -version
|
||||
printf "\n"
|
||||
|
||||
echo '--- SYSTEM STATUS ---'
|
||||
journalctl -n 50 -u etcd --no-pager
|
||||
journalctl -n 50 -u fleet --no-pager
|
||||
printf "\n"
|
||||
|
||||
echo '--- DEIS STATUS ---'
|
||||
deisctl list
|
||||
etcdctl ls --recursive /deis
|
||||
printf "\n"
|
||||
- path: /home/core/.toolboxrc
|
||||
owner: core
|
||||
content: |
|
||||
TOOLBOX_DOCKER_IMAGE=alpine
|
||||
TOOLBOX_DOCKER_TAG=3.1
|
||||
TOOLBOX_USER=root
|
||||
- path: /etc/environment_proxy
|
||||
owner: core
|
||||
content: |
|
||||
HTTP_PROXY=
|
||||
HTTPS_PROXY=
|
||||
ALL_PROXY=
|
||||
NO_PROXY=
|
||||
http_proxy=
|
||||
https_proxy=
|
||||
all_proxy=
|
||||
no_proxy=
|
||||
- path: /etc/systemd/coredump.conf
|
||||
content: |
|
||||
[Coredump]
|
||||
Storage=none
|
||||
- path: /opt/bin/graceful-shutdown.sh
|
||||
permissions: '0755'
|
||||
content: |
|
||||
#!/usr/bin/bash
|
||||
if [ "$1" != '--really' ]; then
|
||||
echo "command must be run as: $0 --really"
|
||||
exit 1
|
||||
fi
|
||||
# procedure requires the store-admin
|
||||
ADMIN_RUNNING=$(docker inspect --format="{{ .State.Running }}" deis-store-admin)
|
||||
if [ $? -eq 1 ] || [ "$ADMIN_RUNNING" == "false" ]; then
|
||||
echo "deis-store-admin container is required for graceful shutdown"
|
||||
exit 2
|
||||
fi
|
||||
set -e -x -o pipefail
|
||||
# determine osd id
|
||||
CURRENT_STATUS=$(docker exec deis-store-admin ceph health | awk '{print $1}')
|
||||
OSD_HOSTS=($(etcdctl ls /deis/store/hosts/| awk -F'/' '{print $5}'))
|
||||
for HOST in "${OSD_HOSTS[@]}"
|
||||
do
|
||||
PUBLIC_IP=$(fleetctl list-machines -fields="machine,ip" -full -no-legend| grep `cat /etc/machine-id` | awk '{print $2}')
|
||||
if [ "$HOST" = "$PUBLIC_IP" ] ; then
|
||||
OSD_ID=$(etcdctl get /deis/store/osds/$PUBLIC_IP)
|
||||
break
|
||||
fi
|
||||
done
|
||||
# if we own an osd and its healthy, try to gracefully remove it
|
||||
if [ ! -z "$OSD_ID" ] && [[ "$CURRENT_STATUS" == *"HEALTH_OK"* ]] && [ ${#OSD_HOSTS[@]} -gt "3" ]; then
|
||||
docker exec deis-store-admin ceph osd out $OSD_ID
|
||||
sleep 30
|
||||
TIMEWAITED=0
|
||||
until [[ $(docker exec deis-store-admin ceph health) == *"HEALTH_OK"* ]]
|
||||
do
|
||||
if [ $TIMEWAITED -gt "1200" ]
|
||||
then
|
||||
echo "ceph graceful removal timeout exceeded"
|
||||
break
|
||||
fi
|
||||
echo "waiting" && sleep 5
|
||||
TIMEWAITED=$((TIMEWAITED+5))
|
||||
done
|
||||
docker stop deis-store-daemon
|
||||
docker exec deis-store-admin ceph osd crush remove osd.$OSD_ID
|
||||
docker exec deis-store-admin ceph auth del osd.$OSD_ID
|
||||
docker exec deis-store-admin ceph osd rm $OSD_ID
|
||||
etcdctl rm /deis/store/osds/$PUBLIC_IP
|
||||
etcdctl rm /deis/store/hosts/$PUBLIC_IP && sleep 10
|
||||
# remove ceph mon
|
||||
docker stop deis-store-monitor || true
|
||||
docker exec deis-store-admin ceph mon remove `hostname -f` # fixme
|
||||
docker stop deis-store-metadata || true
|
||||
fi
|
||||
|
||||
# removing the node from etcd
|
||||
NODE=$(etcdctl member list | grep `cat /etc/machine-id` | cut -d ':' -f 1)
|
||||
etcdctl member remove $NODE
|
||||
- path: /opt/bin/wupiao
|
||||
permissions: '0755'
|
||||
content: |
|
||||
#!/usr/bin/env bash
|
||||
# [w]ait [u]ntil [p]ort [i]s [a]ctually [o]pen
|
||||
[ -n "$1" ] && \
|
||||
until curl -o /dev/null -sIf http://${1}; do \
|
||||
sleep 1 && echo .;
|
||||
done;
|
||||
exit $?
|
||||
- path: /opt/bin/download-k8s-binary
|
||||
permissions: '0755'
|
||||
content: |
|
||||
#!/usr/bin/env bash
|
||||
export K8S_VERSION="v1.0.1"
|
||||
mkdir -p /opt/bin
|
||||
FILE=$1
|
||||
if [ ! -f /opt/bin/$FILE ]; then
|
||||
curl -sSL -o /opt/bin/$FILE https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/$FILE
|
||||
chmod +x /opt/bin/$FILE
|
||||
else
|
||||
# we check the version of the binary
|
||||
INSTALLED_VERSION=$(/opt/bin/$FILE --version)
|
||||
MATCH=$(echo "${INSTALLED_VERSION}" | grep -c "${K8S_VERSION}")
|
||||
if [ $MATCH -eq 0 ]; then
|
||||
# the version is different
|
||||
curl -sSL -o /opt/bin/$FILE https://storage.googleapis.com/kubernetes-release/release/${K8S_VERSION}/bin/linux/amd64/$FILE
|
||||
chmod +x /opt/bin/$FILE
|
||||
fi
|
||||
fi
|
||||
- path: /opt/bin/scheduler-policy.json
|
||||
content: |
|
||||
{
|
||||
"kind": "Policy",
|
||||
"apiVersion": "v1",
|
||||
"predicates": [{"name": "PodFitsPorts"},{"name": "PodFitsResources"},{"name": "NoDiskConflict"},{"name": "MatchNodeSelector"},{"name": "HostName"}],
|
||||
"priorities": [{"name": "LeastRequestedPriority","weight": 1},{"name": "BalancedResourceAllocation","weight": 1},{"name": "ServiceSpreadingPriority","weight": 2},{"name": "EqualPriority","weight": 1}]
|
||||
}
|
|
@ -0,0 +1,2 @@
|
|||
*
|
||||
!.gitignore
|
|
@ -0,0 +1,65 @@
|
|||
variable "cluster_size" {
|
||||
default = "3"
|
||||
}
|
||||
|
||||
variable "cluster_name" {
|
||||
default = "example"
|
||||
}
|
||||
|
||||
variable "flavor" {
|
||||
default = "m1.medium"
|
||||
}
|
||||
|
||||
variable "public_key_path" {
|
||||
description = "The path of the ssh pub key"
|
||||
default = "~/.ssh/id_rsa.pub"
|
||||
}
|
||||
|
||||
variable "image" {
|
||||
description = "the image to use"
|
||||
default = "coreos"
|
||||
}
|
||||
|
||||
variable "network_name" {
|
||||
description = "name of the internal network to use"
|
||||
default = "internal"
|
||||
}
|
||||
|
||||
variable "floatingip_pool" {
|
||||
description = "name of the floating ip pool to use"
|
||||
default = "external"
|
||||
}
|
||||
|
||||
variable "username" {
|
||||
description = "Your openstack username"
|
||||
}
|
||||
|
||||
variable "password" {
|
||||
description = "Your openstack password"
|
||||
}
|
||||
|
||||
variable "tenant" {
|
||||
description = "Your openstack tenant/project"
|
||||
}
|
||||
|
||||
variable "auth_url" {
|
||||
description = "Your openstack auth URL"
|
||||
}
|
||||
|
||||
variable "generate_discovery_url" {
|
||||
default = 1
|
||||
description = "set to 0 if you do not want to autogenerate the discovery url"
|
||||
}
|
||||
|
||||
variable "deisctl_version" {
|
||||
default = "1.12.2"
|
||||
}
|
||||
|
||||
variable "deis_domain" {
|
||||
default = ""
|
||||
description = "set if you have a custom domain"
|
||||
}
|
||||
|
||||
variable "deis_keyname" {
|
||||
default = "deis"
|
||||
}
|
Loading…
Reference in New Issue