def _recreate_dns_pod(cls, upd, dns_pod_config):
upd.print_log("Deleting current DNS pod.")
user = User.filter_by(username=settings.KUBERDOCK_INTERNAL_USER).one()
dns_pod = Pod.filter_by(name='kuberdock-dns', owner=user).first()
if dns_pod:
PodCollection(user).delete(dns_pod.id, force=True)
# Since usual upgrade is done with healthcheck
# we can assume all nodes are
# in running state.
nodes = Node.query.all()
if not nodes:
upd.print_log(
"No nodes found on the cluster. The new DNS pod will be "
"added once the 1st node is added to the cluster.")
return
check_internal_pod_data(dns_pod_config, user)
dns_pod = PodCollection(user).add(dns_pod_config, skip_check=True)
PodCollection(user).update(dns_pod['id'],
{
'command': 'start',
'async-pod-create': False
})
# wait dns pod for 10 minutes
upd.print_log(
'Wait until DNS pod starts. It can take up to 10 minutes...')
wait_pod_status(dns_pod['id'], POD_STATUSES.running, 30, 20)
def upgrade_node(upd, with_testing, env, *args, **kwargs):
upd.print_log('Add node hostname to rsyslog configuration...')
run("sed -i '/^{0}/d; i{0} {1}' {2}".format(PARAM, env.host_string, CONF))
run('systemctl restart rsyslog')
upd.print_log('Update logging pod...')
ki = User.filter_by(username=KUBERDOCK_INTERNAL_USER).first()
pod_name = get_kuberdock_logs_pod_name(env.host_string)
for pod in PodCollection(ki).get(as_json=False):
if pod['name'] == pod_name:
break
else:
return
PodCollection(ki).delete(pod['id'], force=True)
logs_config = get_kuberdock_logs_config(
env.host_string,
pod_name,
pod['kube_type'],
pod['containers'][0]['kubes'],
pod['containers'][1]['kubes'],
MASTER_IP,
ki.get_token(),
)
check_internal_pod_data(logs_config, user=ki)
logs_pod = PodCollection(ki).add(logs_config, skip_check=True)
run('rm -fr /var/lib/elasticsearch/kuberdock/nodes/*/indices/syslog-*')
PodCollection(ki).update(logs_pod['id'], {'command': 'start'})
def upgrade_node(upd, with_testing, env, *args, **kwargs):
upd.print_log('Change log template in rsyslog configuration...')
run("sed -i '/^{0}/d; a{0};{1}' {2}".format(PARAM, TEMPLATE, CONF))
run('systemctl restart rsyslog')
upd.print_log('Update logging pod...')
ki = User.filter_by(username=KUBERDOCK_INTERNAL_USER).first()
pod_name = get_kuberdock_logs_pod_name(env.host_string)
for pod in PodCollection(ki).get(as_json=False):
if pod['name'] == pod_name:
break
else:
return
PodCollection(ki).delete(pod['id'], force=True)
logs_config = get_kuberdock_logs_config(
env.host_string,
pod_name,
pod['kube_type'],
pod['containers'][0]['kubes'],
pod['containers'][1]['kubes'],
MASTER_IP,
ki.get_token(),
)
check_internal_pod_data(logs_config, user=ki)
logs_pod = PodCollection(ki).add(logs_config, skip_check=True)
run('docker pull kuberdock/fluentd:1.4')
PodCollection(ki).update(logs_pod['id'], {'command': 'start'})
def _upgrade_node_202(upd, with_testing, env, *args, **kwargs):
"""Update log pod"""
upd.print_log("Upgrading logs pod ...")
ki = User.get_internal()
pod_name = nodes.get_kuberdock_logs_pod_name(env.host_string)
for pod in PodCollection(ki).get(as_json=False):
if pod['name'] == pod_name:
PodCollection(ki).delete(pod['id'], force=True)
break
else:
upd.print_log(u"Warning: logs pod '{}' not found".format(pod_name))
run('docker pull kuberdock/elasticsearch:2.2')
run('docker pull kuberdock/fluentd:1.8')
log_pod = nodes.create_logs_pod(env.host_string, ki)
# Also we should update rsyslog config, because log pod IP was changed.
pod_ip = log_pod['podIP']
put(StringIO('$LocalHostName {node_name}\n'
'$template LongTagForwardFormat,'
'"<%PRI%>%TIMESTAMP:::date-rfc3339% %HOSTNAME% '
'%syslogtag%%msg:::sp-if-no-1st-sp%%msg%"\n'
'*.* @{pod_ip}:5140;LongTagForwardFormat\n'.format(
node_name=env.host_string, pod_ip=pod_ip)),
RSYSLOG_CONF,
mode=0644)
run('systemctl restart rsyslog')
upd.print_log("Logs pod successfully upgraded")
def upgrade_node(upd, with_testing, env, *args, **kwargs):
run('yum --enablerepo=kube,kube-testing clean metadata')
# 00091_update.py
upd.print_log('Upgrading nodes with docker-cleaner.sh')
run("""rm -f /var/lib/kuberdock/scripts/docker-cleaner.sh""")
run("""crontab -l | grep -v "docker-cleaner.sh" | crontab - """)
# 00092_update.py
put('/var/opt/kuberdock/node_network_plugin.sh',
'/usr/libexec/kubernetes/kubelet-plugins/net/exec/kuberdock/kuberdock')
# 00093_update.py
upd.print_log('Use custom log template with rsyslog...')
run("sed -i '/^{0}/d' {1}".format(PARAM1, CONF))
run("sed -i '/^{0}/d' {1}".format(PARAM2, CONF))
run("sed -i '$ a{0} {1}' {2}".format(PARAM1, TEMPLATE, CONF))
run("sed -i '$ a{0};{1}' {2}".format(PARAM2, TEMPLATE_NAME, CONF))
run('systemctl restart rsyslog')
# 00096_update.py
upd.print_log('Disabling swap and backing up fstab to {0}...'.format(FSTAB_BACKUP))
run('swapoff -a')
run('mkdir -p /var/lib/kuberdock/backups')
run('test -f {0} && echo "{0} is already exists" || cp /etc/fstab {0}'.format(FSTAB_BACKUP))
run("sed -r -i '/[[:space:]]+swap[[:space:]]+/d' /etc/fstab")
# 00097_update.py
upd.print_log('Update elasticsearch for logs...')
upd.print_log(put('/var/opt/kuberdock/make_elastic_config.py',
'/var/lib/elasticsearch',
mode=0755))
upd.print_log('Update logging pod...')
ki = User.filter_by(username=KUBERDOCK_INTERNAL_USER).first()
pod_name = get_kuberdock_logs_pod_name(env.host_string)
for pod in PodCollection(ki).get(as_json=False):
if pod['name'] == pod_name:
break
else:
return
PodCollection(ki).delete(pod['id'], force=True)
logs_config = get_kuberdock_logs_config(
env.host_string,
pod_name,
pod['kube_type'],
pod['containers'][0]['kubes'],
pod['containers'][1]['kubes'],
MASTER_IP,
ki.get_token(),
)
check_internal_pod_data(logs_config, user=ki)
logs_pod = PodCollection(ki).add(logs_config, skip_check=True)
run('docker pull kuberdock/elasticsearch:2.2')
run('docker pull kuberdock/fluentd:1.5')
PodCollection(ki).update(logs_pod['id'], {'command': 'start'})
def upgrade_node(upd, with_testing, env, *args, **kwargs):
run('yum --enablerepo=kube,kube-testing clean metadata')
# 00084_update.py
yum_base_no_kube = 'yum install --disablerepo=kube -y '
run(yum_base_no_kube + 'kernel')
run(yum_base_no_kube + 'kernel-tools')
run(yum_base_no_kube + 'kernel-tools-libs')
run(yum_base_no_kube + 'kernel-headers')
run(yum_base_no_kube + 'kernel-devel')
run('rpm -e -v --nodeps kernel-' + old_version)
run('yum remove -y kernel-tools-' + old_version)
run('yum remove -y kernel-tools-libs-' + old_version)
run('yum remove -y kernel-headers-' + old_version)
run('yum remove -y kernel-devel-' + old_version)
# 00086_update.py
res = helpers.remote_install('kubernetes-node-1.1.3', with_testing)
upd.print_log(res)
if res.failed:
raise helpers.UpgradeError('Failed to update kubernetes on node')
upd.print_log("Turn on cpu-cfs-quota in kubelet")
get(KUBELET_PATH, KUBELET_TEMP_PATH)
lines = []
with open(KUBELET_TEMP_PATH) as f:
lines = f.readlines()
with open(KUBELET_TEMP_PATH, 'w+') as f:
for line in lines:
if KUBELET_ARG in line and not KUBELET_CPUCFS_ENABLE in KUBELET_ARG:
s = line.split('"')
s[1] += KUBELET_CPUCFS_ENABLE
line = '"'.join(s)
f.write(line)
put(KUBELET_TEMP_PATH, KUBELET_PATH)
os.remove(KUBELET_TEMP_PATH)
helpers.restart_node_kubernetes(with_enable=True)
upd.print_log("Restart pods to apply new limits")
pc = PodCollection()
pods = pc.get(as_json=False)
for pod in pods:
if (pod.get('host') == env.host_string and
pod['status'] == POD_STATUSES.running):
pc.update_container(pod['id'], None)
# 00088_update.py
put('/var/opt/kuberdock/node_network_plugin.sh', PLUGIN_DIR + 'kuberdock')
put('/var/opt/kuberdock/node_network_plugin.py', PLUGIN_DIR + 'kuberdock.py')
run('systemctl restart kuberdock-watcher')
helpers.reboot_node(upd)
def upgrade_node(upd, with_testing, env, *args, **kwargs):
# 00076_update.py
upd.print_log('Add kernel parameters to make pod isolation work...')
run('sed -i "/net.bridge.bridge-nf-call-ip6\?tables/d" {0}'.format(CONF))
run("echo net.bridge.bridge-nf-call-iptables = 1 >> {0}".format(CONF))
run("echo net.bridge.bridge-nf-call-ip6tables = 1 >> {0}".format(CONF))
run("sysctl -w net.bridge.bridge-nf-call-iptables=1")
run("sysctl -w net.bridge.bridge-nf-call-ip6tables=1")
# 00079_update.py
upd.print_log('Copy Elasticsearch config maker...')
upd.print_log(
put('/var/opt/kuberdock/make_elastic_config.py',
'/var/lib/elasticsearch',
mode=0755))
upd.print_log('Update logging pod...')
ki = User.filter_by(username=KUBERDOCK_INTERNAL_USER).first()
pod_name = get_kuberdock_logs_pod_name(env.host_string)
for pod in PodCollection(ki).get(as_json=False):
if pod['name'] == pod_name:
break
else:
return
PodCollection(ki).delete(pod['id'], force=True)
logs_config = get_kuberdock_logs_config(
env.host_string,
pod_name,
pod['kube_type'],
pod['containers'][0]['kubes'],
pod['containers'][1]['kubes'],
MASTER_IP,
ki.get_token(),
)
check_internal_pod_data(logs_config, user=ki)
logs_pod = PodCollection(ki).add(logs_config, skip_check=True)
run('docker pull kuberdock/elasticsearch:1.5')
PodCollection(ki).update(logs_pod['id'], {'command': 'start'})
# 00082_update.py
upd.print_log('Upgrading nodes with docker-cleaner.sh')
run("cat > /var/lib/kuberdock/scripts/docker-cleaner.sh << 'EOF' {0}".
format(DOCKERCLEANER))
run("""chmod +x /var/lib/kuberdock/scripts/docker-cleaner.sh""")
run("""crontab -l | { cat; echo "0 */6 * * * /var/lib/kuberdock/scripts/docker-cleaner.sh"; } | crontab - """
)
def test_update_container(self, PodCollection):
PodCollection().update_container.return_value = {}
pod_id = str(uuid4())
container_name = 'just name'
response = self.user_open(
PodAPIUrl.check_updates(pod_id, container_name), 'POST', {})
self.assert200(response)
PodCollection().update_container.assert_called_once_with(
pod_id, container_name)
def _update_00203_upgrade(upd):
def _update_ingress_container(config):
config_map_cmd = "--nginx-configmap={}/{}".format(
constants.KUBERDOCK_INGRESS_CONFIG_MAP_NAMESPACE,
constants.KUBERDOCK_INGRESS_CONFIG_MAP_NAME)
for c in config['containers']:
if c['name'] == 'nginx-ingress':
if config_map_cmd not in c['command']:
c['command'].append(config_map_cmd)
return True
return False
def _create_or_update_ingress_config():
client = configmap.ConfigMapClient(KubeQuery())
try:
client.get(
constants.KUBERDOCK_INGRESS_CONFIG_MAP_NAME,
namespace=constants.KUBERDOCK_INGRESS_CONFIG_MAP_NAMESPACE)
client.patch(
constants.KUBERDOCK_INGRESS_CONFIG_MAP_NAME,
data={'server-name-hash-bucket-size': '128'},
namespace=constants.KUBERDOCK_INGRESS_CONFIG_MAP_NAMESPACE)
except configmap.ConfigMapNotFound:
ingress.create_ingress_nginx_configmap()
owner = User.get_internal()
pod = Pod.query.filter_by(name=constants.KUBERDOCK_INGRESS_POD_NAME,
owner=owner).first()
if pod is None:
upd.print_log('Ingress POD hasn\'t been created yet. Skipping')
return
_create_or_update_ingress_config()
config = pod.get_dbconfig()
if not _update_ingress_container(config):
upd.print_log('Ingress contoller RC is up-to-date. Skipping')
return
collection = PodCollection()
replace_pod_config(pod, config)
collection.patch_running_pod(
pod.id, {'spec': {
'containers': config['containers']
}}, restart=True)
def switch_app_package(billing_driver, pod_id, plan_id):
owner = KubeUtils.get_current_user()
transaction = db.session.begin_nested()
with atomic():
old_pod = PodCollection(owner).get(pod_id, as_json=True)
AppInstance(pod_id).update_plan(plan_id, async=False, dry_run=True)
pod = PodCollection(owner).get(pod_id, as_json=True)
transaction.rollback()
data = KubeUtils._get_params()
data['pod'] = pod
data['oldPod'] = old_pod
data['referer'] = data.get('referer') or ''
return billing_driver.orderswitchapppackage(**data)
def upgrade(upd, with_testing, *args, **kwargs):
pod_collection = PodCollection()
for pod_dict in pod_collection.get(as_json=False):
pod = pod_collection._get_by_id(pod_dict['id'])
db_config = get_pod_config(pod.id)
cluster_ip = db_config.pop('clusterIP', None)
if cluster_ip is None:
service_name = db_config.get('service')
if service_name is None:
continue
namespace = db_config.get('namespace') or pod.id
service = KubeQuery().get(['services', service_name], ns=namespace)
cluster_ip = service.get('spec', {}).get('clusterIP')
if cluster_ip is not None:
db_config['podIP'] = cluster_ip
replace_pod_config(pod, db_config)
def upgrade_node(upd, with_testing, env, *args, **kwargs):
upd.print_log('Apply new limits to nodes...')
spaces = dict((i, (s, u)) for i, s, u in Kube.query.values(
Kube.id, Kube.disk_space, Kube.disk_space_units))
limits = []
for user in User.query:
for pod in PodCollection(user).get(as_json=False):
if pod.get('host') != env.host_string:
continue
for container in pod['containers']:
container_id = container['containerID']
if container_id == container['name']:
continue
space, unit = spaces.get(pod['kube_type'], (0, 'GB'))
disk_space = space * container['kubes']
disk_space_units = unit[0].lower() if unit else ''
if disk_space_units not in ('', 'k', 'm', 'g', 't'):
disk_space_units = ''
limits.append([container_id, disk_space, disk_space_units])
if not limits:
return
lim_str = ' '.join(['{0}={1}{2}'.format(c, s, u) for c, s, u in limits])
upd.print_log(
run('python /var/lib/kuberdock/scripts/fslimit.py {0}'.format(
lim_str)))
def test_delete(self, PodCollection):
delete_id = randint(1, 1000)
PodCollection().delete.return_value = delete_id
response = self.user_open(PodAPIUrl.delete(delete_id), 'DELETE', {})
self.assert200(response)
def test_put(self, PodCollection):
PodCollection().update.return_value = {}
pod = self.fixtures.pod(status='unpaid', owner=self.user)
pod_config = pod.get_dbconfig()
response = self.user_open(PodAPIUrl.put(pod.id), 'PUT', {})
self.assert200(response)
# check fix-price users restrictions
SystemSettings.set_by_name('billing_type', 'whmcs')
self.user.count_type = 'fixed'
self.db.session.commit()
# only admin has permission to remove "unpaid" status
set_paid = {'command': 'set', 'commandOptions': {'status': 'stopped'}}
response = self.admin_open(PodAPIUrl.put(pod.id), 'PUT', set_paid)
self.assert200(response)
# only admin has permission to upgrade pod
upgrade = {
'command':
'redeploy',
'containers':
[dict(c, kubes=c['kubes'] + 1) for c in pod_config['containers']]
}
response = self.admin_open(PodAPIUrl.put(pod.id), 'PUT', upgrade)
self.assert200(response)
def _start_pod_if_needed(self, restored_pod_dict):
saved_status = self.pod_dump['pod_data']['status']
if saved_status == 'running':
restored_pod_id = restored_pod_dict['id']
restored_pod_dict = PodCollection(owner=self.owner).update(
pod_id=restored_pod_id, data={'command': 'start'})
return restored_pod_dict
def add_kdtools_to_master(cls, upd):
# Patch RC specs
upd.print_log('Restart pods to support ssh access...')
pc = PodCollection()
query = Pod.query.filter(Pod.status != 'deleted')
user = User.filter_by(username=settings.KUBERDOCK_INTERNAL_USER).one()
dns_pod = Pod.filter_by(name='kuberdock-dns', owner=user).first()
if dns_pod:
query.filter(Pod.id != dns_pod.id)
for dbpod in query:
pod = pc._get_by_id(dbpod.id)
if pod.status in (POD_STATUSES.pending, POD_STATUSES.stopping,
POD_STATUSES.stopped):
# Workaround for AC-3386 issue: just don't restart
# pending pods, because it may lead to error during pod start,
# and upgrade script fail as a result.
# Also do not restart already stopped pods.
upd.print_log(
u'Skip restart of {} pod "{}". '
u'It may need manual restart to enable ssh access.'.format(
pod.status, dbpod.name))
continue
try:
pc._stop_pod(pod, block=True)
except APIError as e:
upd.print_log(
u'Warning: Failed to stop pod {}. It may be needed to '
u'manual restart the pod.\n{}'.format(dbpod.name, e))
continue
pc._start_pod(pod, {'async_pod_create': False})
upd.print_log(u'Restart pod: {}'.format(dbpod.name))
def upgrade(upd, with_testing, *args, **kwargs):
upd.print_log('Upgrading db...')
helpers.upgrade_db()
# 00103_update.py
upd.print_log('Enabling restart for ntpd.service on master')
local('mkdir -p ' + SERVICE_DIR)
local('echo -e "' + OVERRIDE_CONF + '" > ' + OVERRIDE_FILE)
local('systemctl daemon-reload')
local('systemctl restart ntpd')
# 00104_update.py
upd.print_log('Restart pods with persistent storage')
pc = PodCollection()
pods = Pod.query.with_entities(Pod.id).filter(Pod.persistent_disks).all()
for pod_id in pods:
p = pc._get_by_id(pod_id[0])
if p.status == POD_STATUSES.running:
pc._stop_pod(p)
pc._collection.pop((pod_id[0], pod_id[0]))
pc._merge()
p = pc._get_by_id(pod_id[0])
pc._start_pod(p)
# 00105_update.py
upd.print_log('Add roles {}, resources {} and its permissions...'.format(
ROLES, RESOURCES))
fixtures.add_permissions(roles=ROLES,
resources=RESOURCES,
permissions=PERMISSIONS)
upd.print_log('Add MenuRoles...')
PAUserRole = Role.query.filter(Role.rolename == 'LimitedUser').first()
for menu_role in Role.query.filter(
Role.rolename == 'User').first().menus_assocs:
db.session.add(
MenuItemRole(role=PAUserRole, menuitem_id=menu_role.menuitem_id))
db.session.commit()
# Fixes for celery workers launching
upd.print_log('Updating uwsgi configuration ...')
local('test -f "{0}" && cp "{0}" "{1}"'.format(UWSGI_KUBERDOCK_INI_DEST,
SAVE_KUBERDOCK_INI))
local('cp "{0}" "{1}"'.format(UWSGI_KUBERDOCK_INI_SOURCE,
UWSGI_KUBERDOCK_INI_DEST))
local('chmod 644 "{0}"'.format(UWSGI_KUBERDOCK_INI_DEST))
def _update_00179_upgrade_node(env):
nodename = env.host_string
log_pod_name = get_kuberdock_logs_pod_name(nodename)
internal_user = User.get_internal()
pc = PodCollection(internal_user)
dbpod = Pod.query.filter(Pod.owner_id == internal_user.id,
Pod.name == log_pod_name,
Pod.status != 'deleted').first()
if not dbpod:
raise Exception('Node {} have no logs pod. '
'Delete the node and try again'.format(nodename))
pod = pc.get(dbpod.id, as_json=False)
old_ip = '127.0.0.1'
new_ip = pod['podIP']
run('sed -i "s/@{old_ip}:/@{new_ip}:/g" {conf}'.format(old_ip=old_ip,
new_ip=new_ip,
conf=RSYSLOG_CONF))
run('systemctl restart rsyslog')
def _upgrade_199(upd, with_testing, *args, **kwargs):
ku = User.get_internal()
pod = db.session.query(Pod).filter_by(name=KUBERDOCK_DNS_POD_NAME,
owner=ku).first()
nodes = Node.query.all()
if not nodes:
upd.print_log('No nodes found, exiting')
return
for node in nodes:
k8s_node = node_utils._get_k8s_node_by_host(node.hostname)
status, _ = node_utils.get_status(node, k8s_node)
if status == NODE_STATUSES.running:
if pod:
pc = PodCollection()
pc.delete(pod.id, force=True)
create_dns_pod(node.hostname, ku)
return
raise helpers.UpgradeError("Can't find any running node to run dns pod")
def _recreate_ingress_pod_if_needed():
kd_user = User.get_internal()
ingress_pod = Pod.filter_by(name=KUBERDOCK_INGRESS_POD_NAME,
owner=kd_user).first()
if ingress_pod or BaseDomain.query.first():
PodCollection(kd_user).delete(ingress_pod.id, force=True)
default_backend_pod = Pod.filter_by(name=KUBERDOCK_BACKEND_POD_NAME,
owner=kd_user).first()
if not default_backend_pod:
raise Exception(
'Nginx ingress controller pod exists, but default backend pod '
'is not found. Something wrong. Please contact support to get '
'help.')
PodCollection(kd_user).delete(default_backend_pod.id, force=True)
c = ConfigMapClient(KubeQuery())
try:
c.delete(name=KUBERDOCK_INGRESS_CONFIG_MAP_NAME,
namespace=KUBERDOCK_INGRESS_CONFIG_MAP_NAMESPACE)
except ConfigMapNotFound:
pass
sleep(30) # TODO: Workaround. Remove it when AC-5470 will be fixed
ingress.prepare_ip_sharing()
def update_log_pods(user):
for pod in PodCollection(user).get(as_json=False):
if pod_name_pattern.match(pod['name']):
PodCollection(user).delete(pod['id'], force=True)
logs_kubes = 1
logcollector_kubes = logs_kubes
logstorage_kubes = logs_kubes
node_resources = kubes_to_limits(
logs_kubes, INTERNAL_SERVICE_KUBE_TYPE)['resources']
logs_memory_limit = node_resources['limits']['memory']
if logs_memory_limit < KUBERDOCK_LOGS_MEMORY_LIMIT:
logs_kubes = int(math.ceil(
float(KUBERDOCK_LOGS_MEMORY_LIMIT) / logs_memory_limit
))
if logs_kubes > 1:
# allocate total log cubes to log collector and to log
# storage/search containers as 1 : 3
total_kubes = logs_kubes * 2
logcollector_kubes = int(math.ceil(float(total_kubes) / 4))
logstorage_kubes = total_kubes - logcollector_kubes
for node in Node.query:
hostname = node.hostname
podname = get_kuberdock_logs_pod_name(hostname)
logs_config = get_kuberdock_logs_config(
hostname,
podname,
INTERNAL_SERVICE_KUBE_TYPE,
logcollector_kubes,
logstorage_kubes,
MASTER_IP,
user.token,
)
check_internal_pod_data(logs_config, user=user)
logs_pod = PodCollection(user).add(logs_config)
PodCollection(user).update(logs_pod['id'], {'command': 'start'})
def test_start_pod_suspend(self, _run, mock_update):
user = self.user
url = self.item_url(self.user.id)
ippool = IPPool(network='192.168.1.252/30')
ippool.block_ip([u'192.168.1.252', u'192.168.1.255'])
ippool.save()
min_pod = {
'restartPolicy':
'Always',
'kube_type':
0,
'containers': [{
'image':
'nginx',
'name':
'fk8i0gai',
'args': ['nginx', '-g', 'daemon off;'],
'ports': [{
'protocol': 'tcp',
'isPublic': True,
'containerPort': 80
}],
}]
}
# pod
res = PodCollection(user).add(dict(min_pod, name='pod-1'),
skip_check=False)
data = {'command': 'start'}
pod_url = '/'.join(['podapi', res['id']])
response = self.open(url=pod_url,
method='PUT',
auth=self.userauth,
json=data)
self.assert200(response)
check_data = check_change_pod_data(data)
mock_update.assert_called_once_with(res['id'], check_data)
data = {'suspended': True}
response = self.admin_open(url=url, method='PUT', json=data)
self.assert200(response)
mock_update.called = False
response = self.open(url=pod_url,
method='PUT',
auth=self.userauth,
json={'command': 'start'})
self.assertAPIError(response, 403, "PermissionDenied")
assert mock_update.not_called
def _master_service_update():
services = Services()
all_svc = services.get_all()
pc = PodCollection()
for svc in all_svc:
selector = svc['spec'].get('selector', {})
labels = svc['metadata'].get('labels', {})
if KUBERDOCK_POD_UID in selector and KUBERDOCK_TYPE not in labels:
namespace = svc['metadata']['namespace']
name = svc['metadata']['name']
data = {
'metadata': {
'labels': {
KUBERDOCK_TYPE: LOCAL_SVC_TYPE,
KUBERDOCK_POD_UID: namespace
}
}
}
rv = services.patch(name, namespace, data)
raise_if_failure(rv, "Couldn't patch local service: {}".format(rv))
pod = pc._get_by_id(namespace)
if pod.status == POD_STATUSES.running:
run_service(pod)
def _remove_lifecycle_section_from_pods(upd, pods, pas):
# PodCollection.update({'command': 'change_config'}) can't delete keys
# thus mocking instead
def _mock_lifecycle(config):
for container in config['containers']:
if not contains_origin_root(container):
continue
container['lifecycle'] = {
'postStart': {
'exec': {
'command': ['/bin/true']
}
}
}
return config
def _set_prefill_flag(config, pod):
prefilled_volumes = _extract_prefilled_volumes_from_pod(pas, pod)
for container in config['containers']:
for vm in container.get('volumeMounts', []):
if vm['name'] in prefilled_volumes:
vm['kdCopyFromImage'] = True
collection = PodCollection()
for pod in pods:
config = _mock_lifecycle(pod.get_dbconfig())
_set_prefill_flag(config, pod)
config['command'] = 'change_config'
try:
replace_pod_config(pod, config)
collection.update(pod.id, config)
upd.print_log('POD {} config patched'.format(pod.id))
except PodNotFound:
upd.print_log('Skipping POD {}. Not found in K8S'.format(pod.id))
def create_pod(template_id, plan_id, owner=None, start=True, **data):
owner = check_owner(owner)
app = PredefinedApp.get(template_id)
if not owner.is_administrator() and has_billing() and owner.fix_price:
raise PermissionDenied
pod_data = app.get_filled_template_for_plan(plan_id, data)
res = start_pod_from_yaml(pod_data, user=owner, template_id=template_id)
if start:
PodCollection(owner).update(res['id'], {
'command': 'start',
'commandOptions': {}
})
return res
def upgrade(upd, with_testing, *args, **kwargs):
upd.print_log('Fix logging pods path...')
with open('/etc/kubernetes/configfile_for_nodes') as node_configfile:
node_config = yaml.load(node_configfile.read())
for user in node_config['users']:
token = user['user']['token']
if user['name'] == 'kubelet':
break
ki = User.filter_by(username=KUBERDOCK_INTERNAL_USER).first()
for pod in PodCollection(ki).get(as_json=False):
if pod_name_pattern.match(pod['name']):
PodCollection(ki).delete(pod['id'], force=True)
logs_config = get_kuberdock_logs_config(
pod['node'],
pod['name'],
pod['kube_type'],
pod['containers'][0]['kubes'],
pod['containers'][1]['kubes'],
MASTER_IP,
token,
)
check_new_pod_data(logs_config, user=ki)
logs_pod = PodCollection(ki).add(logs_config)
PodCollection(ki).update(logs_pod['id'], {'command': 'start'})
def upgrade(upd, with_testing, *args, **kwargs):
upd.print_log('Update dns pod...')
local(
'etcd-ca --depot-path /root/.etcd-ca new-cert --ip "10.254.0.10" --passphrase "" etcd-dns'
)
local('etcd-ca --depot-path /root/.etcd-ca sign --passphrase "" etcd-dns')
local(
'etcd-ca --depot-path /root/.etcd-ca export etcd-dns --insecure --passphrase "" | tar -xf -'
)
local('mv etcd-dns.crt /etc/pki/etcd/etcd-dns.crt')
local('mv etcd-dns.key.insecure /etc/pki/etcd/etcd-dns.key')
user = User.filter_by(username=KUBERDOCK_INTERNAL_USER).one()
dns_pod = Pod.filter_by(name='kuberdock-dns', owner=user).first()
if dns_pod:
PodCollection(user).delete(dns_pod.id, force=True)
dns_config = get_dns_pod_config()
check_internal_pod_data(dns_config, user)
dns_pod = PodCollection(user).add(dns_config, skip_check=True)
PodCollection(user).update(dns_pod['id'], {'command': 'start'})
def _update_pv_mount_paths(upd):
"""Migration k8s 1.1.3 -> 1.2.4 requires removing :Z from mount paths"""
# Patch RC specs
upd.print_log("Updating Pod PV mount paths")
def remove_trailing_z(pod_config):
updated_config = copy.deepcopy(pod_config)
for container in updated_config['containers']:
for mount in container['volumeMounts']:
mp = mount['mountPath']
if mp.endswith(":z") or mp.endswith(":Z"):
mount['mountPath'] = mount['mountPath'][:-2]
return updated_config
pc = PodCollection()
query = Pod.query.filter(Pod.status != POD_STATUSES.deleted)
for dbpod in query:
updated_config = remove_trailing_z(dbpod.get_dbconfig())
# Update config
kapi_helpers.replace_pod_config(dbpod, updated_config)
pc.patch_running_pod(dbpod.id, {'spec': updated_config}, restart=True)
upd.print_log(u'Successfully updated pod: {}'.format(dbpod.name))
def update_dns_pod(user):
dns_pod = db.session.query(Pod).filter(
Pod.name == 'kuberdock-dns',
Pod.owner_id == user.id
).first()
if dns_pod:
pods = PodCollection(user)
pods.delete(dns_pod.id, force=True)
dns_config = get_dns_pod_config()
check_internal_pod_data(dns_config, user)
dns_pod = PodCollection(user).add(dns_config, skip_check=True)
PodCollection(user).update(dns_pod['id'], {'command': 'start'})
def _restore_pod(self, pod_dump):
pod_collection = PodCollection(owner=self.owner)
restored_pod_dict = pod_collection.add_from_dump(pod_dump)
return restored_pod_dict
