def sequence_core(ops: setup.Operations) -> None: ops.add_subcommand(setup.setup_services) ops.add_operation("verify that etcd has launched successfully", iterative_verifier(verify.check_etcd_health, 20.0)) ops.add_operation("verify that kubernetes has launched successfully", iterative_verifier(verify.check_kube_health, 10.0)) ops.print_annotations("set up the core kubernetes cluster")
def auto_supervisor(ops: setup.Operations, tc: TerminationContext, supervisor: configuration.Node, install_iso: str): vm = VirtualMachine(supervisor, tc, install_iso) ops.add_operation( "install supervisor node (this may take several minutes)", vm.boot_install_supervisor, supervisor) # TODO: annotations, so that this can be --dry-run'd vm = VirtualMachine(supervisor, tc) ops.add_operation("start up supervisor node", lambda: vm.boot_launch(autoadd_fingerprint=True)) ops.add_subcommand(seq.sequence_supervisor)
def sequence_supervisor(ops: setup.Operations) -> None: ops.add_subcommand(sequence_keysystem) ops.add_operation( "verify that keysystem certs are available on supervisor", iterative_verifier(verify.check_certs_on_supervisor, 20.0)) ops.add_subcommand(setup.setup_prometheus) ops.add_subcommand(sequence_ssh) ops.add_subcommand(setup.setup_bootstrap_registry) ops.add_operation("pre-deploy flannel", deploy.launch_flannel) ops.add_operation("pre-deploy dns-addon", deploy.launch_dns_addon) ops.add_operation("pre-deploy flannel-monitor", deploy.launch_flannel_monitor) ops.add_operation("pre-deploy dns-monitor", deploy.launch_dns_monitor) # TODO: have a way to do this without a specialized just-for-supervisor method ops.add_subcommand(infra.infra_sync_supervisor)
def sequence_supervisor(ops: setup.Operations) -> None: ops.add_subcommand(sequence_keysystem) ops.add_operation( "verify that kubernetes certs are available on supervisor", iterative_verifier(verify.check_certs_on_supervisor, 20.0)) ops.add_subcommand(setup.setup_prometheus) ops.add_subcommand(sequence_ssh) ops.add_subcommand(setup.setup_bootstrap_registry) ops.add_operation("pre-deploy flannel", deploy.launch_flannel) ops.add_operation("pre-deploy dns-addon", deploy.launch_dns_addon) ops.add_operation("pre-deploy flannel-monitor", deploy.launch_flannel_monitor) ops.add_operation("pre-deploy dns-monitor", deploy.launch_dns_monitor)
def sequence_keysystem(ops: setup.Operations) -> None: ops.add_subcommand(setup.setup_keyserver) ops.add_operation("verify that keyserver static files can be fetched", iterative_verifier(verify.check_keystatics, 10.0)) ops.add_subcommand(setup.admit_keyserver) ops.add_subcommand(setup.setup_keygateway) ops.add_operation("verify that the keygateway is responsive", verify.check_keygateway)
def sequence_keysystem(ops: setup.Operations) -> None: ops.add_subcommand(setup.setup_keyserver) ops.add_operation("verify that keyserver static files can be fetched", iterative_verifier(verify.check_keystatics, 10.0)) ops.add_subcommand(setup.admit_keyserver) if configuration.get_config().is_kerberos_enabled(): ops.add_subcommand(setup.setup_keygateway) ops.add_operation("verify that the keygateway is responsive", verify.check_keygateway) else: ops.add_operation("skip keygateway enablement (kerberos is disabled)", lambda: None)
def auto_cluster(ops: setup.Operations, authorized_key=None): if authorized_key is None: if "HOME" not in os.environ: command.fail( "expected $HOME to be set for authorized_key autodetect") authorized_key = os.path.join(os.getenv("HOME"), ".ssh/id_rsa.pub") project, config = configuration.get_project(), configuration.get_config() iso_path = os.path.join(project, "cluster-%d.iso" % os.getpid()) ops.add_operation("check nested virtualization", qemu_check_nested_virt) ops.add_operation("update known hosts", access.update_known_hosts) ops.add_operation("generate ISO", lambda: iso.gen_iso(iso_path, authorized_key, "serial")) with ops.context("networking", net_context()): with ops.context("termination", TerminationContext()) as tc: with ops.context("debug shell", DebugContext()): ops.add_subcommand(lambda ops: auto_supervisor( ops, tc, config.keyserver, iso_path)) for node in config.nodes: if node == config.keyserver: continue ops.add_subcommand( lambda ops, n=node: auto_node(ops, tc, n, iso_path)) ops.add_subcommand(seq.sequence_cluster)
def sequence_registry(ops: setup.Operations) -> None: ops.add_subcommand(setup.setup_dns_bootstrap) ops.add_subcommand(setup.setup_bootstrap_registry) ops.add_operation("verify that acis can be pulled from the registry", verify.check_aci_pull) ops.print_annotations("set up the bootstrap container registry")
def sequence_supervisor(ops: setup.Operations) -> None: ops.add_subcommand(sequence_keysystem) ops.add_subcommand(sequence_ssh) ops.print_annotations("set up the keysystem")
def sequence_ssh(ops: setup.Operations) -> None: ops.add_operation("request SSH access to cluster", access.access_ssh_with_add) ops.add_subcommand(setup.setup_supervisor_ssh) ops.add_operation("verify ssh access to supervisor", verify.check_ssh_with_certs) ops.print_annotations("set up ssh")
def sequence_ssh(ops: setup.Operations) -> None: ops.add_operation("request SSH access to cluster", access.access_ssh_with_add) ops.add_subcommand(setup.setup_supervisor_ssh) ops.add_operation("verify ssh access to supervisor", iterative_verifier(verify.check_ssh_with_certs, 20.0))