def launch_dns():
'''Create the "kube-system" namespace, the kubedns resource controller,
and the kubedns service. '''
hookenv.log('Creating kubernetes kubedns on the master node.')
# Only launch and track this state on the leader.
# Launching duplicate kubeDNS rc will raise an error
# Run a command to check if the apiserver is responding.
return_code = call(split('kubectl cluster-info'))
if return_code != 0:
hookenv.log('kubectl command failed, waiting for apiserver to start.')
remove_state('kubedns.available')
# Return without setting kubedns.available so this method will retry.
return
# Check for the "kube-system" namespace.
return_code = call(split('kubectl get namespace kube-system'))
if return_code != 0:
# Create the kube-system namespace that is used by the kubedns files.
check_call(split('kubectl create namespace kube-system'))
# Check for the kubedns replication controller.
return_code = call(split('kubectl get -f files/manifests/kubedns-rc.yaml'))
if return_code != 0:
# Create the kubedns replication controller from the rendered file.
check_call(split('kubectl create -f files/manifests/kubedns-rc.yaml'))
# Check for the kubedns service.
return_code = call(split('kubectl get -f files/manifests/kubedns-svc.yaml'))
if return_code != 0:
# Create the kubedns service from the rendered file.
check_call(split('kubectl create -f files/manifests/kubedns-svc.yaml'))
set_state('kubedns.available')
def upgrade_charm():
# Trigger removal of PPA docker installation if it was previously set.
set_state('config.changed.install_from_upstream')
hookenv.atexit(remove_state, 'config.changed.install_from_upstream')
cleanup_pre_snap_services()
check_resources_for_upgrade_needed()
# Remove the RC for nginx ingress if it exists
if hookenv.config().get('ingress'):
kubectl_success('delete', 'rc', 'nginx-ingress-controller')
# Remove gpu.enabled state so we can reconfigure gpu-related kubelet flags,
# since they can differ between k8s versions
if is_state('kubernetes-worker.gpu.enabled'):
remove_state('kubernetes-worker.gpu.enabled')
try:
disable_gpu()
except ApplyNodeLabelFailed:
# Removing node label failed. Probably the master is unavailable.
# Proceed with the upgrade in hope GPUs will still be there.
hookenv.log('Failed to remove GPU labels. Proceed with upgrade.')
remove_state('kubernetes-worker.cni-plugins.installed')
remove_state('kubernetes-worker.config.created')
remove_state('kubernetes-worker.ingress.available')
remove_state('worker.auth.bootstrapped')
set_state('kubernetes-worker.restart-needed')
def start_worker(kube_api, kube_control, auth_control, cni):
''' Start kubelet using the provided API and DNS info.'''
servers = get_kube_api_servers(kube_api)
# Note that the DNS server doesn't necessarily exist at this point. We know
# what its IP will eventually be, though, so we can go ahead and configure
# kubelet with that info. This ensures that early pods are configured with
# the correct DNS even though the server isn't ready yet.
dns = kube_control.get_dns()
ingress_ip = get_ingress_address(kube_control)
cluster_cidr = cni.get_config()['cidr']
if cluster_cidr is None:
hookenv.log('Waiting for cluster cidr.')
return
creds = db.get('credentials')
data_changed('kube-control.creds', creds)
create_config(random.choice(servers), creds)
configure_kubelet(dns, ingress_ip)
configure_kube_proxy(servers, cluster_cidr)
set_state('kubernetes-worker.config.created')
restart_unit_services()
update_kubelet_status()
set_state('kubernetes-worker.label-config-required')
remove_state('kubernetes-worker.restart-needed')
def config_changed():
'''If the configuration values change, remove the available states.'''
config = hookenv.config()
if any(config.changed(key) for key in config.keys()):
hookenv.log('The configuration options have changed.')
# Use the Compose class that encapsulates the docker-compose commands.
compose = Compose('files/kubernetes')
if is_leader():
hookenv.log('Removing master container and kubelet.available state.') # noqa
# Stop and remove the Kubernetes kubelet container.
compose.kill('master')
compose.rm('master')
compose.kill('proxy')
compose.rm('proxy')
# Remove the state so the code can react to restarting kubelet.
remove_state('kubelet.available')
else:
hookenv.log('Removing kubelet container and kubelet.available state.') # noqa
# Stop and remove the Kubernetes kubelet container.
compose.kill('kubelet')
compose.rm('kubelet')
# Remove the state so the code can react to restarting kubelet.
remove_state('kubelet.available')
hookenv.log('Removing proxy container and proxy.available state.')
# Stop and remove the Kubernetes proxy container.
compose.kill('proxy')
compose.rm('proxy')
# Remove the state so the code can react to restarting proxy.
remove_state('proxy.available')
if config.changed('version'):
hookenv.log('The version changed removing the states so the new '
'version of kubectl will be downloaded.')
remove_state('kubectl.downloaded')
remove_state('kubeconfig.created')
def run_docker_login():
"""Login to a docker registry with configured credentials."""
config = hookenv.config()
previous_logins = config.previous('docker-logins')
logins = config['docker-logins']
logins = json.loads(logins)
if previous_logins:
previous_logins = json.loads(previous_logins)
next_servers = {login['server'] for login in logins}
previous_servers = {login['server'] for login in previous_logins}
servers_to_logout = previous_servers - next_servers
for server in servers_to_logout:
cmd = ['docker', 'logout', server]
subprocess.check_call(cmd)
for login in logins:
server = login['server']
username = login['username']
password = login['password']
cmd = ['docker', 'login', server, '-u', username, '-p', password]
subprocess.check_call(cmd)
remove_state('kubernetes-worker.docker-login')
set_state('kubernetes-worker.restart-needed')
def exec_input_departed():
config_path = '{}/{}.conf'.format(get_configs_dir(), 'exec')
rels = hookenv.relations_of_type('exec')
if not rels:
remove_state('plugins.exec.configured')
if os.path.exists(config_path):
os.unlink(config_path)
def cleanup_pre_snap_services():
# remove old states
remove_state('kubernetes-worker.components.installed')
# disable old services
services = ['kubelet', 'kube-proxy']
for service in services:
hookenv.log('Stopping {0} service.'.format(service))
service_stop(service)
# cleanup old files
files = [
"/lib/systemd/system/kubelet.service",
"/lib/systemd/system/kube-proxy.service",
"/etc/default/kube-default",
"/etc/default/kubelet",
"/etc/default/kube-proxy",
"/srv/kubernetes",
"/usr/local/bin/kubectl",
"/usr/local/bin/kubelet",
"/usr/local/bin/kube-proxy",
"/etc/kubernetes"
]
for file in files:
if os.path.isdir(file):
hookenv.log("Removing directory: " + file)
shutil.rmtree(file)
elif os.path.isfile(file):
hookenv.log("Removing file: " + file)
os.remove(file)
def purge(packages):
"""Purge one or more deb packages from the system"""
fetch.apt_purge(packages, fatal=True)
store = unitdata.kv()
store.unsetrange(packages, prefix='apt.install_queue.')
for package in packages:
reactive.remove_state('apt.installed.{}'.format(package))
def elasticsearch_input(es):
template = """
[[inputs.elasticsearch]]
servers = {{ servers }}
"""
hosts = []
rels = hookenv.relations_of_type('elasticsearch')
for rel in rels:
es_host = rel.get('host')
port = rel.get('port')
if not es_host or not port:
hookenv.log('No host received for relation: {}.'.format(rel))
continue
hosts.append("http://{}:{}".format(es_host, port))
config_path = '{}/{}.conf'.format(get_configs_dir(), 'elasticsearch')
if hosts:
context = {"servers": json.dumps(hosts)}
input_config = render_template(template, context) + \
render_extra_options("inputs", "elasticsearch")
hookenv.log("Updating {} plugin config file".format('elasticsearch'))
host.write_file(config_path, input_config.encode('utf-8'))
set_state('plugins.elasticsearch.configured')
elif os.path.exists(config_path):
os.unlink(config_path)
remove_state('plugins.elasticsearch.configured')
def version_check():
url = config.get("install_sources")
key = config.get("install_keys")
if url != kv.get("nodejs.url") or key != kv.get("nodejs.key"):
apt.purge(["nodejs"])
remove_state("nodejs.available")
def scrub_sdn_config():
''' If this scenario of states is true, we have likely broken a
relationship to our once configured SDN provider. This necessitates a
cleanup of the Docker Options for BIP and MTU of the presumed dead SDN
interface. '''
opts = DockerOpts()
try:
opts.pop('bip')
except KeyError:
hookenv.log('Unable to locate bip in Docker config.')
hookenv.log('Assuming no action required.')
try:
opts.pop('mtu')
except KeyError:
hookenv.log('Unable to locate mtu in Docker config.')
hookenv.log('Assuming no action required.')
# This method does everything we need to ensure the bridge configuration
# has been removed. restarting the daemon restores docker with its default
# networking mode.
_remove_docker_network_bridge()
recycle_daemon()
remove_state('docker.sdn.configured')
def stop():
"""
Halt couch.
"""
subprocess.check_call(['service', 'couchdb', 'stop'])
remove_state('couchdb.running')
def end_admin_party(config_path='/etc/couchdb'):
"""
Couch starts out in 'admin party' mode, which means that anyone
can create and edit databases. This routine secures couch, and
flags us to restart.
@param str config_path: The location of the config files in the system.
"""
log("Ending the admin party.", DEBUG)
_maybe_generate_passwords()
passwords = json.loads(leader_get('passwords'))
entries = [
{'section': 'admins', 'key': 'admin', 'value': passwords['admin_pass']},
{'section': 'admins', 'key': 'replication', 'value': passwords['repl_pass']},
{'section': 'couch_httpd_auth', 'key': 'require_valid_user', 'value': 'true'},
]
if config("human-auditable-creds"):
entries += [
{'section': 'juju_notes', 'key': 'admin_pass', 'value': passwords['admin_pass']},
{'section': 'juju_notes', 'key': 'repl_pass', 'value': passwords['repl_pass']},
]
_write_config(config_path, 'local', entries)
remove_state('couchdb.admin_party')
def create_service_configs(kube_control):
"""Create the users for kubelet"""
should_restart = False
# generate the username/pass for the requesting unit
proxy_token = get_token('system:kube-proxy')
if not proxy_token:
setup_tokens(None, 'system:kube-proxy', 'kube-proxy')
proxy_token = get_token('system:kube-proxy')
should_restart = True
client_token = get_token('admin')
if not client_token:
setup_tokens(None, 'admin', 'admin', "system:masters")
client_token = get_token('admin')
should_restart = True
requests = kube_control.auth_user()
for request in requests:
username = request[1]['user']
group = request[1]['group']
kubelet_token = get_token(username)
if not kubelet_token and username and group:
# Usernames have to be in the form of system:node:<nodeName>
userid = "kubelet-{}".format(request[0].split('/')[1])
setup_tokens(None, username, userid, group)
kubelet_token = get_token(username)
kube_control.sign_auth_request(request[0], username,
kubelet_token, proxy_token,
client_token)
should_restart = True
if should_restart:
host.service_restart('snap.kube-apiserver.daemon')
remove_state('authentication.setup')
def restart_scheduler():
prev_state, prev_msg = hookenv.status_get()
hookenv.status_set('maintenance', 'Restarting kube-scheduler')
host.service_restart('snap.kube-scheduler.daemon')
hookenv.status_set(prev_state, prev_msg)
remove_state('kube-scheduler.do-restart')
set_state('kube-scheduler.started')
def setup_mysql(db):
apt_install(['php5-mysql', 'mysql-client'])
reset_wallabag()
setup('mysql', db)
remove_state('mysql.available')
remove_state('wallabag.connected.sqlite')
set_state('wallabag.connected.mysql')
def setup_non_leader_authentication():
service_key = '/root/cdk/serviceaccount.key'
basic_auth = '/root/cdk/basic_auth.csv'
known_tokens = '/root/cdk/known_tokens.csv'
keys = [service_key, basic_auth, known_tokens]
# The source of truth for non-leaders is the leader.
# Therefore we overwrite_local with whatever the leader has.
if not get_keys_from_leader(keys, overwrite_local=True):
# the keys were not retrieved. Non-leaders have to retry.
return
if not any_file_changed(keys) and is_state('authentication.setup'):
# No change detected and we have already setup the authentication
return
hookenv.status_set('maintenance', 'Rendering authentication templates.')
api_opts = FlagManager('kube-apiserver')
api_opts.add('basic-auth-file', basic_auth)
api_opts.add('token-auth-file', known_tokens)
api_opts.add('service-account-key-file', service_key)
controller_opts = FlagManager('kube-controller-manager')
controller_opts.add('service-account-private-key-file', service_key)
remove_state('kubernetes-master.components.started')
set_state('authentication.setup')
def stop_kafka_waiting_for_zookeeper_ready():
hookenv.status_set('maintenance', 'zookeeper not ready, stopping kafka')
kafka = Kafka()
kafka.close_ports()
kafka.stop()
remove_state('kafka.started')
hookenv.status_set('waiting', 'waiting for zookeeper to become ready')
def version_check():
url = config.get('install_sources')
key = config.get('install_keys')
if url != kv.get('nodejs.url') or key != kv.get('nodejs.key'):
apt.purge(['nodejs'])
remove_state('nodejs.available')
def configure_interface():
"""
Configure an ethernet interface
"""
iface_name = action_get('iface-name')
cidr = action_get('cidr')
# cidr is optional
if cidr:
try:
# Add may fail, but change seems to add or update
router.ip('address', 'change', cidr, 'dev', iface_name)
except subprocess.CalledProcessError as e:
action_fail('Command failed: %s (%s)' %
(' '.join(e.cmd), str(e.output)))
return
finally:
remove_state('vpe.configure-interface')
status_set('active', 'ready!')
try:
router.ip('link', 'set', 'dev', iface_name, 'up')
except subprocess.CalledProcessError as e:
action_fail('Command failed: %s (%s)' %
(' '.join(e.cmd), str(e.output)))
finally:
remove_state('vpe.configure-interface')
status_set('active', 'ready!')
def remove_dashboard_addons():
''' Removes dashboard addons if they are disabled in config '''
if not hookenv.config('enable-dashboard-addons'):
hookenv.log('Removing kubernetes dashboard.')
for template in dashboard_templates:
delete_addon(template)
remove_state('kubernetes.dashboard.available')
def remount():
if reactive.is_state('postgresql.cluster.is_running'):
# Attempting this while PostgreSQL is live would be really, really bad.
service.stop()
old_data_dir = postgresql.data_dir()
new_data_dir = os.path.join(external_volume_mount, 'postgresql',
postgresql.version(), 'main')
backup_data_dir = '{}-{}'.format(old_data_dir, int(time.time()))
if os.path.isdir(new_data_dir):
hookenv.log('Remounting existing database at {}'.format(new_data_dir),
WARNING)
else:
status_set('maintenance',
'Migrating data from {} to {}'.format(old_data_dir,
new_data_dir))
helpers.makedirs(new_data_dir, mode=0o770,
user='******', group='postgres')
try:
rsync_cmd = ['rsync', '-av',
old_data_dir + '/',
new_data_dir + '/']
hookenv.log('Running {}'.format(' '.join(rsync_cmd)), DEBUG)
subprocess.check_call(rsync_cmd)
except subprocess.CalledProcessError:
status_set('blocked',
'Failed to sync data from {} to {}'
''.format(old_data_dir, new_data_dir))
return
os.replace(old_data_dir, backup_data_dir)
os.symlink(new_data_dir, old_data_dir)
fix_perms(new_data_dir)
reactive.remove_state('postgresql.storage.needs_remount')
def remove_images(relation):
container_requests = relation.container_requests
log(container_requests)
for uuid in container_requests:
remove(uuid)
print("wololo")
remove_state('dockerhost.broken')
def reconfigure_spark():
config = hookenv.config()
maintenance = config['maintenance_mode']
if maintenance:
remove_state('not.upgrading')
spark = Spark(get_dist_config())
report_status(spark)
spark.stop()
current_version = spark.get_current_version()
if config['upgrade_immediately'] and config['spark_version'] != current_version:
upgrade_spark()
return
else:
set_state('not.upgrading')
mode = hookenv.config()['spark_execution_mode']
hookenv.status_set('maintenance', 'Configuring Apache Spark')
spark = Spark(get_dist_config())
spark.stop()
if is_state('hadoop.ready') and mode.startswith('yarn') and (not is_state('yarn.configured')):
# was in a mode other than yarn, going to yarn
hookenv.status_set('maintenance', 'Setting up Apache Spark for YARN')
spark.configure_yarn_mode()
set_state('yarn.configured')
if is_state('hadoop.ready') and (not mode.startswith('yarn')) and is_state('yarn.configured'):
# was in a yarn mode and going to another mode
hookenv.status_set('maintenance', 'Disconnecting Apache Spark from YARN')
spark.disable_yarn_mode()
remove_state('yarn.configured')
spark.configure()
spark.start()
report_status(spark)
def stop():
""" Stop hook """
log('ftb-infinity: stop')
remove_state(CHARM_STATE_STARTED)
close_port(conf['server_port'])
service_stop(CHARM_NAME)
ftb_systemd_remove()
def config_postfix():
config = hookenv.config()
if is_configured(config):
set_state('postfix.configured')
else:
remove_state('postfix.configured')
remove_state('postfix.start')
def config_postfix():
config = hookenv.config()
if config.changed('hostname'):
remove_state('pki.cert.issued')
if config.get('hostname'):
issue_cert(config['hostname'])
set_state('pki.cert.issued')
def reset_states_for_delivery():
'''An upgrade charm event was triggered by Juju, react to that here.'''
migrate_from_pre_snaps()
install_snaps()
add_rbac_roles()
set_state('reconfigure.authentication.setup')
remove_state('authentication.setup')
def install_queued():
'''Installs queued deb packages.
Removes the apt.queued_installs state and sets the apt.installed state.
On failure, sets the unit's workload state to 'blocked' and returns
False. Package installs remain queued.
On success, sets the apt.installed.{packagename} state for each
installed package and returns True.
'''
store = unitdata.kv()
queue = sorted((options, package)
for package, options in store.getrange('apt.install_queue.',
strip=True).items())
installed = set()
for options, batch in itertools.groupby(queue, lambda x: x[0]):
packages = [b[1] for b in batch]
try:
status_set(None, 'Installing {}'.format(','.join(packages)))
fetch.apt_install(packages, options, fatal=True)
store.unsetrange(packages, prefix='apt.install_queue.')
installed.update(packages)
except subprocess.CalledProcessError:
status_set('blocked',
'Unable to install packages {}'
.format(','.join(packages)))
return False # Without setting reactive state.
for package in installed:
reactive.set_state('apt.installed.{}'.format(package))
reactive.remove_state('apt.queued_installs')
return True
def start_worker(kube_api, kube_control, auth_control, cni):
''' Start kubelet using the provided API and DNS info.'''
servers = get_kube_api_servers(kube_api)
# Note that the DNS server doesn't necessarily exist at this point. We know
# what its IP will eventually be, though, so we can go ahead and configure
# kubelet with that info. This ensures that early pods are configured with
# the correct DNS even though the server isn't ready yet.
dns = kube_control.get_dns()
cluster_cidr = cni.get_config()['cidr']
if cluster_cidr is None:
hookenv.log('Waiting for cluster cidr.')
return
nodeuser = '******'.format(gethostname())
creds = kube_control.get_auth_credentials(nodeuser)
data_changed('kube-control.creds', creds)
# set --allow-privileged flag for kubelet
set_privileged()
create_config(random.choice(servers), creds)
configure_worker_services(servers, dns, cluster_cidr)
set_state('kubernetes-worker.config.created')
restart_unit_services()
update_kubelet_status()
apply_node_labels()
remove_state('kubernetes-worker.restart-needed')
def remove_states():
remove_state('tls_client.ca.saved')
remove_state('tls_client.server.certificate.saved')
remove_state('tls_client.server.key.saved')
remove_state('tls_client.client.certificate.saved')
remove_state('tls_client.client.key.saved')
def ssl_ca_changed():
remove_state('vault.ssl.configured')
def database_not_ready():
remove_state('vault.schema.created')
def upgrade_charm():
remove_state('configured')
remove_state('vault.nrpe.configured')
remove_state('vault.ssl.configured')
def disable_mlock_changed():
remove_state('configured')
def nagios_servicegroups_changed():
remove_state('vault.nrpe.configured')
def nagios_context_changed():
remove_state('vault.nrpe.configured')
def registry_changed():
remove_state('calico.service.installed')
remove_state('calico.npc.deployed')
def reconfigure_calico_pool():
''' Reconfigure the Calico IP pool '''
remove_state('calico.pool.configured')
def watch_for_api_endpoint_changes():
apiserver_ips = get_apiserver_ips()
old_apiserver_ips = db.get('tigera.apiserver_ips_used')
if apiserver_ips != old_apiserver_ips:
log('apiserver endpoints changed, preparing to reapply templates')
remove_state('calico.npc.deployed')
from charmhelpers.core.templating import render
from charmhelpers.core.host import (arch, service, service_restart,
service_running)
from charms.layer import status
# TODO:
# - Handle the 'stop' hook by stopping and uninstalling all the things.
os.environ['PATH'] += os.pathsep + os.path.join(os.sep, 'snap', 'bin')
try:
CTL = getContainerRuntimeCtl()
set_state('calico.ctl.ready')
except RuntimeError:
log(traceback.format_exc())
remove_state('calico.ctl.ready')
DEFAULT_REGISTRY = 'quay.io'
CALICOCTL_PATH = '/opt/calicoctl'
ETCD_KEY_PATH = os.path.join(CALICOCTL_PATH, 'etcd-key')
ETCD_CERT_PATH = os.path.join(CALICOCTL_PATH, 'etcd-cert')
ETCD_CA_PATH = os.path.join(CALICOCTL_PATH, 'etcd-ca')
CALICO_CIDR = '192.168.0.0/16'
db = unitdata.kv()
@hook('upgrade-charm')
def upgrade_charm():
remove_state('calico.binaries.installed')
remove_state('calico.cni.configured')
def registry_credentials_changed():
remove_state('calico.image.pulled')
def unconfigure_hive():
hookenv.status_set('maintenance', 'removing hive relation')
zeppelin = Zeppelin()
zeppelin.configure_hive('jdbc:hive2://:')
remove_state('zeppelin.hive.configured')
update_status()
def ignore_loose_rpf_changed():
remove_state('calico.service.installed')
def on_config_allow_privileged_change():
"""React to changed 'allow-privileged' config value.
"""
remove_state('kubernetes-master.components.started')
remove_state('config.changed.allow-privileged')
def unconfigure_hadoop():
zeppelin = Zeppelin()
zeppelin.remove_hadoop_notebooks()
remove_state('zeppelin.hadoop.configured')
def configure_apiserver():
# TODO: investigate if it's possible to use config file to store args
# https://github.com/juju-solutions/bundle-canonical-kubernetes/issues/315
# Handle api-extra-args config option
to_add, to_remove = get_config_args()
api_opts = FlagManager('kube-apiserver')
# Remove arguments that are no longer provided as config option
# this allows them to be reverted to charm defaults
for arg in to_remove:
hookenv.log('Removing option: {}'.format(arg))
api_opts.destroy(arg)
# We need to "unset" options by settig their value to "null" string
cmd = ['snap', 'set', 'kube-apiserver', '{}=null'.format(arg)]
check_call(cmd)
# Get the tls paths from the layer data.
layer_options = layer.options('tls-client')
ca_cert_path = layer_options.get('ca_certificate_path')
client_cert_path = layer_options.get('client_certificate_path')
client_key_path = layer_options.get('client_key_path')
server_cert_path = layer_options.get('server_certificate_path')
server_key_path = layer_options.get('server_key_path')
if is_privileged():
api_opts.add('allow-privileged', 'true', strict=True)
set_state('kubernetes-master.privileged')
else:
api_opts.add('allow-privileged', 'false', strict=True)
remove_state('kubernetes-master.privileged')
# Handle static options for now
api_opts.add('service-cluster-ip-range', service_cidr())
api_opts.add('min-request-timeout', '300')
api_opts.add('v', '4')
api_opts.add('tls-cert-file', server_cert_path)
api_opts.add('tls-private-key-file', server_key_path)
api_opts.add('kubelet-certificate-authority', ca_cert_path)
api_opts.add('kubelet-client-certificate', client_cert_path)
api_opts.add('kubelet-client-key', client_key_path)
api_opts.add('logtostderr', 'true')
api_opts.add('insecure-bind-address', '127.0.0.1')
api_opts.add('insecure-port', '8080')
api_opts.add('storage-backend', 'etcd2') # FIXME: add etcd3 support
admission_control = [
'Initializers', 'NamespaceLifecycle', 'LimitRanger', 'ServiceAccount',
'ResourceQuota', 'DefaultTolerationSeconds'
]
auth_mode = hookenv.config('authorization-mode')
if 'Node' in auth_mode:
admission_control.append('NodeRestriction')
api_opts.add('authorization-mode', auth_mode, strict=True)
if get_version('kube-apiserver') < (1, 6):
hookenv.log('Removing DefaultTolerationSeconds from admission-control')
admission_control.remove('DefaultTolerationSeconds')
if get_version('kube-apiserver') < (1, 7):
hookenv.log('Removing Initializers from admission-control')
admission_control.remove('Initializers')
api_opts.add('admission-control', ','.join(admission_control), strict=True)
# Add operator-provided arguments, this allows operators
# to override defaults
for arg in to_add:
hookenv.log('Adding option: {} {}'.format(arg[0], arg[1]))
# Make sure old value is gone
api_opts.destroy(arg[0])
api_opts.add(arg[0], arg[1])
cmd = ['snap', 'set', 'kube-apiserver'] + api_opts.to_s().split(' ')
check_call(cmd)
set_state('kube-apiserver.do-restart')
def disable_gpu_mode():
"""We were in gpu mode, but the operator has set allow-privileged="false",
so we can't run in gpu mode anymore.
"""
remove_state('kubernetes-master.gpu.enabled')
def remove(snapname):
hookenv.log('Removing snap {}'.format(snapname))
subprocess.check_call(['snap', 'remove', snapname],
universal_newlines=True)
reactive.remove_state('snap.installed.{}'.format(snapname))
def switch_auth_mode():
config = hookenv.config()
mode = config.get('authorization-mode')
if data_changed('auth-mode', mode):
remove_state('kubernetes-master.components.started')
def upgrade_charm():
# migrate to new flags
if is_state('kubernetes-worker.restarted-for-cloud'):
remove_state('kubernetes-worker.restarted-for-cloud')
set_state('kubernetes-worker.cloud.ready')
if is_state('kubernetes-worker.cloud-request-sent'):
# minor change, just for consistency
remove_state('kubernetes-worker.cloud-request-sent')
set_state('kubernetes-worker.cloud.request-sent')
set_state('config.changed.install_from_upstream')
hookenv.atexit(remove_state, 'config.changed.install_from_upstream')
cleanup_pre_snap_services()
migrate_resource_checksums(checksum_prefix, snap_resources)
if check_resources_for_upgrade_needed(checksum_prefix, snap_resources):
set_upgrade_needed()
# Remove the RC for nginx ingress if it exists
if hookenv.config().get('ingress'):
set_state('kubernetes-worker.remove-old-ingress')
# Remove gpu.enabled state so we can reconfigure gpu-related kubelet flags,
# since they can differ between k8s versions
if is_state('kubernetes-worker.gpu.enabled'):
remove_state('kubernetes-worker.gpu.enabled')
try:
disable_gpu()
except ApplyNodeLabelFailed:
# Removing node label failed. Probably the master is unavailable.
# Proceed with the upgrade in hope GPUs will still be there.
hookenv.log('Failed to remove GPU labels. Proceed with upgrade.')
if hookenv.config('ingress'):
set_state('kubernetes-worker.ingress.enabled')
else:
remove_state('kubernetes-worker.ingress.enabled')
# force certs to be updated
if is_state('certificates.available') and \
is_state('kube-control.connected'):
send_data()
if is_state('kubernetes-worker.registry.configured'):
set_state('kubernetes-master-worker-base.registry.configured')
remove_state('kubernetes-worker.registry.configured')
remove_state('kubernetes-worker.cni-plugins.installed')
remove_state('kubernetes-worker.config.created')
remove_state('kubernetes-worker.ingress.available')
remove_state('worker.auth.bootstrapped')
set_state('kubernetes-worker.restart-needed')
def configure_tools():
remove_state("jenkins.configured.tools")
status_set("maintenance", "Installing tools")
packages = Packages()
packages.install_tools()
set_state("jenkins.configured.tools")
def restart_for_certs():
set_state('kubernetes-worker.restart-needed')
remove_state('tls_client.certs.changed')
remove_state('tls_client.ca.written')
def nvidia_departed():
"""Cuda departed."""
disable_gpu()
remove_state('kubernetes-worker.gpu.enabled')
set_state('kubernetes-worker.restart-needed')
def clear_cloud_flags():
remove_state('kubernetes-worker.cloud.pending')
remove_state('kubernetes-worker.cloud.request-sent')
remove_state('kubernetes-worker.cloud.blocked')
remove_state('kubernetes-worker.cloud.ready')
set_state('kubernetes-worker.restart-needed') # force restart
def reconfigure_ingress():
remove_state('kubernetes-worker.ingress.available')
def on_config_allow_privileged_change():
"""React to changed 'allow-privileged' config value.
"""
set_state('kubernetes-worker.restart-needed')
remove_state('config.changed.allow-privileged')
def update_registry_location():
registry_location = get_registry_location()
if data_changed('registry-location', registry_location):
remove_state('nfs.configured')
remove_state('kubernetes-worker.ingress.available')
def sdn_changed():
'''The Software Defined Network changed on the container so restart the
kubernetes services.'''
restart_unit_services()
update_kubelet_status()
remove_state('docker.sdn.configured')
def upgrade_charm():
print("Upgrading mattermost setup.")
if service_running("mattermost"):
service_stop("mattermost")
remove_state('mattermost.installed')
remove_state('mattermost.backend.started')
