def _node_calico(upd, with_testing, node_name, node_ip): helpers.remote_install(CALICO_CNI, with_testing) helpers.remote_install(CALICOCTL, with_testing) _create_etcd_config() _create_calico_config() run('python /var/lib/kuberdock/scripts/kubelet_args.py --network-plugin=') run('python /var/lib/kuberdock/scripts/kubelet_args.py ' '--network-plugin=cni --network-plugin-dir=/etc/cni/net.d') # pull image separately to get reed of calicoctl timeouts for i in range(3): run('sync') rv = run('docker pull kuberdock/calico-node:0.22.0-kd2') if not rv.failed: break upd.print_log("Pull calico-node failed. Doing retry {}".format(i)) sleep(10) if rv.failed: raise helpers.UpgradeError( "Can't pull calico-node image after 3 retries: {}".format(rv)) rv = run('ETCD_AUTHORITY="{0}:2379" ' 'ETCD_SCHEME=https ' 'ETCD_CA_CERT_FILE=/etc/pki/etcd/ca.crt ' 'ETCD_CERT_FILE=/etc/pki/etcd/etcd-client.crt ' 'ETCD_KEY_FILE=/etc/pki/etcd/etcd-client.key ' 'HOSTNAME="{1}" ' '/opt/bin/calicoctl node ' '--ip="{2}" ' '--node-image=kuberdock/calico-node:0.22.0-kd2'.format( MASTER_IP, node_name, node_ip)) if rv.failed: raise helpers.UpgradeError("Can't start calico node: {}".format(rv))
def _update_00174_upgrade_node(upd, with_testing): upd.print_log("Upgrading kubernetes") helpers.remote_install(K8S_NODE, with_testing) service, res = helpers.restart_node_kubernetes() if res != 0: raise helpers.UpgradeError('Failed to restart {0}. {1}'.format( service, res))
def upgrade_node(upd, with_testing, env, *args, **kwargs): upd.print_log('Setup network plugin:') upd.print_log('Install packages...') upd.print_log(helpers.remote_install('python-requests', with_testing)) upd.print_log(helpers.remote_install('python-ipaddress', with_testing)) upd.print_log(helpers.remote_install('ipset', with_testing)) upd.print_log( run("""sed -i '/^KUBELET_ARGS/ {s|"\(.*\) --network-plugin=kuberdock"|"\\1"|}' /etc/kubernetes/kubelet""" )) upd.print_log( run("""sed -i '/^KUBELET_ARGS/ {s|"\(.*\) --register-node=false"|"\\1 --register-node=false --network-plugin=kuberdock"|}' /etc/kubernetes/kubelet""" )) upd.print_log(run("mkdir -p {0}/data".format(PLUGIN_DIR))) upd.print_log( put('/var/opt/kuberdock/node_network_plugin.sh', PLUGIN_DIR + 'kuberdock', mode=0755)) upd.print_log( put('/var/opt/kuberdock/node_network_plugin.py', PLUGIN_DIR + 'kuberdock.py', mode=0755)) upd.print_log(run('chmod +x {0}'.format(PLUGIN_DIR + 'kuberdock'))) upd.print_log( run("cat > /etc/systemd/system/kuberdock-watcher.service << 'EOF' {0}". format(SERVICE_FILE))) run('systemctl daemon-reload') upd.print_log(run('systemctl reenable kuberdock-watcher'))
def _upgrade_k8s_node(upd, with_testing): upd.print_log("Upgrading kubernetes") helpers.remote_install(K8S_NODE, with_testing) upd.print_log("Updating kubelet config") run("sed -i '/^KUBELET_HOSTNAME/s/^/#/' /etc/kubernetes/kubelet") run("sed -i '/^KUBE_PROXY_ARGS/ {s|--kubeconfig=/etc/kubernetes/configfile|" "--kubeconfig=/etc/kubernetes/configfile --proxy-mode userspace|}' /etc/kubernetes/proxy")
def _node_flannel(): for cmd in RM_FLANNEL_COMMANDS_NODES: run(cmd) # disable kuberdock-watcher but do not remove Kuberdock Network Plugin # because it should be replaced by new one run('rm -f /etc/systemd/system/kuberdock-watcher.service') helpers.remote_install('flannel', action='remove') helpers.remote_install('ipset', action='remove') run('systemctl daemon-reload')
def downgrade_node(upd, with_testing, env, exception, *args, **kwargs): upd.print_log( helpers.remote_install('kernel-devel', with_testing, action='remove')) upd.print_log('Downgrade flannel...') upd.print_log( helpers.remote_install('flannel-0.5.1', with_testing, action='downgrade')) upd.print_log(run('systemctl daemon-reload')) upd.print_log(run('systemctl restart flanneld'))
def _update_00191_upgrade_node(upd, with_testing, env, **kwargs): helpers.remote_install(CONNTRACK_PACKAGE) _node_kube_proxy() if run('docker ps --format "{{.Names}}" | grep "^calico-node$"' ) != 'calico-node': _node_calico(upd, with_testing, env.host_string, kwargs['node_ip']) _node_policy_agent(env.host_string) _node_move_config()
def _upgrade_docker(upd, with_testing): def alter_config(line): if not re.match(r'OPTIONS=.*', line): return line to_remove = (r'\s*(--log-level=[^\s\']+\s*)|(-l \[^\s\']+\s*)', r'\s*(--log-driver=[^\s\']+)') for pattern in to_remove: line = re.sub(pattern, '', line) return re.sub( r"OPTIONS='(.*)'", r"OPTIONS='\1 --log-driver=json-file --log-level=error'", line) upd.print_log("Docker before pkg upgrade " + run("docker --version")) helpers.remote_install(SELINUX, with_testing) helpers.remote_install(DOCKER, with_testing) upd.print_log("Docker after pkg upgrade " + run("docker --version")) docker_config = StringIO() get('/etc/sysconfig/docker', docker_config) current_config = docker_config.getvalue() new_config = '\n'.join( alter_config(l) for l in current_config.splitlines()) run("cat << EOF > /etc/sysconfig/docker\n{}\nEOF".format(new_config)) run("mkdir -p /etc/systemd/system/docker.service.d/") run("cat << EOF > /etc/systemd/system/docker.service.d/timeouts.conf\n" "{}\nEOF".format(DOCKER_TIMEOUTS_DROPIN)) # If we restart docker here then rest of node upgrade code will be # executed with fresh new docker (don't know whether this is good or bad) # and also will results in pods/containers restart at this moment, which # will produce lots of events and load on node. # If not, then docker will be old till node reboot at the end of upgrade. # So we probably could comment restart part (known to work ~ok) run("systemctl daemon-reload") start_time = time.time() # Because of bug in our package docker could be running again at this moment # Maybe this is because of rpm %systemd hooks or else, so ensure it stopped # again before restart to prevent timeouts upd.print_log("===== Docker.service restart timeout has been increased to " "10 min, please, don't interrupt it before timeout ======") res = run("bash -c 'for i in $(seq 1 5); do systemctl stop docker; done; " "sleep 1; systemctl restart docker;'") upd.print_log( "Docker second_stop/restart took: {} secs".format(time.time() - start_time)) if res.failed: raise helpers.UpgradeError('Failed to restart docker. {}'.format(res)) upd.print_log(run("docker --version"))
def upgrade_node(upd, with_testing, env, *args, **kwargs): run('yum --enablerepo=kube,kube-testing clean metadata') #00110_update.py upd.print_log('Fix node hostname in rsyslog configuration...') run("sed -i 's/^{0} .*/{0} {1}/' {2}".format(PARAM, env.host_string, CONF)) run('systemctl restart rsyslog') #00111_update.py res = helpers.remote_install('kubernetes-node-1.1.3-3.el7.cloudlinux', with_testing) upd.print_log(res) if res.failed: raise helpers.UpgradeError('Failed to update kubernetes on node') get(KUBELET_PATH, KUBELET_TEMP_PATH) lines = [] with open(KUBELET_TEMP_PATH) as f: lines = f.readlines() with open(KUBELET_TEMP_PATH, 'w+') as f: for line in lines: if KUBELET_ARG in line and KUBELET_MULTIPLIERS not in line: s = line.split('"') s[1] += KUBELET_MULTIPLIERS line = '"'.join(s) f.write(line) put(KUBELET_TEMP_PATH, KUBELET_PATH) os.remove(KUBELET_TEMP_PATH) helpers.restart_node_kubernetes(with_enable=True)
def upgrade_node(upd, with_testing, env, *args, **kwargs): run('yum --enablerepo=kube,kube-testing clean metadata') # 00084_update.py yum_base_no_kube = 'yum install --disablerepo=kube -y ' run(yum_base_no_kube + 'kernel') run(yum_base_no_kube + 'kernel-tools') run(yum_base_no_kube + 'kernel-tools-libs') run(yum_base_no_kube + 'kernel-headers') run(yum_base_no_kube + 'kernel-devel') run('rpm -e -v --nodeps kernel-' + old_version) run('yum remove -y kernel-tools-' + old_version) run('yum remove -y kernel-tools-libs-' + old_version) run('yum remove -y kernel-headers-' + old_version) run('yum remove -y kernel-devel-' + old_version) # 00086_update.py res = helpers.remote_install('kubernetes-node-1.1.3', with_testing) upd.print_log(res) if res.failed: raise helpers.UpgradeError('Failed to update kubernetes on node') upd.print_log("Turn on cpu-cfs-quota in kubelet") get(KUBELET_PATH, KUBELET_TEMP_PATH) lines = [] with open(KUBELET_TEMP_PATH) as f: lines = f.readlines() with open(KUBELET_TEMP_PATH, 'w+') as f: for line in lines: if KUBELET_ARG in line and not KUBELET_CPUCFS_ENABLE in KUBELET_ARG: s = line.split('"') s[1] += KUBELET_CPUCFS_ENABLE line = '"'.join(s) f.write(line) put(KUBELET_TEMP_PATH, KUBELET_PATH) os.remove(KUBELET_TEMP_PATH) helpers.restart_node_kubernetes(with_enable=True) upd.print_log("Restart pods to apply new limits") pc = PodCollection() pods = pc.get(as_json=False) for pod in pods: if (pod.get('host') == env.host_string and pod['status'] == POD_STATUSES.running): pc.update_container(pod['id'], None) # 00088_update.py put('/var/opt/kuberdock/node_network_plugin.sh', PLUGIN_DIR + 'kuberdock') put('/var/opt/kuberdock/node_network_plugin.py', PLUGIN_DIR + 'kuberdock.py') run('systemctl restart kuberdock-watcher') helpers.reboot_node(upd)
def upgrade_node(upd, with_testing, env, *args, **kwargs): upd.print_log('Replacing kubernetes with new kubernetes-node...') upd.print_log( helpers.remote_install( 'kubernetes kubernetes-node-0.20.2-0.4.git323fde5.el7.centos.2', with_testing, 'swap')) upd.print_log('Replacing auth config with new...') put('/etc/kubernetes/configfile_for_nodes', '/etc/kubernetes/configfile') run("""sed -i '/^KUBELET_ARGS/ {s|--auth_path=/var/lib/kubelet/kubernetes_auth|--kubeconfig=/etc/kubernetes/configfile --register-node=false|}' /etc/kubernetes/kubelet""") run("""sed -i '/^KUBE_MASTER/ {s|http://|https://|}' /etc/kubernetes/config""") run("""sed -i '/^KUBE_MASTER/ {s|7080|6443|}' /etc/kubernetes/config""") run("""sed -i '/^KUBE_PROXY_ARGS/ {s|""|"--kubeconfig=/etc/kubernetes/configfile"|}' /etc/kubernetes/proxy""") service, res = helpers.restart_node_kubernetes(with_enable=True) if res != 0: raise helpers.UpgradeError('Failed to restart {0}. {1}' .format(service, res)) else: upd.print_log(res) print run('rm -f /var/lib/kubelet/kubernetes_auth')
def upgrade_node(upd, with_testing, env, *args, **kwargs): helpers.remote_install('kubernetes-node-1.0.3', with_testing) helpers.restart_node_kubernetes()
def _upgrade_node_213(upd, with_testing, env, *args, **kwargs): upd.print_log('Updating Docker packages...') helpers.remote_install(DOCKER_SELINUX, with_testing) helpers.remote_install(DOCKER, with_testing)
def upgrade_node(upd, with_testing, env, *args, **kwargs): upd.print_log(helpers.remote_install('kernel-devel', with_testing)) upd.print_log('Updating flannel...') upd.print_log(helpers.remote_install('flannel-0.5.3', with_testing)) upd.print_log(run('systemctl daemon-reload')) upd.print_log(run('systemctl restart flanneld'))
def downgrade(cls, upd, with_testing): upd.print_log('Restore kuberdock-cadvisor...') helpers.remote_install('kuberdock-cadvisor-0.19.5', with_testing) helpers.run('systemctl reenable kuberdock-cadvisor') helpers.run('systemctl restart kuberdock-cadvisor')
def upgrade(cls, upd): upd.print_log('Remove kuberdock-cadvisor...') helpers.remote_install('kuberdock-cadvisor', action='remove')
def add_kdtools_to_node(cls, with_testing): helpers.remote_install('kdtools', testing=with_testing)
def _downgrade_k8s_node(upd, with_testing): upd.print_log("Downgrading kubernetes") helpers.remote_install('kubernetes-node kubernetes-client', with_testing, action='downgrade') upd.print_log("Updating kubelet config") run("sed -i '/^#KUBELET_HOSTNAME/s/^#//' /etc/kubernetes/kubelet") run("sed -i '/^KUBE_PROXY_ARGS/ {s|--proxy-mode userspace||}' /etc/kubernetes/proxy")
def downgrade_node(upd, with_testing, env, exception, *args, **kwargs): helpers.remote_install('kubernetes-node', action='downgrade', testing=with_testing) helpers.restart_node_kubernetes()