def sequence_core(ops: setup.Operations) -> None:
ops.add_subcommand(setup.setup_services)
ops.add_operation("verify that etcd has launched successfully",
iterative_verifier(verify.check_etcd_health, 20.0))
ops.add_operation("verify that kubernetes has launched successfully",
iterative_verifier(verify.check_kube_health, 10.0))
ops.print_annotations("set up the core kubernetes cluster")
def auto_supervisor(ops: setup.Operations, tc: TerminationContext,
supervisor: configuration.Node, install_iso: str):
vm = VirtualMachine(supervisor, tc, install_iso)
ops.add_operation(
"install supervisor node (this may take several minutes)",
vm.boot_install_supervisor, supervisor)
# TODO: annotations, so that this can be --dry-run'd
vm = VirtualMachine(supervisor, tc)
ops.add_operation("start up supervisor node",
lambda: vm.boot_launch(autoadd_fingerprint=True))
ops.add_subcommand(seq.sequence_supervisor)
def sequence_supervisor(ops: setup.Operations) -> None:
ops.add_subcommand(sequence_keysystem)
ops.add_operation(
"verify that keysystem certs are available on supervisor",
iterative_verifier(verify.check_certs_on_supervisor, 20.0))
ops.add_subcommand(setup.setup_prometheus)
ops.add_subcommand(sequence_ssh)
ops.add_subcommand(setup.setup_bootstrap_registry)
ops.add_operation("pre-deploy flannel", deploy.launch_flannel)
ops.add_operation("pre-deploy dns-addon", deploy.launch_dns_addon)
ops.add_operation("pre-deploy flannel-monitor",
deploy.launch_flannel_monitor)
ops.add_operation("pre-deploy dns-monitor", deploy.launch_dns_monitor)
# TODO: have a way to do this without a specialized just-for-supervisor method
ops.add_subcommand(infra.infra_sync_supervisor)
def sequence_supervisor(ops: setup.Operations) -> None:
ops.add_subcommand(sequence_keysystem)
ops.add_operation(
"verify that kubernetes certs are available on supervisor",
iterative_verifier(verify.check_certs_on_supervisor, 20.0))
ops.add_subcommand(setup.setup_prometheus)
ops.add_subcommand(sequence_ssh)
ops.add_subcommand(setup.setup_bootstrap_registry)
ops.add_operation("pre-deploy flannel", deploy.launch_flannel)
ops.add_operation("pre-deploy dns-addon", deploy.launch_dns_addon)
ops.add_operation("pre-deploy flannel-monitor",
deploy.launch_flannel_monitor)
ops.add_operation("pre-deploy dns-monitor", deploy.launch_dns_monitor)
def sequence_keysystem(ops: setup.Operations) -> None:
ops.add_subcommand(setup.setup_keyserver)
ops.add_operation("verify that keyserver static files can be fetched",
iterative_verifier(verify.check_keystatics, 10.0))
ops.add_subcommand(setup.admit_keyserver)
ops.add_subcommand(setup.setup_keygateway)
ops.add_operation("verify that the keygateway is responsive",
verify.check_keygateway)
def sequence_keysystem(ops: setup.Operations) -> None:
ops.add_subcommand(setup.setup_keyserver)
ops.add_operation("verify that keyserver static files can be fetched",
iterative_verifier(verify.check_keystatics, 10.0))
ops.add_subcommand(setup.admit_keyserver)
if configuration.get_config().is_kerberos_enabled():
ops.add_subcommand(setup.setup_keygateway)
ops.add_operation("verify that the keygateway is responsive",
verify.check_keygateway)
else:
ops.add_operation("skip keygateway enablement (kerberos is disabled)",
lambda: None)
def auto_cluster(ops: setup.Operations, authorized_key=None):
if authorized_key is None:
if "HOME" not in os.environ:
command.fail(
"expected $HOME to be set for authorized_key autodetect")
authorized_key = os.path.join(os.getenv("HOME"), ".ssh/id_rsa.pub")
project, config = configuration.get_project(), configuration.get_config()
iso_path = os.path.join(project, "cluster-%d.iso" % os.getpid())
ops.add_operation("check nested virtualization", qemu_check_nested_virt)
ops.add_operation("update known hosts", access.update_known_hosts)
ops.add_operation("generate ISO",
lambda: iso.gen_iso(iso_path, authorized_key, "serial"))
with ops.context("networking", net_context()):
with ops.context("termination", TerminationContext()) as tc:
with ops.context("debug shell", DebugContext()):
ops.add_subcommand(lambda ops: auto_supervisor(
ops, tc, config.keyserver, iso_path))
for node in config.nodes:
if node == config.keyserver: continue
ops.add_subcommand(
lambda ops, n=node: auto_node(ops, tc, n, iso_path))
ops.add_subcommand(seq.sequence_cluster)
def sequence_registry(ops: setup.Operations) -> None:
ops.add_subcommand(setup.setup_dns_bootstrap)
ops.add_subcommand(setup.setup_bootstrap_registry)
ops.add_operation("verify that acis can be pulled from the registry", verify.check_aci_pull)
ops.print_annotations("set up the bootstrap container registry")
def sequence_supervisor(ops: setup.Operations) -> None:
ops.add_subcommand(sequence_keysystem)
ops.add_subcommand(sequence_ssh)
ops.print_annotations("set up the keysystem")
def sequence_ssh(ops: setup.Operations) -> None:
ops.add_operation("request SSH access to cluster", access.access_ssh_with_add)
ops.add_subcommand(setup.setup_supervisor_ssh)
ops.add_operation("verify ssh access to supervisor", verify.check_ssh_with_certs)
ops.print_annotations("set up ssh")
def sequence_ssh(ops: setup.Operations) -> None:
ops.add_operation("request SSH access to cluster",
access.access_ssh_with_add)
ops.add_subcommand(setup.setup_supervisor_ssh)
ops.add_operation("verify ssh access to supervisor",
iterative_verifier(verify.check_ssh_with_certs, 20.0))
