openstack
/
kuryr-kubernetes
Code Issues Proposed changes

Fix DevStack plugin issues 

There are several issues with the current Kuryr-Kubernetes DevStack
plugin that prevent 'stack.sh' from completing successfully:

  1. 'curl http://get.docker.com' fails with HTTP 301

  2. Killing Docker using 'docker.pid' file fails if Docker is already
     stopped

  3. 'get_container' calls 'docker pull' with an empty image name which
     causes 'docker pull' to fail

  4. 'etcd', 'kubernetes-api' fail to start due to the use of
     uninitialized variables (KURYR_ETCD_CLIENT_URL and
     KURYR_ETCD_PEER_URL)

  5. 'kubelet' fails to start under unprivileged user

Also the plugin currently disables the bash 'xtrace' option which
results in uninformative error messages in 'stack.sh' output in case of
failure.

Change-Id: I1230987de98a02045fa049cf6426242a04cd7a8a
Closes-Bug: #1634656
This commit is contained in:
Ilya Chukhnakov 2016-10-19 00:57:25 +03:00
parent 3477c58e4b
commit 7564367f9f
1 changed files with 15 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
devstack/plugin.sh
View File

@ -11,10 +11,6 @@
# License for the specific language governing permissions and limitations
# under the License.
# Save trace setting
XTRACE=$(set +o | grep xtrace)
set +o xtrace
function run_container {
# Runs a detached container and uses devstack's run process to monitor
# its logs
@ -104,7 +100,7 @@ function get_container {
return 0
fi
image="${image}:${version}"
image="${image_name}:${version}"
if [ -z "$(docker images -q "$image")" ]; then
docker pull "$image"
fi
@ -132,19 +128,22 @@ function run_etcd {
--listen-client-urls "$KURYR_ETCD_LISTEN_CLIENT_URL" \
--advertise-client-urls "$KURYR_ETCD_ADVERTISE_CLIENT_URL" \
--initial-cluster-token etcd-cluster-1 \
--initial-cluster "devstack=$KURYR_ETCD_PEER_URL" \
--initial-cluster "devstack=$KURYR_ETCD_ADVERTISE_PEER_URL" \
--initial-cluster-state new
}
function prepare_docker {
curl http://get.docker.com | sudo bash
curl -L http://get.docker.com | sudo bash
# After an ./unstack it will be stopped. So it is OK if it returns
# exit-code == 1
sudo service docker stop || true
stop_service docker || true
# Make sure there's no leftover Docker process and pidfile
sudo kill -s SIGTERM "$(cat /var/run/docker.pid)"
local DOCKER_PIDFILE=/var/run/docker.pid
if [ -f "$DOCKER_PIDFILE" ]; then
sudo kill -s SIGTERM "$(cat $DOCKER_PIDFILE)"
fi
}
function run_docker {
@ -200,7 +199,7 @@ function wait_for {
function run_k8s_api {
# Runs Hyperkube's Kubernetes API Server
wait_for "etcd" "${KURYR_ETCD_CLIENT_URL}/v2/machines"
wait_for "etcd" "${KURYR_ETCD_ADVERTISE_CLIENT_URL}/v2/machines"
run_container kubernetes-api \
--net host \
@ -210,7 +209,7 @@ function run_k8s_api {
--service-cluster-ip-range="${KURYR_K8S_CLUSTER_IP_RANGE}" \
--insecure-bind-address=0.0.0.0 \
--insecure-port="${KURYR_K8S_API_PORT}" \
--etcd-servers="${KURYR_ETCD_CLIENT_URL}" \
--etcd-servers="${KURYR_ETCD_ADVERTISE_CLIENT_URL}" \
--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota \
--client-ca-file=/srv/kubernetes/ca.crt \
--basic-auth-file=/srv/kubernetes/basic_auth.csv \
@ -286,13 +285,16 @@ function run_k8s_kubelet {
# adding Python and all our CNI/binding dependencies.
local command
command="$KURYR_HYPERKUBE_BINARY kubelet\
mkdir -p "$DATA_DIR/kubelet" "$DATA_DIR/kubelet.cert"
command="sudo $KURYR_HYPERKUBE_BINARY kubelet\
--allow-privileged=true \
--api-servers=$KURYR_K8S_API_URL \
--v=2 \
--address='0.0.0.0' \
--enable-server \
network-plugin=cni"
--network-plugin=cni \
--cert-dir=$DATA_DIR/kubelet.cert \
--root-dir=$DATA_DIR/kubelet"
wait_for "Kubernetes API Server" "$KURYR_K8S_API_URL"
run_process kubelet "$command"
}
@ -387,6 +389,3 @@ if is_service_enabled kuryr-kubernetes; then
fi
fi
fi
# Restore xtrace
$XTRACE