Merge "Pull in updates from larsks heat template repo"

etc/magnum/templates/heat-kubernetes/README.md

@@ -22,9 +22,9 @@ These templates will work with the Juno version of Heat.
 ### Guest image
 
 These templates will work with either CentOS Atomic Host or Fedora 21
-Atomic.  You will need an image dated later than 2015-01-01, or you
-will need to create an image that includes Flannel by booting an
-existing image, running `atomic ugprade`, and saving the new image.
+Atomic.  You will need an image dated later than 2015-01-20 in order
+to have both the `flannel` package installed and the appropriately
+configured `docker.service` unit.
 
 You can enable the VXLAN backend for flannel by setting the
 "flannel_use_vxlan" parameter to "true", but I have run into kernel

etc/magnum/templates/heat-kubernetes/fragments/configure-docker-storage.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+. /etc/sysconfig/heat-params
+
+DOCKER_DEV=/dev/disk/by-id/virtio-${DOCKER_VOLUME:0:20}
+
+if ! [ -b $DOCKER_DEV ]; then
+	echo "ERROR: device $DOCKER_DEV does not exist" >&2
+	exit 1
+fi
+
+pvcreate $DOCKER_DEV
+vgcreate docker $DOCKER_DEV
+lvcreate --wipesignatures y -n data docker -l 95%VG
+lvcreate --wipesignatures y -n metadata docker -l 5%VG
+
+cat > /etc/sysconfig/docker-storage <<EOF
+DOCKER_STORAGE_OPTIONS="--storage-opt dm.blkdiscard=false --storage-opt dm.metadatadev=/dev/docker/metadata --storage-opt dm.datadev=/dev/docker/data --storage-opt dm.fs=xfs"
+EOF
+

etc/magnum/templates/heat-kubernetes/fragments/configure-flannel.sh

@@ -3,19 +3,30 @@
 . /etc/sysconfig/heat-params
 . /etc/sysconfig/flanneld
 
+FLANNEL_JSON=/etc/sysconfig/flannel-network.json
+
 if [ "$FLANNEL_USE_VXLAN" == "true" ]; then
 	use_vxlan=1
 fi
 
 # Generate a flannel configuration that we will
 # store into etcd using curl.
-cat > /etc/sysconfig/flannel-network.json <<EOF
+cat > $FLANNEL_JSON <<EOF
 {
   "Network": "$FLANNEL_NETWORK_CIDR",
-  "Subnetlen": $FLANNEL_NETWORK_SUBNETLEN${use_vxlan:+",
+  "Subnetlen": $FLANNEL_NETWORK_SUBNETLEN
+EOF
+
+if [ "$use_vxlan" = 1 ]; then
+cat >> $FLANNEL_JSON <<EOF
+  ,
   "Backend": {
     "Type": "vxlan"
-  }"}
+  }
+EOF
+fi
+
+cat >> $FLANNEL_JSON <<EOF
 }
 EOF
 

etc/magnum/templates/heat-kubernetes/fragments/docker.service.yaml

@@ -1,65 +1,58 @@
 #cloud-config
 merge_how: dict(recurse_array)+list(append)
+bootcmd:
+  - mkdir -p /etc/systemd/system/docker.service.d
+  - mkdir -p /etc/systemd/system/flanneld.service.d
 write_files:
-  - path: /etc/systemd/system/docker.service
+  - path: /usr/local/bin/flannel-docker-bridge
+    owner: "root:root"
+    permissions: "0755"
+    content: |
+      #!/bin/sh
+      
+      if ! [ "$FLANNEL_SUBNET" ] && [ "$FLANNEL_MTU" ] ; then
+        echo "ERROR: missing required environment variables." >&2
+        exit 1
+      fi
+      
+      mkdir -p /run/flannel/
+      cat > /run/flannel/docker <<EOF
+      DOCKER_NETWORK_OPTIONS="--bip=$FLANNEL_SUBNET --mtu=$FLANNEL_MTU"
+      EOF
+  - path: /etc/systemd/system/flannel-docker-bridge.service
     owner: "root:root"
     permissions: "0644"
     content: |
       [Unit]
-      Description=Docker Application Container Engine
-      Documentation=http://docs.docker.com
-      After=network.target docker.socket wait-for-flanneld.service
-      Requires=docker.socket wait-for-flanneld.service
+      After=flanneld.service
+      Before=docker.service
+      Requires=flanneld.service
 
       [Service]
-      Type=notify
-      EnvironmentFile=-/etc/sysconfig/docker
-      EnvironmentFile=-/etc/sysconfig/docker-storage
-      
-      # This EnvironmentFile is required.
+      Type=oneshot
       EnvironmentFile=/run/flannel/subnet.env
-
-      # This works around https://github.com/docker/docker/issues/9468
-      Environment=DOCKER_CERT_PATH=/etc/docker
-
-      ExecStart=/usr/bin/docker -d -H fd:// --bip $FLANNEL_SUBNET --mtu $FLANNEL_MTU $OPTIONS $DOCKER_STORAGE_OPTIONS
-      Restart=on-failure
-      LimitNOFILE=1048576
-      LimitNPROC=1048576
+      ExecStart=/usr/local/bin/flannel-docker-bridge
 
       [Install]
-      WantedBy=multi-user.target
-  - path: /usr/local/bin/wait-for-flanneld
+      WantedBy=docker.service
+  - path: /etc/systemd/system/docker.service.d/flannel.conf
     owner: "root:root"
-    permissions: "0755"
+    permissions: "0644"
     content: |
-      #!/bin/sh
-      
-      # This script waits for flannel to provide the /run/flannel/subnet.env
-      # file. This can be used to synchronize docker startup with the
-      # availability of this file.
-
-      while ! [ -f /run/flannel/subnet.env ]; do
-        echo "waiting for flanneld"
-        sleep 1
-      done
-
-      echo "flanneld is active"
+      [Unit]
+      Requires=flannel-docker-bridge.service
+      After=flannel-docker-bridge.service
 
-      exit 0
-  - path: /etc/systemd/system/wait-for-flanneld.service
+      [Service]
+      EnvironmentFile=/run/flannel/docker
+  - path: /etc/systemd/system/flanneld.service.d/flannel-docker-bridge.conf
     owner: "root:root"
     permissions: "0644"
     content: |
       [Unit]
-      Description=Wait for flanneld to provide subnet/mtu information
-      After=network.target flanneld.service
-      Requires=flanneld.service
-
-      [Service]
-      Type=oneshot
-      ExecStart=/usr/local/bin/wait-for-flanneld
+      Requires=flannel-docker-bridge.service
+      Before=flannel-docker-bridge.service
 
       [Install]
-      WantedBy=multi-user.target
+      Also=flannel-docker-bridge.service
 

etc/magnum/templates/heat-kubernetes/fragments/enable-services-master.sh

@@ -1,5 +1,8 @@
 #!/bin/sh
 
+# make sure we pick up any modified unit files
+systemctl daemon-reload
+
 echo starting services
 for service in etcd kube-apiserver kube-scheduler kube-controller-manager; do
 	echo "activating service $service"

etc/magnum/templates/heat-kubernetes/fragments/enable-services-minion.sh

@@ -7,7 +7,10 @@ echo "stopping docker"
 systemctl stop docker
 ip link del docker0
 
-for service in wait-for-flanneld flanneld docker.socket docker kubelet kube-proxy; do
+# make sure we pick up any modified unit files
+systemctl daemon-reload
+
+for service in flanneld docker.socket docker kubelet kube-proxy; do
 	echo "activating service $service"
 	systemctl enable $service
 	systemctl --no-block start $service

etc/magnum/templates/heat-kubernetes/fragments/flannel-config.service.yaml

@@ -0,0 +1,46 @@
+#cloud-config
+merge_how: dict(recurse_array)+list(append)
+write_files:
+  - path: /usr/local/bin/flannel-config
+    owner: "root:root"
+    permissions: "0755"
+    content: |
+      #!/bin/sh
+      
+      : ${FLANNEL_JSON:=/etc/sysconfig/flannel-network.json}
+
+      if ! [ -f "$FLANNEL_JSON" ]; then
+        echo "ERROR: missing network configuration file" >&2
+        exit 1
+      fi
+
+      if ! [ "$FLANNEL_ETCD" ] && [ "$FLANNEL_ETCD_KEY" ]; then
+        echo "ERROR: missing required configuration" >&2
+        exit 1
+      fi
+      
+      echo "creating flanneld config in etcd"
+      while ! curl -sf -L $FLANNEL_ETCD/v2/keys${FLANNEL_ETCD_KEY}/config \
+        -X PUT --data-urlencode value@${FLANNEL_JSON}; do
+          echo "waiting for etcd"
+          sleep 1
+      done
+  - path: /etc/systemd/system/flannel-config.service
+    owner: "root:root"
+    permissions: "0644"
+    content: |
+      [Unit]
+      After=etcd.service
+      Requires=etcd.service
+
+      [Service]
+      Type=oneshot
+      EnvironmentFile=/etc/sysconfig/flanneld
+      ExecStart=/usr/local/bin/flannel-config
+
+      [Install]
+      WantedBy=multi-user.target
+runcmd:
+  - systemctl enable flannel-config
+  - systemctl start --no-block flannel-config
+

etc/magnum/templates/heat-kubernetes/fragments/kube-examples.yaml

@@ -15,8 +15,7 @@ write_files:
           id: web
           containers:
             - name: web
-              image: larsks/onehttpd
-              command: [/onehttpd, -p, 80, /data]
+              image: larsks/thttpd
               ports:
                 - containerPort: 80
   - path: /etc/kubernetes/examples/web.service

etc/magnum/templates/heat-kubernetes/fragments/write-flannel-config.sh

@@ -0,0 +1,32 @@
+#!/bin/sh
+
+. /etc/sysconfig/heat-params
+. /etc/sysconfig/flanneld
+
+FLANNEL_JSON=/etc/sysconfig/flannel-network.json
+
+if [ "$FLANNEL_USE_VXLAN" == "true" ]; then
+	use_vxlan=1
+fi
+
+# Generate a flannel configuration that we will
+# store into etcd using curl.
+cat > $FLANNEL_JSON <<EOF
+{
+  "Network": "$FLANNEL_NETWORK_CIDR",
+  "Subnetlen": $FLANNEL_NETWORK_SUBNETLEN
+EOF
+
+if [ "$use_vxlan" = 1 ]; then
+cat >> $FLANNEL_JSON <<EOF
+  ,
+  "Backend": {
+    "Type": "vxlan"
+  }
+EOF
+fi
+
+cat >> $FLANNEL_JSON <<EOF
+}
+EOF
+

etc/magnum/templates/heat-kubernetes/fragments/write-heat-params.yaml

@@ -8,4 +8,5 @@ write_files:
       KUBE_ALLOW_PRIV="$KUBE_ALLOW_PRIV"
       KUBE_MASTER_IP="$KUBE_MASTER_IP"
       WAIT_HANDLE="$WAIT_HANDLE"
+      DOCKER_VOLUME="$DOCKER_VOLUME"
 

etc/magnum/templates/heat-kubernetes/kubecluster.yaml

@@ -195,11 +195,17 @@ resources:
       group: ungrouped
       config: {get_file: fragments/configure-kubernetes-master.sh}
 
-  configure_flannel:
+  write_flannel_config:
     type: "OS::Heat::SoftwareConfig"
     properties:
       group: ungrouped
-      config: {get_file: fragments/configure-flannel.sh}
+      config: {get_file: fragments/write-flannel-config.sh}
+
+  flannel_config_service:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/flannel-config.service.yaml}
 
   enable_services:
     type: "OS::Heat::SoftwareConfig"
@@ -240,7 +246,8 @@ resources:
         - config: {get_resource: kube_user}
         - config: {get_resource: configure_kubernetes}
         - config: {get_resource: enable_services}
-        - config: {get_resource: configure_flannel}
+        - config: {get_resource: write_flannel_config}
+        - config: {get_resource: flannel_config_service}
         - config: {get_resource: kube_examples}
         - config: {get_resource: cfn_signal}
 
@@ -276,6 +283,7 @@ resources:
       fixed_ips:
         - subnet_id:
             get_resource: fixed_subnet
+      replacement_policy: AUTO
 
   kube_master_floating:
     type: "OS::Neutron::FloatingIP"

etc/magnum/templates/heat-kubernetes/kubenode.yaml

@@ -9,7 +9,7 @@ parameters:
 
   server_image:
     type: string
-    default: fedora-20-x86_64-updated
+    default: centos-7-atomic-20150120
     description: glance image used to boot the server
 
   server_flavor:
@@ -34,6 +34,13 @@ parameters:
     constraints:
       - allowed_values: ["true", "false"]
 
+  docker_volume_size:
+    type: string
+    description: >
+      size of a cinder volume to allocate to docker for container/image
+      storage
+    default: 25
+
   # The following are all generated in the parent template.
   kube_master_ip:
     type: string
@@ -90,6 +97,7 @@ resources:
             "$KUBE_ALLOW_PRIV": {get_param: kube_allow_priv}
             "$KUBE_MASTER_IP": {get_param: kube_master_ip}
             "$WAIT_HANDLE": {get_resource: node_wait_handle}
+            "$DOCKER_VOLUME": {get_resource: docker_volume}
 
   add_to_docker_group:
     type: "OS::Heat::SoftwareConfig"
@@ -97,6 +105,12 @@ resources:
       group: ungrouped
       config: {get_file: fragments/add-to-docker-group.sh}
 
+  configure_docker_storage:
+    type: "OS::Heat::SoftwareConfig"
+    properties:
+      group: ungrouped
+      config: {get_file: fragments/configure-docker-storage.sh}
+
   configure_kubernetes_minion:
     type: "OS::Heat::SoftwareConfig"
     properties:
@@ -148,6 +162,7 @@ resources:
         - config: {get_resource: kube_user}
         - config: {get_resource: kube_examples}
         - config: {get_resource: add_to_docker_group}
+        - config: {get_resource: configure_docker_storage}
         - config: {get_resource: configure_kubernetes_minion}
         - config: {get_resource: docker_service}
         - config: {get_resource: enable_services}
@@ -178,6 +193,7 @@ resources:
       fixed_ips:
         - subnet_id:
             get_param: fixed_subnet_id
+      replacement_policy: AUTO
 
   kube_node_floating:
     type: "OS::Neutron::FloatingIP"
@@ -187,6 +203,17 @@ resources:
       port_id:
         get_resource: kube_node_eth0
 
+  docker_volume:
+    type: "OS::Cinder::Volume"
+    properties:
+      size: {get_param: docker_volume_size}
+
+  docker_volume_attach:
+    type: "OS::Cinder::VolumeAttachment"
+    properties:
+      instance_uuid: {get_resource: kube_node}
+      volume_id: {get_resource: docker_volume}
+
 outputs:
 
   kube_node_ip: