heat-agent: Check if scripts exists

When we start or restart the heat-agent, we run configure_container_agent.sh which writes a few scripts. Make sure that the scipts do not exist before writing to avoid overwriting any values created on runtime. When the heat-agent starts, /etc/os-collect-config.conf includes only the reference to the os-refresh-config command. After the agent bootstap, this file contains the credentials to check for software deployments in the [heat] section. Before this patch, when the agent restarted /etc/os-collect-config.conf was cleared resulting the agent to stop working. I have the survive restarts, skiping only os-collect-config.conf should be enough, but it is better to not touch files on just service restart. Additionally, fix file permissions for /etc/os-collect-config.conf. Change heat-container-agent tag to ussuri-dev. Change-Id: I3efd4e55e885b95721f13279b44dc1246e2fd2e4 Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
2019-10-21 09:45:39 +00:00 · 2019-10-21 09:45:39 +00:00 · 66ebe442c2
commit 66ebe442c2
parent 94caaaa344
9 changed files with 47 additions and 21 deletions
--- a/dockerfiles/heat-container-agent/scripts/configure_container_agent.sh
+++ b/dockerfiles/heat-container-agent/scripts/configure_container_agent.sh
@ -2,35 +2,49 @@
 set -eux

 # initial /etc/os-collect-config.conf
-cat <<EOF >/etc/os-collect-config.conf
+if [ ! -f /etc/os-collect-config.conf ] ; then
+    cat <<EOF >/etc/os-collect-config.conf
 [DEFAULT]
 command = os-refresh-config
 EOF
+chmod 600 /etc/os-collect-config.conf
+fi

 # os-refresh-config scripts directory
 # This moves to /usr/libexec/os-refresh-config in later releases
 # Be sure to have this dir mounted and created by config.json and tmpfiles
 orc_scripts=/opt/stack/os-config-refresh
 for d in pre-configure.d configure.d migration.d post-configure.d; do
-    install -m 0755 -o root -g root -d $orc_scripts/$d
+    if [ ! -d $orc_scripts/$d ] ; then
+        install -m 0755 -o root -g root -d $orc_scripts/$d
+    fi
 done

 # os-refresh-config script for running os-apply-config
-cat <<EOF >$orc_scripts/configure.d/20-os-apply-config
+if [ ! -f $orc_scripts/configure.d/20-os-apply-config ] ; then
+    cat <<EOF >$orc_scripts/configure.d/20-os-apply-config
 #!/bin/bash
 set -ue

 exec os-apply-config
 EOF
+fi

-chmod 700 $orc_scripts/configure.d/20-os-apply-config
-cp /opt/heat-container-agent/scripts/55-heat-config $orc_scripts/configure.d/55-heat-config
-chmod 700 $orc_scripts/configure.d/55-heat-config
-cp /opt/heat-container-agent/scripts/50-heat-config-docker-compose $orc_scripts/configure.d/50-heat-config-docker-compose
-chmod 700 $orc_scripts/configure.d/50-heat-config-docker-compose
+if [ ! -f $orc_scripts/configure.d/55-heat-config ] ; then
+    chmod 700 $orc_scripts/configure.d/20-os-apply-config
+    cp /opt/heat-container-agent/scripts/55-heat-config $orc_scripts/configure.d/55-heat-config
+    chmod 700 $orc_scripts/configure.d/55-heat-config
+fi

-mkdir -p /var/lib/heat-config/hooks
-cp /opt/heat-container-agent/hooks/* /var/lib/heat-config/hooks/
-chmod 755 /var/lib/heat-config/hooks/atomic
-chmod 755 /var/lib/heat-config/hooks/docker-compose
-chmod 755 /var/lib/heat-config/hooks/script
+if [ ! -f $orc_scripts/configure.d/50-heat-config-docker-compose ] ; then
+    cp /opt/heat-container-agent/scripts/50-heat-config-docker-compose $orc_scripts/configure.d/50-heat-config-docker-compose
+    chmod 700 $orc_scripts/configure.d/50-heat-config-docker-compose
+fi
+
+if [ ! -f /var/lib/heat-config/hooks/atomic ] && [ ! -f /var/lib/heat-config/hooks/docker-compose ] && [ ! -f /var/lib/heat-config/hooks/script ] ; then
+    mkdir -p /var/lib/heat-config/hooks
+    cp /opt/heat-container-agent/hooks/* /var/lib/heat-config/hooks/
+    chmod 755 /var/lib/heat-config/hooks/atomic
+    chmod 755 /var/lib/heat-config/hooks/docker-compose
+    chmod 755 /var/lib/heat-config/hooks/script
+fi
--- a/dockerfiles/heat-container-agent/scripts/write-os-apply-config-templates.sh
+++ b/dockerfiles/heat-container-agent/scripts/write-os-apply-config-templates.sh
@ -7,7 +7,8 @@ mkdir -p $oac_templates/etc


 # template for building os-collect-config.conf for polling heat
-cat <<EOF >$oac_templates/etc/os-collect-config.conf
+if [ ! -f $oac_templates/etc/os-collect-config.conf ] ; then
+    cat <<EOF >$oac_templates/etc/os-collect-config.conf
 [DEFAULT]
 {{^os-collect-config.command}}
 command = os-refresh-config
@ -67,7 +68,11 @@ metadata_url = {{metadata_url}}

 {{/os-collect-config}}
 EOF
+fi
+
 mkdir -p $oac_templates/var/run/heat-config

 # template for writing heat deployments data to a file
-echo "{{deployments}}" > $oac_templates/var/run/heat-config/heat-config
+if [ ! -f $oac_templates/var/run/heat-config/heat-config ] ; then
+    echo "{{deployments}}" > $oac_templates/var/run/heat-config/heat-config
+fi
--- a/dockerfiles/kubernetes-apiserver/launch.sh
+++ b/dockerfiles/kubernetes-apiserver/launch.sh
@ -6,5 +6,7 @@
 ARGS="$@ $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_ETCD_SERVERS $KUBE_API_ADDRESS $KUBE_API_PORT $KUBELET_PORT $KUBE_ALLOW_PRIV $KUBE_SERVICE_ADDRESSES $KUBE_ADMISSION_CONTROL $KUBE_API_ARGS"

 ARGS=$(echo $ARGS | sed s#--tls-ca-file=/etc/kubernetes/certs/ca.crt##)
+# KubeletPluginsWatcher=true,
+ARGS=$(echo $ARGS | sed s/KubeletPluginsWatcher=true,//)

 exec /usr/local/bin/kube-apiserver $ARGS
--- a/dockerfiles/kubernetes-controller-manager/launch.sh
+++ b/dockerfiles/kubernetes-controller-manager/launch.sh
@ -6,5 +6,7 @@
 ARGS="$@ $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_MASTER $KUBE_CONTROLLER_MANAGER_ARGS"

 ARGS="${ARGS} --secure-port=0"
+# KubeletPluginsWatcher=true,
+ARGS=$(echo $ARGS | sed s/KubeletPluginsWatcher=true,//)

 exec /usr/local/bin/kube-controller-manager $ARGS
--- a/dockerfiles/kubernetes-kubelet/config.json.template
+++ b/dockerfiles/kubernetes-kubelet/config.json.template
@ -368,7 +368,8 @@
            "options": [
                "bind",
                "rw",
-                "mode=755"
+                "rshared",
+                "mode=777"
             ]
          },
          {
@ -379,7 +380,7 @@
                "rbind",
                "rshared",
                "rw",
-                "mode=755"
+                "mode=777"
             ]
          },
          {
--- a/dockerfiles/kubernetes-kubelet/launch.sh
+++ b/dockerfiles/kubernetes-kubelet/launch.sh
@ -8,5 +8,7 @@ TEMP_KUBELET_ARGS='--cgroups-per-qos=false --enforce-node-allocatable='
 ARGS="$@ $TEMP_KUBELET_ARGS $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBELET_API_SERVER $KUBELET_ADDRESS $KUBELET_PORT $KUBELET_HOSTNAME $KUBE_ALLOW_PRIV $KUBELET_ARGS"

 ARGS=$(echo $ARGS | sed s/--cadvisor-port=0//)
+ARGS=$(echo $ARGS | sed s/--require-kubeconfig//)
+ARGS=$(echo $ARGS | sed s/node-role/node/)

-exec /hyperkube kubelet $ARGS --containerized
+exec /hyperkube kubelet $ARGS
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
@ -637,7 +637,7 @@ parameters:
  heat_container_agent_tag:
    type: string
    description: tag of the heat_container_agent system container
-    default: train-dev
+    default: ussuri-dev

  keystone_auth_enabled:
    type: boolean
--- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
@ -637,7 +637,7 @@ parameters:
  heat_container_agent_tag:
    type: string
    description: tag of the heat_container_agent system container
-    default: train-dev
+    default: ussuri-dev

  keystone_auth_enabled:
    type: boolean
--- a/playbooks/container-builder-vars.yaml
+++ b/playbooks/container-builder-vars.yaml
@ -16,7 +16,7 @@ kubernetes_images:

 magnum_images:
  - name: heat-container-agent
-    tag: train-dev
+    tag: ussuri-dev

 helm_version: v2.12.3