Browse Source

heat-agent: Check if scripts exists

When we start or restart the heat-agent, we run
configure_container_agent.sh which writes a few scripts. Make sure that
the scipts do not exist before writing to avoid overwriting any values
created on runtime.

When the heat-agent starts, /etc/os-collect-config.conf includes only
the reference to the os-refresh-config command. After the agent
bootstap, this file contains the credentials to check for software
deployments in the [heat] section. Before this patch, when the agent
restarted /etc/os-collect-config.conf was cleared resulting the agent to
stop working. I have the survive restarts, skiping only
os-collect-config.conf should be enough, but it is better to not touch
files on just service restart.

Additionally, fix file permissions for /etc/os-collect-config.conf.

Change heat-container-agent tag to ussuri-dev.

Change-Id: I3efd4e55e885b95721f13279b44dc1246e2fd2e4
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
changes/04/689704/5
Spyros Trigazis 3 years ago
parent
commit
66ebe442c2
  1. 40
      dockerfiles/heat-container-agent/scripts/configure_container_agent.sh
  2. 9
      dockerfiles/heat-container-agent/scripts/write-os-apply-config-templates.sh
  3. 2
      dockerfiles/kubernetes-apiserver/launch.sh
  4. 2
      dockerfiles/kubernetes-controller-manager/launch.sh
  5. 5
      dockerfiles/kubernetes-kubelet/config.json.template
  6. 4
      dockerfiles/kubernetes-kubelet/launch.sh
  7. 2
      magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
  8. 2
      magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml
  9. 2
      playbooks/container-builder-vars.yaml

40
dockerfiles/heat-container-agent/scripts/configure_container_agent.sh

@ -2,35 +2,49 @@
set -eux
# initial /etc/os-collect-config.conf
cat <<EOF >/etc/os-collect-config.conf
if [ ! -f /etc/os-collect-config.conf ] ; then
cat <<EOF >/etc/os-collect-config.conf
[DEFAULT]
command = os-refresh-config
EOF
chmod 600 /etc/os-collect-config.conf
fi
# os-refresh-config scripts directory
# This moves to /usr/libexec/os-refresh-config in later releases
# Be sure to have this dir mounted and created by config.json and tmpfiles
orc_scripts=/opt/stack/os-config-refresh
for d in pre-configure.d configure.d migration.d post-configure.d; do
install -m 0755 -o root -g root -d $orc_scripts/$d
if [ ! -d $orc_scripts/$d ] ; then
install -m 0755 -o root -g root -d $orc_scripts/$d
fi
done
# os-refresh-config script for running os-apply-config
cat <<EOF >$orc_scripts/configure.d/20-os-apply-config
if [ ! -f $orc_scripts/configure.d/20-os-apply-config ] ; then
cat <<EOF >$orc_scripts/configure.d/20-os-apply-config
#!/bin/bash
set -ue
exec os-apply-config
EOF
fi
chmod 700 $orc_scripts/configure.d/20-os-apply-config
cp /opt/heat-container-agent/scripts/55-heat-config $orc_scripts/configure.d/55-heat-config
chmod 700 $orc_scripts/configure.d/55-heat-config
cp /opt/heat-container-agent/scripts/50-heat-config-docker-compose $orc_scripts/configure.d/50-heat-config-docker-compose
chmod 700 $orc_scripts/configure.d/50-heat-config-docker-compose
if [ ! -f $orc_scripts/configure.d/55-heat-config ] ; then
chmod 700 $orc_scripts/configure.d/20-os-apply-config
cp /opt/heat-container-agent/scripts/55-heat-config $orc_scripts/configure.d/55-heat-config
chmod 700 $orc_scripts/configure.d/55-heat-config
fi
mkdir -p /var/lib/heat-config/hooks
cp /opt/heat-container-agent/hooks/* /var/lib/heat-config/hooks/
chmod 755 /var/lib/heat-config/hooks/atomic
chmod 755 /var/lib/heat-config/hooks/docker-compose
chmod 755 /var/lib/heat-config/hooks/script
if [ ! -f $orc_scripts/configure.d/50-heat-config-docker-compose ] ; then
cp /opt/heat-container-agent/scripts/50-heat-config-docker-compose $orc_scripts/configure.d/50-heat-config-docker-compose
chmod 700 $orc_scripts/configure.d/50-heat-config-docker-compose
fi
if [ ! -f /var/lib/heat-config/hooks/atomic ] && [ ! -f /var/lib/heat-config/hooks/docker-compose ] && [ ! -f /var/lib/heat-config/hooks/script ] ; then
mkdir -p /var/lib/heat-config/hooks
cp /opt/heat-container-agent/hooks/* /var/lib/heat-config/hooks/
chmod 755 /var/lib/heat-config/hooks/atomic
chmod 755 /var/lib/heat-config/hooks/docker-compose
chmod 755 /var/lib/heat-config/hooks/script
fi

9
dockerfiles/heat-container-agent/scripts/write-os-apply-config-templates.sh

@ -7,7 +7,8 @@ mkdir -p $oac_templates/etc
# template for building os-collect-config.conf for polling heat
cat <<EOF >$oac_templates/etc/os-collect-config.conf
if [ ! -f $oac_templates/etc/os-collect-config.conf ] ; then
cat <<EOF >$oac_templates/etc/os-collect-config.conf
[DEFAULT]
{{^os-collect-config.command}}
command = os-refresh-config
@ -67,7 +68,11 @@ metadata_url = {{metadata_url}}
{{/os-collect-config}}
EOF
fi
mkdir -p $oac_templates/var/run/heat-config
# template for writing heat deployments data to a file
echo "{{deployments}}" > $oac_templates/var/run/heat-config/heat-config
if [ ! -f $oac_templates/var/run/heat-config/heat-config ] ; then
echo "{{deployments}}" > $oac_templates/var/run/heat-config/heat-config
fi

2
dockerfiles/kubernetes-apiserver/launch.sh

@ -6,5 +6,7 @@
ARGS="$@ $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_ETCD_SERVERS $KUBE_API_ADDRESS $KUBE_API_PORT $KUBELET_PORT $KUBE_ALLOW_PRIV $KUBE_SERVICE_ADDRESSES $KUBE_ADMISSION_CONTROL $KUBE_API_ARGS"
ARGS=$(echo $ARGS | sed s#--tls-ca-file=/etc/kubernetes/certs/ca.crt##)
# KubeletPluginsWatcher=true,
ARGS=$(echo $ARGS | sed s/KubeletPluginsWatcher=true,//)
exec /usr/local/bin/kube-apiserver $ARGS

2
dockerfiles/kubernetes-controller-manager/launch.sh

@ -6,5 +6,7 @@
ARGS="$@ $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_MASTER $KUBE_CONTROLLER_MANAGER_ARGS"
ARGS="${ARGS} --secure-port=0"
# KubeletPluginsWatcher=true,
ARGS=$(echo $ARGS | sed s/KubeletPluginsWatcher=true,//)
exec /usr/local/bin/kube-controller-manager $ARGS

5
dockerfiles/kubernetes-kubelet/config.json.template

@ -368,7 +368,8 @@
"options": [
"bind",
"rw",
"mode=755"
"rshared",
"mode=777"
]
},
{
@ -379,7 +380,7 @@
"rbind",
"rshared",
"rw",
"mode=755"
"mode=777"
]
},
{

4
dockerfiles/kubernetes-kubelet/launch.sh

@ -8,5 +8,7 @@ TEMP_KUBELET_ARGS='--cgroups-per-qos=false --enforce-node-allocatable='
ARGS="$@ $TEMP_KUBELET_ARGS $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBELET_API_SERVER $KUBELET_ADDRESS $KUBELET_PORT $KUBELET_HOSTNAME $KUBE_ALLOW_PRIV $KUBELET_ARGS"
ARGS=$(echo $ARGS | sed s/--cadvisor-port=0//)
ARGS=$(echo $ARGS | sed s/--require-kubeconfig//)
ARGS=$(echo $ARGS | sed s/node-role/node/)
exec /hyperkube kubelet $ARGS --containerized
exec /hyperkube kubelet $ARGS

2
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml

@ -637,7 +637,7 @@ parameters:
heat_container_agent_tag:
type: string
description: tag of the heat_container_agent system container
default: train-dev
default: ussuri-dev
keystone_auth_enabled:
type: boolean

2
magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml

@ -637,7 +637,7 @@ parameters:
heat_container_agent_tag:
type: string
description: tag of the heat_container_agent system container
default: train-dev
default: ussuri-dev
keystone_auth_enabled:
type: boolean

2
playbooks/container-builder-vars.yaml

@ -16,7 +16,7 @@ kubernetes_images:
magnum_images:
- name: heat-container-agent
tag: train-dev
tag: ussuri-dev
helm_version: v2.12.3

Loading…
Cancel
Save