From 66ebe442c2c3a670e3073b11c26ef5556079d6de Mon Sep 17 00:00:00 2001 From: Spyros Trigazis Date: Mon, 21 Oct 2019 09:45:39 +0000 Subject: [PATCH] heat-agent: Check if scripts exists When we start or restart the heat-agent, we run configure_container_agent.sh which writes a few scripts. Make sure that the scipts do not exist before writing to avoid overwriting any values created on runtime. When the heat-agent starts, /etc/os-collect-config.conf includes only the reference to the os-refresh-config command. After the agent bootstap, this file contains the credentials to check for software deployments in the [heat] section. Before this patch, when the agent restarted /etc/os-collect-config.conf was cleared resulting the agent to stop working. I have the survive restarts, skiping only os-collect-config.conf should be enough, but it is better to not touch files on just service restart. Additionally, fix file permissions for /etc/os-collect-config.conf. Change heat-container-agent tag to ussuri-dev. Change-Id: I3efd4e55e885b95721f13279b44dc1246e2fd2e4 Signed-off-by: Spyros Trigazis --- .../scripts/configure_container_agent.sh | 40 +++++++++++++------ .../write-os-apply-config-templates.sh | 9 ++++- dockerfiles/kubernetes-apiserver/launch.sh | 2 + .../kubernetes-controller-manager/launch.sh | 2 + .../kubernetes-kubelet/config.json.template | 5 ++- dockerfiles/kubernetes-kubelet/launch.sh | 4 +- .../templates/kubecluster.yaml | 2 +- .../templates/kubecluster.yaml | 2 +- playbooks/container-builder-vars.yaml | 2 +- 9 files changed, 47 insertions(+), 21 deletions(-) diff --git a/dockerfiles/heat-container-agent/scripts/configure_container_agent.sh b/dockerfiles/heat-container-agent/scripts/configure_container_agent.sh index 688a36d7a1..33c5a41b4b 100644 --- a/dockerfiles/heat-container-agent/scripts/configure_container_agent.sh +++ b/dockerfiles/heat-container-agent/scripts/configure_container_agent.sh @@ -2,35 +2,49 @@ set -eux # initial /etc/os-collect-config.conf -cat </etc/os-collect-config.conf +if [ ! -f /etc/os-collect-config.conf ] ; then + cat </etc/os-collect-config.conf [DEFAULT] command = os-refresh-config EOF +chmod 600 /etc/os-collect-config.conf +fi # os-refresh-config scripts directory # This moves to /usr/libexec/os-refresh-config in later releases # Be sure to have this dir mounted and created by config.json and tmpfiles orc_scripts=/opt/stack/os-config-refresh for d in pre-configure.d configure.d migration.d post-configure.d; do - install -m 0755 -o root -g root -d $orc_scripts/$d + if [ ! -d $orc_scripts/$d ] ; then + install -m 0755 -o root -g root -d $orc_scripts/$d + fi done # os-refresh-config script for running os-apply-config -cat <$orc_scripts/configure.d/20-os-apply-config +if [ ! -f $orc_scripts/configure.d/20-os-apply-config ] ; then + cat <$orc_scripts/configure.d/20-os-apply-config #!/bin/bash set -ue exec os-apply-config EOF +fi -chmod 700 $orc_scripts/configure.d/20-os-apply-config -cp /opt/heat-container-agent/scripts/55-heat-config $orc_scripts/configure.d/55-heat-config -chmod 700 $orc_scripts/configure.d/55-heat-config -cp /opt/heat-container-agent/scripts/50-heat-config-docker-compose $orc_scripts/configure.d/50-heat-config-docker-compose -chmod 700 $orc_scripts/configure.d/50-heat-config-docker-compose +if [ ! -f $orc_scripts/configure.d/55-heat-config ] ; then + chmod 700 $orc_scripts/configure.d/20-os-apply-config + cp /opt/heat-container-agent/scripts/55-heat-config $orc_scripts/configure.d/55-heat-config + chmod 700 $orc_scripts/configure.d/55-heat-config +fi -mkdir -p /var/lib/heat-config/hooks -cp /opt/heat-container-agent/hooks/* /var/lib/heat-config/hooks/ -chmod 755 /var/lib/heat-config/hooks/atomic -chmod 755 /var/lib/heat-config/hooks/docker-compose -chmod 755 /var/lib/heat-config/hooks/script +if [ ! -f $orc_scripts/configure.d/50-heat-config-docker-compose ] ; then + cp /opt/heat-container-agent/scripts/50-heat-config-docker-compose $orc_scripts/configure.d/50-heat-config-docker-compose + chmod 700 $orc_scripts/configure.d/50-heat-config-docker-compose +fi + +if [ ! -f /var/lib/heat-config/hooks/atomic ] && [ ! -f /var/lib/heat-config/hooks/docker-compose ] && [ ! -f /var/lib/heat-config/hooks/script ] ; then + mkdir -p /var/lib/heat-config/hooks + cp /opt/heat-container-agent/hooks/* /var/lib/heat-config/hooks/ + chmod 755 /var/lib/heat-config/hooks/atomic + chmod 755 /var/lib/heat-config/hooks/docker-compose + chmod 755 /var/lib/heat-config/hooks/script +fi diff --git a/dockerfiles/heat-container-agent/scripts/write-os-apply-config-templates.sh b/dockerfiles/heat-container-agent/scripts/write-os-apply-config-templates.sh index 750f580bd4..7fa4d7fc2f 100644 --- a/dockerfiles/heat-container-agent/scripts/write-os-apply-config-templates.sh +++ b/dockerfiles/heat-container-agent/scripts/write-os-apply-config-templates.sh @@ -7,7 +7,8 @@ mkdir -p $oac_templates/etc # template for building os-collect-config.conf for polling heat -cat <$oac_templates/etc/os-collect-config.conf +if [ ! -f $oac_templates/etc/os-collect-config.conf ] ; then + cat <$oac_templates/etc/os-collect-config.conf [DEFAULT] {{^os-collect-config.command}} command = os-refresh-config @@ -67,7 +68,11 @@ metadata_url = {{metadata_url}} {{/os-collect-config}} EOF +fi + mkdir -p $oac_templates/var/run/heat-config # template for writing heat deployments data to a file -echo "{{deployments}}" > $oac_templates/var/run/heat-config/heat-config +if [ ! -f $oac_templates/var/run/heat-config/heat-config ] ; then + echo "{{deployments}}" > $oac_templates/var/run/heat-config/heat-config +fi diff --git a/dockerfiles/kubernetes-apiserver/launch.sh b/dockerfiles/kubernetes-apiserver/launch.sh index d2dcd3ecf6..5bcffc13b2 100755 --- a/dockerfiles/kubernetes-apiserver/launch.sh +++ b/dockerfiles/kubernetes-apiserver/launch.sh @@ -6,5 +6,7 @@ ARGS="$@ $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_ETCD_SERVERS $KUBE_API_ADDRESS $KUBE_API_PORT $KUBELET_PORT $KUBE_ALLOW_PRIV $KUBE_SERVICE_ADDRESSES $KUBE_ADMISSION_CONTROL $KUBE_API_ARGS" ARGS=$(echo $ARGS | sed s#--tls-ca-file=/etc/kubernetes/certs/ca.crt##) +# KubeletPluginsWatcher=true, +ARGS=$(echo $ARGS | sed s/KubeletPluginsWatcher=true,//) exec /usr/local/bin/kube-apiserver $ARGS diff --git a/dockerfiles/kubernetes-controller-manager/launch.sh b/dockerfiles/kubernetes-controller-manager/launch.sh index 3cc2d38b0d..4d42aa2897 100755 --- a/dockerfiles/kubernetes-controller-manager/launch.sh +++ b/dockerfiles/kubernetes-controller-manager/launch.sh @@ -6,5 +6,7 @@ ARGS="$@ $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_MASTER $KUBE_CONTROLLER_MANAGER_ARGS" ARGS="${ARGS} --secure-port=0" +# KubeletPluginsWatcher=true, +ARGS=$(echo $ARGS | sed s/KubeletPluginsWatcher=true,//) exec /usr/local/bin/kube-controller-manager $ARGS diff --git a/dockerfiles/kubernetes-kubelet/config.json.template b/dockerfiles/kubernetes-kubelet/config.json.template index 62ad4a5592..1b9e3ca4d0 100644 --- a/dockerfiles/kubernetes-kubelet/config.json.template +++ b/dockerfiles/kubernetes-kubelet/config.json.template @@ -368,7 +368,8 @@ "options": [ "bind", "rw", - "mode=755" + "rshared", + "mode=777" ] }, { @@ -379,7 +380,7 @@ "rbind", "rshared", "rw", - "mode=755" + "mode=777" ] }, { diff --git a/dockerfiles/kubernetes-kubelet/launch.sh b/dockerfiles/kubernetes-kubelet/launch.sh index 1b809ff721..a331ea4c12 100755 --- a/dockerfiles/kubernetes-kubelet/launch.sh +++ b/dockerfiles/kubernetes-kubelet/launch.sh @@ -8,5 +8,7 @@ TEMP_KUBELET_ARGS='--cgroups-per-qos=false --enforce-node-allocatable=' ARGS="$@ $TEMP_KUBELET_ARGS $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBELET_API_SERVER $KUBELET_ADDRESS $KUBELET_PORT $KUBELET_HOSTNAME $KUBE_ALLOW_PRIV $KUBELET_ARGS" ARGS=$(echo $ARGS | sed s/--cadvisor-port=0//) +ARGS=$(echo $ARGS | sed s/--require-kubeconfig//) +ARGS=$(echo $ARGS | sed s/node-role/node/) -exec /hyperkube kubelet $ARGS --containerized +exec /hyperkube kubelet $ARGS diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml index 5165ab312b..c0fcf20d7e 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml @@ -637,7 +637,7 @@ parameters: heat_container_agent_tag: type: string description: tag of the heat_container_agent system container - default: train-dev + default: ussuri-dev keystone_auth_enabled: type: boolean diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml index d6ad2e0c58..837b72bcf5 100644 --- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml +++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml @@ -637,7 +637,7 @@ parameters: heat_container_agent_tag: type: string description: tag of the heat_container_agent system container - default: train-dev + default: ussuri-dev keystone_auth_enabled: type: boolean diff --git a/playbooks/container-builder-vars.yaml b/playbooks/container-builder-vars.yaml index 21cdbf34ac..063cc7f850 100644 --- a/playbooks/container-builder-vars.yaml +++ b/playbooks/container-builder-vars.yaml @@ -16,7 +16,7 @@ kubernetes_images: magnum_images: - name: heat-container-agent - tag: train-dev + tag: ussuri-dev helm_version: v2.12.3