heat-agent: Check if scripts exists

When we start or restart the heat-agent, we run
configure_container_agent.sh which writes a few scripts. Make sure that
the scipts do not exist before writing to avoid overwriting any values
created on runtime.

When the heat-agent starts, /etc/os-collect-config.conf includes only
the reference to the os-refresh-config command. After the agent
bootstap, this file contains the credentials to check for software
deployments in the [heat] section. Before this patch, when the agent
restarted /etc/os-collect-config.conf was cleared resulting the agent to
stop working. I have the survive restarts, skiping only
os-collect-config.conf should be enough, but it is better to not touch
files on just service restart.

Additionally, fix file permissions for /etc/os-collect-config.conf.

Change heat-container-agent tag to ussuri-dev.

Change-Id: I3efd4e55e885b95721f13279b44dc1246e2fd2e4
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>

dockerfiles/heat-container-agent/scripts/configure_container_agent.sh

@@ -2,35 +2,49 @@
 set -eux
 
 # initial /etc/os-collect-config.conf
-cat <<EOF >/etc/os-collect-config.conf
+if [ ! -f /etc/os-collect-config.conf ] ; then
+    cat <<EOF >/etc/os-collect-config.conf
 [DEFAULT]
 command = os-refresh-config
 EOF
+chmod 600 /etc/os-collect-config.conf
+fi
 
 # os-refresh-config scripts directory
 # This moves to /usr/libexec/os-refresh-config in later releases
 # Be sure to have this dir mounted and created by config.json and tmpfiles
 orc_scripts=/opt/stack/os-config-refresh
 for d in pre-configure.d configure.d migration.d post-configure.d; do
-    install -m 0755 -o root -g root -d $orc_scripts/$d
+    if [ ! -d $orc_scripts/$d ] ; then
+        install -m 0755 -o root -g root -d $orc_scripts/$d
+    fi
 done
 
 # os-refresh-config script for running os-apply-config
-cat <<EOF >$orc_scripts/configure.d/20-os-apply-config
+if [ ! -f $orc_scripts/configure.d/20-os-apply-config ] ; then
+    cat <<EOF >$orc_scripts/configure.d/20-os-apply-config
 #!/bin/bash
 set -ue
 
 exec os-apply-config
 EOF
+fi
 
-chmod 700 $orc_scripts/configure.d/20-os-apply-config
+if [ ! -f $orc_scripts/configure.d/55-heat-config ] ; then
-cp /opt/heat-container-agent/scripts/55-heat-config $orc_scripts/configure.d/55-heat-config
+    chmod 700 $orc_scripts/configure.d/20-os-apply-config
-chmod 700 $orc_scripts/configure.d/55-heat-config
+    cp /opt/heat-container-agent/scripts/55-heat-config $orc_scripts/configure.d/55-heat-config
-cp /opt/heat-container-agent/scripts/50-heat-config-docker-compose $orc_scripts/configure.d/50-heat-config-docker-compose
+    chmod 700 $orc_scripts/configure.d/55-heat-config
-chmod 700 $orc_scripts/configure.d/50-heat-config-docker-compose
+fi
 
-mkdir -p /var/lib/heat-config/hooks
+if [ ! -f $orc_scripts/configure.d/50-heat-config-docker-compose ] ; then
-cp /opt/heat-container-agent/hooks/* /var/lib/heat-config/hooks/
+    cp /opt/heat-container-agent/scripts/50-heat-config-docker-compose $orc_scripts/configure.d/50-heat-config-docker-compose
-chmod 755 /var/lib/heat-config/hooks/atomic
+    chmod 700 $orc_scripts/configure.d/50-heat-config-docker-compose
-chmod 755 /var/lib/heat-config/hooks/docker-compose
+fi
-chmod 755 /var/lib/heat-config/hooks/script
+
+if [ ! -f /var/lib/heat-config/hooks/atomic ] && [ ! -f /var/lib/heat-config/hooks/docker-compose ] && [ ! -f /var/lib/heat-config/hooks/script ] ; then
+    mkdir -p /var/lib/heat-config/hooks
+    cp /opt/heat-container-agent/hooks/* /var/lib/heat-config/hooks/
+    chmod 755 /var/lib/heat-config/hooks/atomic
+    chmod 755 /var/lib/heat-config/hooks/docker-compose
+    chmod 755 /var/lib/heat-config/hooks/script
+fi

dockerfiles/heat-container-agent/scripts/write-os-apply-config-templates.sh

@@ -7,7 +7,8 @@ mkdir -p $oac_templates/etc
 
 
 # template for building os-collect-config.conf for polling heat
-cat <<EOF >$oac_templates/etc/os-collect-config.conf
+if [ ! -f $oac_templates/etc/os-collect-config.conf ] ; then
+    cat <<EOF >$oac_templates/etc/os-collect-config.conf
 [DEFAULT]
 {{^os-collect-config.command}}
 command = os-refresh-config
@@ -67,7 +68,11 @@ metadata_url = {{metadata_url}}
 
 {{/os-collect-config}}
 EOF
+fi
+
 mkdir -p $oac_templates/var/run/heat-config
 
 # template for writing heat deployments data to a file
-echo "{{deployments}}" > $oac_templates/var/run/heat-config/heat-config
+if [ ! -f $oac_templates/var/run/heat-config/heat-config ] ; then
+    echo "{{deployments}}" > $oac_templates/var/run/heat-config/heat-config
+fi

dockerfiles/kubernetes-apiserver/launch.sh

@@ -6,5 +6,7 @@
 ARGS="$@ $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_ETCD_SERVERS $KUBE_API_ADDRESS $KUBE_API_PORT $KUBELET_PORT $KUBE_ALLOW_PRIV $KUBE_SERVICE_ADDRESSES $KUBE_ADMISSION_CONTROL $KUBE_API_ARGS"
 
 ARGS=$(echo $ARGS | sed s#--tls-ca-file=/etc/kubernetes/certs/ca.crt##)
+# KubeletPluginsWatcher=true,
+ARGS=$(echo $ARGS | sed s/KubeletPluginsWatcher=true,//)
 
 exec /usr/local/bin/kube-apiserver $ARGS

dockerfiles/kubernetes-controller-manager/launch.sh

@@ -6,5 +6,7 @@
 ARGS="$@ $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_MASTER $KUBE_CONTROLLER_MANAGER_ARGS"
 
 ARGS="${ARGS} --secure-port=0"
+# KubeletPluginsWatcher=true,
+ARGS=$(echo $ARGS | sed s/KubeletPluginsWatcher=true,//)
 
 exec /usr/local/bin/kube-controller-manager $ARGS

dockerfiles/kubernetes-kubelet/config.json.template

@@ -368,7 +368,8 @@
             "options": [
                 "bind",
                 "rw",
-                "mode=755"
+                "rshared",
+                "mode=777"
              ]
           },
           {
@@ -379,7 +380,7 @@
                 "rbind",
                 "rshared",
                 "rw",
-                "mode=755"
+                "mode=777"
              ]
           },
           {

dockerfiles/kubernetes-kubelet/launch.sh

@@ -8,5 +8,7 @@ TEMP_KUBELET_ARGS='--cgroups-per-qos=false --enforce-node-allocatable='
 ARGS="$@ $TEMP_KUBELET_ARGS $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBELET_API_SERVER $KUBELET_ADDRESS $KUBELET_PORT $KUBELET_HOSTNAME $KUBE_ALLOW_PRIV $KUBELET_ARGS"
 
 ARGS=$(echo $ARGS | sed s/--cadvisor-port=0//)
+ARGS=$(echo $ARGS | sed s/--require-kubeconfig//)
+ARGS=$(echo $ARGS | sed s/node-role/node/)
 
-exec /hyperkube kubelet $ARGS --containerized
+exec /hyperkube kubelet $ARGS

magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml

@@ -637,7 +637,7 @@ parameters:
   heat_container_agent_tag:
     type: string
     description: tag of the heat_container_agent system container
-    default: train-dev
+    default: ussuri-dev
 
   keystone_auth_enabled:
     type: boolean

magnum/drivers/k8s_fedora_coreos_v1/templates/kubecluster.yaml

@@ -637,7 +637,7 @@ parameters:
   heat_container_agent_tag:
     type: string
     description: tag of the heat_container_agent system container
-    default: train-dev
+    default: ussuri-dev
 
   keystone_auth_enabled:
     type: boolean

playbooks/container-builder-vars.yaml

@@ -16,7 +16,7 @@ kubernetes_images:
 
 magnum_images:
   - name: heat-container-agent
-    tag: train-dev
+    tag: ussuri-dev
 
 helm_version: v2.12.3