From 28ac1b3395195fa48f363e3536370aa7d5b17e5c Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Sun, 24 May 2015 18:15:19 -0400 Subject: [PATCH] API server explicitly notify systemd of successful startup Use the systemd $NOTIFY_SOCKET convention for kube-apiserver startup. This allows it to be part of dependency trees and for consumers to wait until it is listening on its ports. The $NOTIFY_SOCKET protocol is described here: http://www.freedesktop.org/software/systemd/man/sd_notify.html Currently this is limited to the kube-apiserver process. Other kube processes are internal kubernetes moving points. The API server is the entry point relied on by callers. 100% stolen from Stef Walter from: https://github.com/GoogleCloudPlatform/kubernetes/pull/8316 --- Godeps/Godeps.json | 5 +++ .../coreos/go-systemd/daemon/sdnotify.go | 31 +++++++++++++++++++ cmd/kube-apiserver/app/server.go | 5 +++ contrib/init/systemd/kube-apiserver.service | 1 + 4 files changed, 42 insertions(+) create mode 100644 Godeps/_workspace/src/github.com/coreos/go-systemd/daemon/sdnotify.go diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json index 98922b6fad6..4cc3c9b6917 100644 --- a/Godeps/Godeps.json +++ b/Godeps/Godeps.json @@ -94,6 +94,11 @@ "ImportPath": "github.com/coreos/go-semver/semver", "Rev": "6fe83ccda8fb9b7549c9ab4ba47f47858bc950aa" }, + { + "ImportPath": "github.com/coreos/go-systemd/daemon", + "Comment": "v2-27-g97e243d", + "Rev": "97e243d21a8e232e9d8af38ba2366dfcfceebeba" + }, { "ImportPath": "github.com/coreos/go-systemd/dbus", "Comment": "v2-27-g97e243d", diff --git a/Godeps/_workspace/src/github.com/coreos/go-systemd/daemon/sdnotify.go b/Godeps/_workspace/src/github.com/coreos/go-systemd/daemon/sdnotify.go new file mode 100644 index 00000000000..b92b1911c12 --- /dev/null +++ b/Godeps/_workspace/src/github.com/coreos/go-systemd/daemon/sdnotify.go @@ -0,0 +1,31 @@ +// Code forked from Docker project +package daemon + +import ( + "errors" + "net" + "os" +) + +var SdNotifyNoSocket = errors.New("No socket") + +// SdNotify sends a message to the init daemon. It is common to ignore the error. +func SdNotify(state string) error { + socketAddr := &net.UnixAddr{ + Name: os.Getenv("NOTIFY_SOCKET"), + Net: "unixgram", + } + + if socketAddr.Name == "" { + return SdNotifyNoSocket + } + + conn, err := net.DialUnix(socketAddr.Net, nil, socketAddr) + if err != nil { + return err + } + defer conn.Close() + + _, err = conn.Write([]byte(state)) + return err +} diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index 7b878d5acfb..af1a08c33e3 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -40,6 +40,7 @@ import ( "github.com/GoogleCloudPlatform/kubernetes/pkg/tools" "github.com/GoogleCloudPlatform/kubernetes/pkg/util" forked "github.com/GoogleCloudPlatform/kubernetes/third_party/forked/coreos/go-etcd/etcd" + systemd "github.com/coreos/go-systemd/daemon" "github.com/coreos/go-etcd/etcd" "github.com/golang/glog" @@ -455,6 +456,7 @@ func (s *APIServer) Run(_ []string) error { glog.Infof("Using self-signed cert (%s, %s)", s.TLSCertFile, s.TLSPrivateKeyFile) } } + _ = systemd.SdNotify("READY=1\n") if err := secureServer.ListenAndServeTLS(s.TLSCertFile, s.TLSPrivateKeyFile); err != nil { glog.Errorf("Unable to listen for secure (%v); will try again.", err) } @@ -469,6 +471,9 @@ func (s *APIServer) Run(_ []string) error { WriteTimeout: ReadWriteTimeout, MaxHeaderBytes: 1 << 20, } + if secureLocation == "" { + _ = systemd.SdNotify("READY=1\n") + } glog.Infof("Serving insecurely on %s", insecureLocation) glog.Fatal(http.ListenAndServe()) return nil diff --git a/contrib/init/systemd/kube-apiserver.service b/contrib/init/systemd/kube-apiserver.service index dd915896a61..b9a7609b62f 100644 --- a/contrib/init/systemd/kube-apiserver.service +++ b/contrib/init/systemd/kube-apiserver.service @@ -18,6 +18,7 @@ ExecStart=/usr/bin/kube-apiserver \ $KUBE_ADMISSION_CONTROL \ $KUBE_API_ARGS Restart=on-failure +Type=notify LimitNOFILE=65536 [Install]