Merge pull request #10967 from thockin/automated-cherry-pick-of-#10488-on-upstream-release-0.21

Automated cherry pick of #10488 on upstream release 0.21
2025-07-30 15:05:27 +00:00 · 2015-07-08 18:33:28 -07:00 · 2015-07-08 18:33:28 -07:00 · 5c41af424f
commit 5c41af424f
parent 51360aa350 d306738bec
14 changed files with 260 additions and 71 deletions
--- a/cluster/saltbase/pillar/systemd.sls
+++ b/cluster/saltbase/pillar/systemd.sls
@ -0,0 +1,9 @@
+{% if grains['oscodename'] in [ 'vivid', 'jessie' ] %}
+is_systemd: True
+systemd_system_path: /lib/systemd/system
+{% elif grains['os_family'] == 'RedHat' %}
+is_systemd: True
+systemd_system_path: /usr/lib/systemd/system
+{% else %}
+is_systemd: False
+{% endif %}
--- a/cluster/saltbase/pillar/top.sls
+++ b/cluster/saltbase/pillar/top.sls
@ -5,3 +5,4 @@ base:
    - logging
    - docker-images
    - privilege
+    - systemd
--- a/cluster/saltbase/salt/docker/docker-defaults
+++ b/cluster/saltbase/salt/docker/docker-defaults
@ -1,6 +1,3 @@
-DOCKER_OPTS=""
-{% if grains.docker_opts is defined and grains.docker_opts %}
-DOCKER_OPTS="${DOCKER_OPTS} {{grains.docker_opts}}"
-{% endif %}
-DOCKER_OPTS="${DOCKER_OPTS} --bridge=cbr0 --iptables=false --ip-masq=false"
+{% set grains_opts = grains.get('docker_opts', '') -%}
+DOCKER_OPTS="{{grains_opts}} --bridge=cbr0 --iptables=false --ip-masq=false"
 DOCKER_NOFILE=1000000
--- a/cluster/saltbase/salt/docker/docker.service
+++ b/cluster/saltbase/salt/docker/docker.service
@ -0,0 +1,20 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=http://docs.docker.com
+After=network.target docker.socket
+Requires=docker.socket
+
+[Service]
+EnvironmentFile={{ environment_file }}
+ExecStart=/usr/bin/docker -d -H fd:// "$DOCKER_OPTS"
+MountFlags=slave
+LimitNOFILE=1048576
+LimitNPROC=1048576
+LimitCORE=infinity
+Restart=always
+RestartSec=2s
+StartLimitInterval=0
+
+[Install]
+WantedBy=multi-user.target
+
--- a/cluster/saltbase/salt/docker/init.sls
+++ b/cluster/saltbase/salt/docker/init.sls
@ -1,4 +1,4 @@
-{% if grains['os_family'] == 'RedHat' %}
+{% if pillar.get('is_systemd') %}
 {% set environment_file = '/etc/sysconfig/docker' %}
 {% else %}
 {% set environment_file = '/etc/default/docker' %}
@ -116,6 +116,36 @@ lxc-docker-{{ override_docker_ver }}:
      - file: /var/cache/docker-install/{{ override_deb }}
 {% endif %} # end override_docker_ver != ''

+# Default docker systemd unit file doesn't use an EnvironmentFile; replace it with one that does.
+{% if pillar.get('is_systemd') %}
+
+{{ pillar.get('systemd_system_path') }}/docker.service:
+  file.managed:
+    - source: salt://docker/docker.service
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: 644
+    - defaults:
+        environment_file: {{ environment_file }}
+
+# The docker service.running block below doesn't work reliably
+# Instead we run our script which e.g. does a systemd daemon-reload
+# But we keep the service block below, so it can be used by dependencies
+# TODO: Fix this
+fix-service-docker:
+  cmd.wait:
+    - name: /opt/kubernetes/helpers/services bounce docker
+    - watch:
+      - file: {{ pillar.get('systemd_system_path') }}/docker.service
+      - file: {{ environment_file }}
+{% if override_docker_ver != '' %}
+    - require:
+      - pkg: lxc-docker-{{ override_docker_ver }}
+{% endif %}
+
+{% endif %}
+
 docker:
  service.running:
 # Starting Docker is racy on aws for some reason.  To be honest, since Monit
@ -129,6 +159,9 @@ docker:
 {% endif %}
    - watch:
      - file: {{ environment_file }}
+{% if pillar.get('is_systemd') %}
+      - file: {{ pillar.get('systemd_system_path') }}/docker.service
+{% endif %}
 {% if override_docker_ver != '' %}
    - require:
      - pkg: lxc-docker-{{ override_docker_ver }}
--- a/cluster/saltbase/salt/etcd/init.sls
+++ b/cluster/saltbase/salt/etcd/init.sls
@ -24,9 +24,11 @@ delete_etcd_default:
  file.absent:
    - name: /etc/default/etcd

+{% if pillar.get('is_systemd') %}
 delete_etcd_service_file:
  file.absent:
-    - name: /usr/lib/systemd/system/etcd.service
+    - name: {{ pillar.get('systemd_system_path') }}/etcd.service
+{% endif %}

 delete_etcd_initd:
  file.absent:
--- a/cluster/saltbase/salt/kube-addons/init.sls
+++ b/cluster/saltbase/salt/kube-addons/init.sls
@ -119,13 +119,17 @@ addon-dir-create:
    - group: root
    - mode: 755

-{% if grains['os_family'] == 'RedHat' %}
+{% if pillar.get('is_systemd') %}

-/usr/lib/systemd/system/kube-addons.service:
+{{ pillar.get('systemd_system_path') }}/kube-addons.service:
  file.managed:
    - source: salt://kube-addons/kube-addons.service
    - user: root
    - group: root
+  cmd.wait:
+    - name: /opt/kubernetes/helpers/services bounce kube-addons
+    - watch:
+      - file: {{ pillar.get('systemd_system_path') }}/kube-addons.service

 {% else %}

@ -151,3 +155,9 @@ kube-addons:
    - enable: True
    - require:
        - service: service-kube-addon-stop
+    - watch:
+{% if pillar.get('is_systemd') %}
+      - file: {{ pillar.get('systemd_system_path') }}/kube-addons.service
+{% else %}
+      - file: /etc/init.d/kube-addons
+{% endif %}
--- a/cluster/saltbase/salt/kube-master-addons/init.sls
+++ b/cluster/saltbase/salt/kube-master-addons/init.sls
@ -5,25 +5,6 @@
    - group: root
    - mode: 755

-{% if grains['os_family'] == 'RedHat' %}
-
-/usr/lib/systemd/system/kube-master-addons.service:
-  file.managed:
-    - source: salt://kube-master-addons/kube-master-addons.service
-    - user: root
-    - group: root
-
-{% else %}
-
-/etc/init.d/kube-master-addons:
-  file.managed:
-    - source: salt://kube-master-addons/initd
-    - user: root
-    - group: root
-    - mode: 755
-
-{% endif %}
-
 # Used to restart kube-master-addons service each time salt is run
 # Actually, it doens't work (the service is not restarted),
 # but master-addon service always terminates after it does it job,
@ -37,6 +18,29 @@ master-docker-image-tags:
  file.touch:
    - name: /srv/pillar/docker-images.sls

+{% if pillar.get('is_systemd') %}
+
+{{ pillar.get('systemd_system_path') }}/kube-master-addons.service:
+  file.managed:
+    - source: salt://kube-master-addons/kube-master-addons.service
+    - user: root
+    - group: root
+  cmd.wait:
+    - name: /opt/kubernetes/helpers/services bounce kube-master-addons
+    - watch:
+      - file: master-docker-image-tags
+      - file: /etc/kubernetes/kube-master-addons.sh
+      - file: {{ pillar.get('systemd_system_path') }}/kube-master-addons.service
+
+{% else %}
+
+/etc/init.d/kube-master-addons:
+  file.managed:
+    - source: salt://kube-master-addons/initd
+    - user: root
+    - group: root
+    - mode: 755
+
 kube-master-addons:
  service.running:
    - enable: True
@ -44,3 +48,5 @@ kube-master-addons:
    - watch:
      - file: master-docker-image-tags
      - file: /etc/kubernetes/kube-master-addons.sh
+
+{% endif %}
--- a/cluster/saltbase/salt/kube-proxy/init.sls
+++ b/cluster/saltbase/salt/kube-proxy/init.sls
@ -1,4 +1,4 @@
-{% if grains['os_family'] == 'RedHat' %}
+{% if pillar.get('is_systemd') %}
 {% set environment_file = '/etc/sysconfig/kube-proxy' %}
 {% else %}
 {% set environment_file = '/etc/default/kube-proxy' %}
@ -11,25 +11,6 @@
    - group: root
    - mode: 755

-{% if grains['os_family'] == 'RedHat' %}
-
-/usr/lib/systemd/system/kube-proxy.service:
-  file.managed:
-    - source: salt://kube-proxy/kube-proxy.service
-    - user: root
-    - group: root
-
-{% else %}
-
-/etc/init.d/kube-proxy:
-  file.managed:
-    - source: salt://kube-proxy/initd
-    - user: root
-    - group: root
-    - mode: 755
-
-{% endif %}
-
 {{ environment_file }}:
  file.managed:
    - source: salt://kube-proxy/default
@ -48,11 +29,41 @@ kube-proxy:
    - home: /var/kube-proxy
    - require:
      - group: kube-proxy
+
+{% if pillar.get('is_systemd') %}
+
+{{ pillar.get('systemd_system_path') }}/kube-proxy.service:
+  file.managed:
+    - source: salt://kube-proxy/kube-proxy.service
+    - user: root
+    - group: root
+  cmd.wait:
+    - name: /opt/kubernetes/helpers/services bounce kube-proxy
+    - watch:
+      - file: {{ environment_file }}
+      - file: {{ pillar.get('systemd_system_path') }}/kube-proxy.service
+      - file: /var/lib/kube-proxy/kubeconfig
+
+{% else %}
+
+/etc/init.d/kube-proxy:
+  file.managed:
+    - source: salt://kube-proxy/initd
+    - user: root
+    - group: root
+    - mode: 755
+
+{% endif %}
+
+kube-proxy-service:
  service.running:
+    - name: kube-proxy
    - enable: True
    - watch:
      - file: {{ environment_file }}
-{% if grains['os_family'] != 'RedHat' %}
+{% if pillar.get('is_systemd') %}
+      - file: {{ pillar.get('systemd_system_path') }}/kube-proxy.service
+{% else %}
      - file: /etc/init.d/kube-proxy
 {% endif %}
      - file: /var/lib/kube-proxy/kubeconfig
--- a/cluster/saltbase/salt/kubelet/init.sls
+++ b/cluster/saltbase/salt/kubelet/init.sls
@ -1,4 +1,4 @@
-{% if grains['os_family'] == 'RedHat' %}
+{% if pillar.get('is_systemd') %}
 {% set environment_file = '/etc/sysconfig/kubelet' %}
 {% else %}
 {% set environment_file = '/etc/default/kubelet' %}
@ -19,25 +19,6 @@
    - group: root
    - mode: 755

-{% if grains['os_family'] == 'RedHat' %}
-
-/usr/lib/systemd/system/kubelet.service:
-  file.managed:
-    - source: salt://kubelet/kubelet.service
-    - user: root
-    - group: root
-
-{% else %}
-
-/etc/init.d/kubelet:
-  file.managed:
-    - source: salt://kubelet/initd
-    - user: root
-    - group: root
-    - mode: 755
-
-{% endif %}
-
 # The default here is that this file is blank.  If this is the case, the kubelet
 # won't be able to parse it as JSON and will try to use the kubernetes_auth file
 # instead.  You'll see a single error line in the kubelet start up file
@ -64,12 +45,46 @@
    - mode: 400
    - makedirs: true

+{% if pillar.get('is_systemd') %}
+
+{{ pillar.get('systemd_system_path') }}/kubelet.service:
+  file.managed:
+    - source: salt://kubelet/kubelet.service
+    - user: root
+    - group: root
+
+# The service.running block below doesn't work reliably
+# Instead we run our script which e.g. does a systemd daemon-reload
+# But we keep the service block below, so it can be used by dependencies
+# TODO: Fix this
+fix-service-kubelet:
+  cmd.wait:
+    - name: /opt/kubernetes/helpers/services bounce kubelet
+    - watch:
+      - file: /usr/local/bin/kubelet
+      - file: {{ pillar.get('systemd_system_path') }}/kubelet.service
+      - file: {{ environment_file }}
+      - file: /var/lib/kubelet/kubernetes_auth
+
+{% else %}
+
+/etc/init.d/kubelet:
+  file.managed:
+    - source: salt://kubelet/initd
+    - user: root
+    - group: root
+    - mode: 755
+
+{% endif %}
+
 kubelet:
  service.running:
    - enable: True
    - watch:
      - file: /usr/local/bin/kubelet
-{% if grains['os_family'] != 'RedHat' %}
+{% if pillar.get('is_systemd') %}
+      - file: {{ pillar.get('systemd_system_path') }}/kubelet.service
+{% else %}
      - file: /etc/init.d/kubelet
 {% endif %}
 {% if grains['os_family'] == 'RedHat' %}
--- a/cluster/saltbase/salt/monit/init.sls
+++ b/cluster/saltbase/salt/monit/init.sls
@ -1,4 +1,4 @@
-{% if grains['os_family'] != 'RedHat' %}
+{% if not pillar.get('is_systemd') %}

 monit:
  pkg:
--- a/cluster/saltbase/salt/salt-helpers/init.sls
+++ b/cluster/saltbase/salt/salt-helpers/init.sls
@ -0,0 +1,15 @@
+{% if pillar.get('is_systemd') %}
+/opt/kubernetes/helpers:
+  file.directory:
+    - user: root
+    - group: root
+    - makedirs: True
+    - dir_mode: 755
+
+/opt/kubernetes/helpers/services:
+  file.managed:
+    - source: salt://salt-helpers/services
+    - user: root
+    - group: root
+    - mode: 755
+{% endif %}
--- a/cluster/saltbase/salt/salt-helpers/services
+++ b/cluster/saltbase/salt/salt-helpers/services
@ -0,0 +1,69 @@
+#!/bin/bash
+
+# Copyright 2015 The Kubernetes Authors All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+ACTION=${1}
+SERVICE=${2}
+
+if [[ -z "${ACTION}" || -z "${SERVICE}" ]]; then
+  echo "Syntax: ${0} <action> <service>"
+  exit 1
+fi
+
+
+function reload_state() {
+  systemctl daemon-reload
+}
+
+function start_service() {
+  systemctl start ${SERVICE}
+}
+
+function stop_service() {
+  systemctl stop ${SERVICE}
+}
+
+function enable_service() {
+  systemctl enable ${SERVICE}
+}
+
+function disable_service() {
+  systemctl disable ${SERVICE}
+}
+
+function restart_service() {
+  systemctl restart ${SERVICE}
+}
+
+if [[ "${ACTION}" == "up" ]]; then
+  reload_state
+  enable_service
+  start_service
+elif [[ "${ACTION}" == "bounce" ]]; then
+  reload_state
+  enable_service
+  restart_service
+elif [[ "${ACTION}" == "down" ]]; then
+  reload_state
+  disable_service
+  stop_service
+else
+  echo "Unknown action: ${ACTION}"
+  exit 1
+fi
--- a/cluster/saltbase/salt/top.sls
+++ b/cluster/saltbase/salt/top.sls
@ -2,6 +2,7 @@ base:
  '*':
    - base
    - debian-auto-upgrades
+    - salt-helpers

  'roles:kubernetes-pool':
    - match: grain