Rename and move Azure scripts.

cluster/azure/kube-down.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# Copyright 2014 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Tear down a Kubernetes cluster.
+SCRIPT_DIR=$(CDPATH="" cd $(dirname $0); pwd)
+source $SCRIPT_DIR/../../release/azure/config.sh
+source $SCRIPT_DIR/../util.sh
+
+echo "Bringing down cluster"
+azure vm delete $MASTER_NAME -b -q
+for (( i=0; i<${#MINION_NAMES[@]}; i++)); do
+    azure vm delete ${MINION_NAMES[$i]} -b -q
+done

cluster/azure/kube-up.sh

@@ -0,0 +1,138 @@
+#!/bin/bash
+
+# Copyright 2014 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Bring up a Kubernetes cluster.
+
+# exit on any error
+set -eu
+set -o pipefail
+SCRIPT_DIR=$(CDPATH="" cd $(dirname $0); pwd)
+
+source $SCRIPT_DIR/../../release/azure/config.sh
+source $SCRIPT_DIR/../util.sh
+
+KUBE_TEMP=$(mktemp -d -t kubernetes.XXXXXX)
+trap "rm -rf ${KUBE_TEMP}" EXIT
+
+get-password
+echo "Using password: $user:$passwd"
+python $SCRIPT_DIR/../../third_party/htpasswd/htpasswd.py -b -c \
+    ${KUBE_TEMP}/htpasswd $user $passwd
+HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd)
+
+# Build up start up script for master
+(
+  echo "#!/bin/bash"
+  echo "MASTER_NAME=${MASTER_NAME}"
+  echo "MASTER_RELEASE_TAR=${FULL_URL}"
+  echo "MASTER_HTPASSWD='${HTPASSWD}'"
+  grep -v "^#" $SCRIPT_DIR/templates/download-release.sh
+  grep -v "^#" $SCRIPT_DIR/templates/salt-master.sh
+) > ${KUBE_TEMP}/master-start.sh
+
+echo "Starting VMs"
+
+if [ ! -f $AZ_SSH_KEY ]; then
+    ssh-keygen -f $AZ_SSH_KEY -N ''
+fi
+
+if [ ! -f $AZ_SSH_CERT ]; then
+    openssl req -new -key $AZ_SSH_KEY -out ${KUBE_TEMP}/temp.csr \
+        -subj "/C=US/ST=WA/L=Redmond/O=Azure-CLI/CN=Azure"
+    openssl req -x509 -key $AZ_SSH_KEY -in ${KUBE_TEMP}/temp.csr \
+        -out $AZ_SSH_CERT -days 1095
+    rm ${KUBE_TEMP}/temp.csr
+fi
+
+if [ -z "$(azure network vnet show $AZ_VNET 2>/dev/null | grep data)" ]; then
+    #azure network vnet create with $AZ_SUBNET
+    #FIXME not working
+    echo error create vnet $AZ_VNET with subnet $AZ_SUBNET
+    exit 1
+fi
+
+azure vm create \
+    -w $AZ_VNET \
+    -n $MASTER_NAME \
+    -l "$AZ_LOCATION" \
+    -t $AZ_SSH_CERT \
+    -e 22000 -P \
+    -d ${KUBE_TEMP}/master-start.sh \
+    -b $AZ_SUBNET \
+    $AZ_CS $AZ_IMAGE $USER
+
+ssh_ports=($(eval echo "2200{1..$NUM_MINIONS}"))
+
+for (( i=0; i<${#MINION_NAMES[@]}; i++)); do
+    (
+        echo "#!/bin/bash"
+        echo "MASTER_NAME=${MASTER_NAME}"
+        echo "MINION_IP_RANGE=${MINION_IP_RANGES[$i]}"
+        grep -v "^#" $SCRIPT_DIR/templates/salt-minion.sh
+    ) > ${KUBE_TEMP}/minion-start-${i}.sh
+
+    azure vm create \
+        -c -w $AZ_VNET \
+        -n ${MINION_NAMES[$i]} \
+        -l "$AZ_LOCATION" \
+        -t $AZ_SSH_CERT \
+        -e ${ssh_ports[$i]} -P \
+        -d ${KUBE_TEMP}/minion-start-${i}.sh \
+        -b $AZ_SUBNET \
+        $AZ_CS $AZ_IMAGE $USER
+done
+
+azure vm endpoint create $MASTER_NAME 443
+
+echo "Waiting for cluster initialization."
+echo
+echo "  This will continually check to see if the API for kubernetes is reachable."
+echo "  This might loop forever if there was some uncaught error during start"
+echo "  up."
+echo
+
+until $(curl --insecure --user ${user}:${passwd} --max-time 5 \
+        --fail --output /dev/null --silent https://$AZ_CS.cloudapp.net/api/v1beta1/pods); do
+    printf "."
+    sleep 2
+done
+
+# Basic sanity checking
+for (( i=0; i<${#MINION_NAMES[@]}; i++)); do
+    # Make sure docker is installed
+    ssh -i $AZ_SSH_KEY -p ${ssh_ports[$i]} $AZ_CS.cloudapp.net which docker > /dev/null
+    if [ "$?" != "0" ]; then
+        echo "Docker failed to install on ${MINION_NAMES[$i]} your cluster is unlikely to work correctly"
+        echo "Please run ./cluster/kube-down.sh and re-create the cluster. (sorry!)"
+        exit 1
+    fi
+
+    # Make sure the kubelet is running
+    ssh -i $AZ_SSH_KEY -p ${ssh_ports[$i]} $AZ_CS.cloudapp.net /etc/init.d/kubelet status
+    if [ "$?" != "0" ]; then
+        echo "Kubelet failed to install on ${MINION_NAMES[$i]} your cluster is unlikely to work correctly"
+        echo "Please run ./cluster/kube-down.sh and re-create the cluster. (sorry!)"
+        exit 1
+    fi
+done
+
+echo
+echo "Kubernetes cluster is running.  Access the master at:"
+echo
+echo "  https://${user}:${passwd}@$AZ_CS.cloudapp.net"
+echo
+echo "Security note: The server above uses a self signed certificate.  This is"
+echo "    subject to \"Man in the middle\" type attacks."

cluster/azure/templates/download-release.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Copyright 2014 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Download and install release
+
+# This script assumes that the environment variable MASTER_RELEASE_TAR contains
+# the release tar to download and unpack.  It is meant to be pushed to the
+# master and run.
+
+echo "Downloading release ($MASTER_RELEASE_TAR)"
+wget $MASTER_RELEASE_TAR
+
+echo "Unpacking release"
+rm -rf master-release || false
+tar xzf master-release.tgz
+
+echo "Running release install script"
+sudo master-release/src/scripts/master-release-install.sh

cluster/azure/templates/salt-master.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# Copyright 2014 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Prepopulate the name of the Master
+mkdir -p /etc/salt/minion.d
+echo "master: $MASTER_NAME" > /etc/salt/minion.d/master.conf
+
+cat <<EOF >/etc/salt/minion.d/grains.conf
+grains:
+  roles:
+    - kubernetes-master
+EOF
+
+# Auto accept all keys from minions that try to join
+mkdir -p /etc/salt/master.d
+cat <<EOF >/etc/salt/master.d/auto-accept.conf
+auto_accept: True
+EOF
+
+cat <<EOF >/etc/salt/master.d/reactor.conf
+# React to new minions starting by running highstate on them.
+reactor:
+  - 'salt/minion/*/start':
+    - /srv/reactor/start.sls
+EOF
+
+mkdir -p /srv/salt/nginx
+echo $MASTER_HTPASSWD > /srv/salt/nginx/htpasswd
+
+# Install Salt
+#
+# We specify -X to avoid a race condition that can cause minion failure to
+# install.  See https://github.com/saltstack/salt-bootstrap/issues/270
+#
+# -M installs the master
+curl -L http://bootstrap.saltstack.com | sh -s -- -M -X
+
+echo $MASTER_HTPASSWD > /srv/salt/nginx/htpasswd

cluster/azure/templates/salt-minion.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Copyright 2014 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Prepopulate the name of the Master
+mkdir -p /etc/salt/minion.d
+echo "master: $MASTER_NAME" > /etc/salt/minion.d/master.conf
+
+# Turn on debugging for salt-minion
+# echo "DAEMON_ARGS=\"\$DAEMON_ARGS --log-file-level=debug\"" > /etc/default/salt-minion
+
+# Our minions will have a pool role to distinguish them from the master.
+cat <<EOF >/etc/salt/minion.d/grains.conf
+grains:
+  roles:
+    - kubernetes-pool
+  cbr-cidr: $MINION_IP_RANGE
+EOF
+
+# Install Salt
+#
+# We specify -X to avoid a race condition that can cause minion failure to
+# install.  See https://github.com/saltstack/salt-bootstrap/issues/270
+curl -L http://bootstrap.saltstack.com | sh -s -- -X