diff --git a/cluster/gce/templates/create-dynamic-salt-files.sh b/cluster/gce/templates/create-dynamic-salt-files.sh new file mode 100644 index 00000000000..9255fbf0c24 --- /dev/null +++ b/cluster/gce/templates/create-dynamic-salt-files.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +# Copyright 2014 Google Inc. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Create the overlay files for the salt tree. We create these in a separate +# place so that we can blow away the rest of the salt configs on a kube-push and +# re-apply these. + +mkdir -p /srv/salt-overlay/pillar +cat </srv/salt-overlay/pillar/cluster-params.sls +node_instance_prefix: $NODE_INSTANCE_PREFIX +EOF + +mkdir -p /srv/salt-overlay/salt/nginx +echo $MASTER_HTPASSWD > /srv/salt-overlay/salt/nginx/htpasswd diff --git a/cluster/gce/util.sh b/cluster/gce/util.sh index eea9fedc050..1631820be10 100755 --- a/cluster/gce/util.sh +++ b/cluster/gce/util.sh @@ -263,6 +263,7 @@ function kube-up { echo "readonly SERVER_BINARY_TAR_URL='${SERVER_BINARY_TAR_URL}'" echo "readonly SALT_TAR_URL='${SALT_TAR_URL}'" echo "readonly MASTER_HTPASSWD='${htpasswd}'" + grep -v "^#" "${KUBE_ROOT}/cluster/gce/templates/create-dynamic-salt-files.sh" grep -v "^#" "${KUBE_ROOT}/cluster/gce/templates/download-release.sh" grep -v "^#" "${KUBE_ROOT}/cluster/gce/templates/salt-master.sh" ) > "${KUBE_TEMP}/master-start.sh" diff --git a/cluster/saltbase/install.sh b/cluster/saltbase/install.sh index 96a15469926..18fb701f287 100755 --- a/cluster/saltbase/install.sh +++ b/cluster/saltbase/install.sh @@ -35,17 +35,37 @@ KUBE_TEMP=$(mktemp -d -t kubernetes.XXXXXX) trap 'rm -rf "${KUBE_TEMP}"' EXIT # This file is meant to run on the master. It will install the salt configs -# into the appropriate place on the master. +# into the appropriate place on the master. We do this by creating a new set of +# salt trees and then quickly mv'ing them where the old ones were. + +readonly SALTDIRS=(salt pillar reactor) + +echo "+++ Installing salt files into new trees" +rm -rf /srv/salt-new +mkdir -p /srv/salt-new -echo "+++ Installing salt files" -mkdir -p /srv # This bash voodoo will prepend $SALT_ROOT to the start of each item in the # $SALTDIRS array -readonly SALTDIRS=(salt pillar reactor) -cp -R --preserve=mode "${SALTDIRS[@]/#/${SALT_ROOT}/}" /srv/ +cp -v -R --preserve=mode "${SALTDIRS[@]/#/${SALT_ROOT}/}" /srv/salt-new +echo "+++ Installing salt overlay files" +for dir in "${SALTDIRS[@]}"; do + if [[ -d "/srv/salt-overlay/$dir" ]]; then + cp -v -R --preserve=mode "/srv/salt-overlay/$dir" "/srv/salt-new/" + fi +done echo "+++ Install binaries from tar: $1" tar -xz -C "${KUBE_TEMP}" -f "$1" -mkdir -p /srv/salt/kube-bins -cp "${KUBE_TEMP}/kubernetes/server/bin/"* /srv/salt/kube-bins/ +mkdir -p /srv/salt-new/salt/kube-bins +cp -v "${KUBE_TEMP}/kubernetes/server/bin/"* /srv/salt-new/salt/kube-bins/ + +echo "+++ Swapping in new configs" +for dir in "${SALTDIRS[@]}"; do + if [[ -d "/srv/$dir" ]]; then + rm -rf "/srv/$dir" + fi + mv -v "/srv/salt-new/$dir" "/srv/$dir" +done + +rm -rf /srv/salt-new diff --git a/cluster/vagrant/provision-master.sh b/cluster/vagrant/provision-master.sh index f6ae31b0421..fc093c6fae4 100755 --- a/cluster/vagrant/provision-master.sh +++ b/cluster/vagrant/provision-master.sh @@ -49,16 +49,6 @@ if [[ ! -f "$salt_tar" ]]; then fi -echo "Running release install script" -rm -rf /kube-install -mkdir -p /kube-install -pushd /kube-install - tar xzf "$salt_tar" - cp "$server_binary_tar" . - ./kubernetes/saltbase/install.sh "${server_binary_tar##*/}" -popd - - # Setup hosts file to support ping by hostname to each minion in the cluster from apiserver minion_ip_array=(${MINION_IPS//,/ }) for (( i=0; i<${#MINION_NAMES[@]}; i++)); do @@ -108,10 +98,19 @@ EOF # Configure nginx authorization mkdir -p "$KUBE_TEMP" -mkdir -p /srv/salt/nginx +mkdir -p /srv/salt-overlay/salt/nginx python "${KUBE_ROOT}/third_party/htpasswd/htpasswd.py" -b -c "${KUBE_TEMP}/htpasswd" "$MASTER_USER" "$MASTER_PASSWD" MASTER_HTPASSWD=$(cat "${KUBE_TEMP}/htpasswd") -echo $MASTER_HTPASSWD > /srv/salt/nginx/htpasswd +echo $MASTER_HTPASSWD > /srv/salt-overlay/salt/nginx/htpasswd + +echo "Running release install script" +rm -rf /kube-install +mkdir -p /kube-install +pushd /kube-install + tar xzf "$salt_tar" + cp "$server_binary_tar" . + ./kubernetes/saltbase/install.sh "${server_binary_tar##*/}" +popd # we will run provision to update code each time we test, so we do not want to do salt installs each time if ! which salt-master >/dev/null 2>&1; then @@ -152,7 +151,7 @@ if ! which salt-minion >/dev/null 2>&1; then # Install Salt minion curl -sS -L --connect-timeout 20 --retry 6 --retry-delay 10 https://bootstrap.saltstack.com | sh -s - + else # Only run highstate when updating the config. In the first-run case, Salt is # set up to run highstate as new minions join for the first time.