From bcd92c752203dd53b8c5fd82fc070f828147d631 Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Mon, 29 Jun 2015 14:17:17 -0400 Subject: [PATCH 1/7] Salt: support systemd (don't assume Redhat <=> systemd) Also work around problems with Salt & systemd services, in particular that Salt doesn't issue a daemon-reload. --- cluster/saltbase/pillar/systemd.sls | 9 +++ cluster/saltbase/pillar/top.sls | 1 + cluster/saltbase/salt/docker/docker-defaults | 7 +- cluster/saltbase/salt/docker/docker.service | 20 ++++++ cluster/saltbase/salt/docker/init.sls | 32 ++++++++- cluster/saltbase/salt/etcd/init.sls | 4 +- cluster/saltbase/salt/kube-addons/init.sls | 12 ++-- .../kube-apiserver/kube-apiserver.manifest | 2 +- .../saltbase/salt/kube-master-addons/init.sls | 57 ++++++++++------ cluster/saltbase/salt/kube-proxy/default | 2 +- cluster/saltbase/salt/kube-proxy/init.sls | 51 ++++++++------ cluster/saltbase/salt/kubelet/default | 2 +- cluster/saltbase/salt/kubelet/init.sls | 57 ++++++++++------ cluster/saltbase/salt/monit/init.sls | 2 +- cluster/saltbase/salt/salt-helpers/init.sls | 15 +++++ cluster/saltbase/salt/salt-helpers/services | 67 +++++++++++++++++++ cluster/saltbase/salt/top.sls | 1 + 17 files changed, 264 insertions(+), 77 deletions(-) create mode 100644 cluster/saltbase/pillar/systemd.sls create mode 100644 cluster/saltbase/salt/docker/docker.service create mode 100644 cluster/saltbase/salt/salt-helpers/init.sls create mode 100644 cluster/saltbase/salt/salt-helpers/services diff --git a/cluster/saltbase/pillar/systemd.sls b/cluster/saltbase/pillar/systemd.sls new file mode 100644 index 00000000000..83f4804f0b2 --- /dev/null +++ b/cluster/saltbase/pillar/systemd.sls @@ -0,0 +1,9 @@ +{% if grains['oscodename'] in [ 'vivid', 'jessie' ] %} +is_systemd: True +systemd_system_path: /lib/systemd/system +{% elif grains['os_family'] == 'RedHat' %} +is_systemd: True +systemd_system_path: /usr/lib/systemd/system +{% else %} +is_systemd: False +{% endif %} diff --git a/cluster/saltbase/pillar/top.sls b/cluster/saltbase/pillar/top.sls index 273eb165f02..d9ad7dbfc34 100644 --- a/cluster/saltbase/pillar/top.sls +++ b/cluster/saltbase/pillar/top.sls @@ -5,3 +5,4 @@ base: - logging - docker-images - privilege + - systemd diff --git a/cluster/saltbase/salt/docker/docker-defaults b/cluster/saltbase/salt/docker/docker-defaults index f325b4945d5..4c1aee2c6cf 100644 --- a/cluster/saltbase/salt/docker/docker-defaults +++ b/cluster/saltbase/salt/docker/docker-defaults @@ -1,6 +1,3 @@ -DOCKER_OPTS="" -{% if grains.docker_opts is defined and grains.docker_opts %} -DOCKER_OPTS="${DOCKER_OPTS} {{grains.docker_opts}}" -{% endif %} -DOCKER_OPTS="${DOCKER_OPTS} --bridge=cbr0 --iptables=false --ip-masq=false" +{% set grains_opts = grains.get('docker_opts', '') -%} +DOCKER_OPTS="{{grains_opts}} --bridge=cbr0 --iptables=false --ip-masq=false" DOCKER_NOFILE=1000000 diff --git a/cluster/saltbase/salt/docker/docker.service b/cluster/saltbase/salt/docker/docker.service new file mode 100644 index 00000000000..ee6c377e56e --- /dev/null +++ b/cluster/saltbase/salt/docker/docker.service @@ -0,0 +1,20 @@ +[Unit] +Description=Docker Application Container Engine +Documentation=http://docs.docker.com +After=network.target docker.socket +Requires=docker.socket + +[Service] +EnvironmentFile={{ environment_file }} +ExecStart=/usr/bin/docker -d -H fd:// "$DOCKER_OPTS" +MountFlags=slave +LimitNOFILE=1048576 +LimitNPROC=1048576 +LimitCORE=infinity +Restart=always +RestartSec=2s +StartLimitInterval=0 + +[Install] +WantedBy=multi-user.target + diff --git a/cluster/saltbase/salt/docker/init.sls b/cluster/saltbase/salt/docker/init.sls index 7f3b3addbf5..d74abbf5828 100644 --- a/cluster/saltbase/salt/docker/init.sls +++ b/cluster/saltbase/salt/docker/init.sls @@ -1,4 +1,4 @@ -{% if grains['os_family'] == 'RedHat' %} +{% if pillar.get('is_systemd') %} {% set environment_file = '/etc/sysconfig/docker' %} {% else %} {% set environment_file = '/etc/default/docker' %} @@ -116,6 +116,36 @@ lxc-docker-{{ override_docker_ver }}: - file: /var/cache/docker-install/{{ override_deb }} {% endif %} +# Default docker systemd unit file doesn't use an EnvironmentFile; replace it with one that does. +{% if pillar.get('is_systemd') %} + +{{ pillar.get('systemd_system_path') }}/docker.service: + file.managed: + - source: salt://docker/docker.service + - template: jinja + - user: root + - group: root + - mode: 644 + - defaults: + environment_file: {{ environment_file }} + +# The docker service.running block below doesn't work reliably +# Instead we run our script which e.g. does a systemd daemon-reload +# But we keep the service block below, so it can be used by dependencies +# TODO: Fix this +fix-service-docker: + cmd.wait: + - name: /opt/kubernetes/helpers/services bounce docker + - watch: + - file: {{ pillar.get('systemd_system_path') }}/docker.service + - file: {{ environment_file }} +{% if override_docker_ver != '' %} + - require: + - pkg: lxc-docker-{{ override_docker_ver }} +{% endif %} + +{% endif %} + docker: service.running: - enable: True diff --git a/cluster/saltbase/salt/etcd/init.sls b/cluster/saltbase/salt/etcd/init.sls index 45310cfe60d..ca828bca94b 100644 --- a/cluster/saltbase/salt/etcd/init.sls +++ b/cluster/saltbase/salt/etcd/init.sls @@ -24,9 +24,11 @@ delete_etcd_default: file.absent: - name: /etc/default/etcd +{% if pillar.get('is_systemd') %} delete_etcd_service_file: file.absent: - - name: /usr/lib/systemd/system/etcd.service + - name: {{ pillar.get('systemd_system_path') }}/etcd.service +{% endif %} delete_etcd_initd: file.absent: diff --git a/cluster/saltbase/salt/kube-addons/init.sls b/cluster/saltbase/salt/kube-addons/init.sls index 67c0ecda361..3e7816ca338 100644 --- a/cluster/saltbase/salt/kube-addons/init.sls +++ b/cluster/saltbase/salt/kube-addons/init.sls @@ -112,13 +112,17 @@ addon-dir-create: - group: root - mode: 755 -{% if grains['os_family'] == 'RedHat' %} +{% if pillar.get('is_systemd') %} -/usr/lib/systemd/system/kube-addons.service: +{{ pillar.get('systemd_system_path') }}/kube-addons.service: file.managed: - source: salt://kube-addons/kube-addons.service - user: root - group: root + cmd.wait: + - name: /opt/kubernetes/helpers/services bounce kube-addons + - watch: + - file: {{ pillar.get('systemd_system_path') }}/kube-addons.service {% else %} @@ -129,8 +133,6 @@ addon-dir-create: - group: root - mode: 755 -{% endif %} - # Stop kube-addons service each time salt is executed, just in case # there was a modification of addons. # Actually, this should be handled by watching file changes, but @@ -144,3 +146,5 @@ kube-addons: - enable: True - require: - service: service-kube-addon-stop + +{% endif %} diff --git a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest index 07162880a6d..ffdb07f2f91 100644 --- a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest +++ b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest @@ -1,5 +1,5 @@ {% set daemon_args = "$DAEMON_ARGS" -%} -{% if grains['os_family'] == 'RedHat' -%} +{% if pillar.get('is_systemd') -%} {% set daemon_args = "" -%} {% endif -%} diff --git a/cluster/saltbase/salt/kube-master-addons/init.sls b/cluster/saltbase/salt/kube-master-addons/init.sls index 91186052205..572ce3c1ce3 100644 --- a/cluster/saltbase/salt/kube-master-addons/init.sls +++ b/cluster/saltbase/salt/kube-master-addons/init.sls @@ -5,25 +5,6 @@ - group: root - mode: 755 -{% if grains['os_family'] == 'RedHat' %} - -/usr/lib/systemd/system/kube-master-addons.service: - file.managed: - - source: salt://kube-master-addons/kube-master-addons.service - - user: root - - group: root - -{% else %} - -/etc/init.d/kube-master-addons: - file.managed: - - source: salt://kube-master-addons/initd - - user: root - - group: root - - mode: 755 - -{% endif %} - # Used to restart kube-master-addons service each time salt is run # Actually, it doens't work (the service is not restarted), # but master-addon service always terminates after it does it job, @@ -37,6 +18,42 @@ master-docker-image-tags: file.touch: - name: /srv/pillar/docker-images.sls +{% if pillar.get('is_systemd') %} + +{{ pillar.get('systemd_system_path') }}/kube-master-addons.service: + file.managed: + - source: salt://kube-master-addons/kube-master-addons.service + - user: root + - group: root + cmd.wait: + - name: /opt/kubernetes/helpers/services bounce kube-master-addons + - watch: + - file: master-docker-image-tags + - file: /etc/kubernetes/kube-master-addons.sh + - file: {{ pillar.get('systemd_system_path') }}/kube-master-addons.service + +{% else %} + +/etc/init.d/kube-master-addons: + file.managed: + - source: salt://kube-master-addons/initd + - user: root + - group: root + - mode: 755 + +# Current containervm image by default has both docker and kubelet +# running. But during cluster creation stage, docker and kubelet +# could be overwritten completely, or restarted due to flag changes. +# The ordering of salt states for service docker, kubelet and +# master-addon below is very important to avoid the race between +# salt restart docker or kubelet and kubelet start master components. +# Without the ordering of salt states, when gce instance boot up, +# configure-vm.sh will run and download the release. At the end of +# boot, run-salt will run kube-master-addons service which installs +# master component manifest files to kubelet config directory before +# the installation of proper version kubelet. Please see +# https://github.com/GoogleCloudPlatform/kubernetes/issues/10122#issuecomment-114566063 +# for detail explanation on this very issue. kube-master-addons: service.running: - enable: True @@ -44,3 +61,5 @@ kube-master-addons: - watch: - file: master-docker-image-tags - file: /etc/kubernetes/kube-master-addons.sh + +{% endif %} diff --git a/cluster/saltbase/salt/kube-proxy/default b/cluster/saltbase/salt/kube-proxy/default index 84d9b7232e3..7d7a9470c37 100644 --- a/cluster/saltbase/salt/kube-proxy/default +++ b/cluster/saltbase/salt/kube-proxy/default @@ -1,5 +1,5 @@ {% set daemon_args = "$DAEMON_ARGS" -%} -{% if grains['os_family'] == 'RedHat' -%} +{% if pillar.get('is_systemd') -%} {% set daemon_args = "" -%} {% endif -%} {# TODO(azure-maintainer): add support for distributing kubeconfig with token to kube-proxy #} diff --git a/cluster/saltbase/salt/kube-proxy/init.sls b/cluster/saltbase/salt/kube-proxy/init.sls index 3d54452b2d2..7dabce92a2e 100644 --- a/cluster/saltbase/salt/kube-proxy/init.sls +++ b/cluster/saltbase/salt/kube-proxy/init.sls @@ -1,4 +1,4 @@ -{% if grains['os_family'] == 'RedHat' %} +{% if pillar.get('is_systemd') %} {% set environment_file = '/etc/sysconfig/kube-proxy' %} {% else %} {% set environment_file = '/etc/default/kube-proxy' %} @@ -11,25 +11,6 @@ - group: root - mode: 755 -{% if grains['os_family'] == 'RedHat' %} - -/usr/lib/systemd/system/kube-proxy.service: - file.managed: - - source: salt://kube-proxy/kube-proxy.service - - user: root - - group: root - -{% else %} - -/etc/init.d/kube-proxy: - file.managed: - - source: salt://kube-proxy/initd - - user: root - - group: root - - mode: 755 - -{% endif %} - {{ environment_file }}: file.managed: - source: salt://kube-proxy/default @@ -48,15 +29,41 @@ kube-proxy: - home: /var/kube-proxy - require: - group: kube-proxy + +{% if pillar.get('is_systemd') %} + +{{ pillar.get('systemd_system_path') }}/kube-proxy.service: + file.managed: + - source: salt://kube-proxy/kube-proxy.service + - user: root + - group: root + cmd.wait: + - name: /opt/kubernetes/helpers/services bounce kube-proxy + - watch: + - file: {{ environment_file }} + - file: {{ pillar.get('systemd_system_path') }}/kube-proxy.service + - file: /var/lib/kube-proxy/kubeconfig + +{% else %} + +/etc/init.d/kube-proxy: + file.managed: + - source: salt://kube-proxy/initd + - user: root + - group: root + - mode: 755 + +kube-proxy-service: service.running: + - name: kube-proxy - enable: True - watch: - file: {{ environment_file }} -{% if grains['os_family'] != 'RedHat' %} - file: /etc/init.d/kube-proxy -{% endif %} - file: /var/lib/kube-proxy/kubeconfig +{% endif %} + /var/lib/kube-proxy/kubeconfig: file.managed: - source: salt://kube-proxy/kubeconfig diff --git a/cluster/saltbase/salt/kubelet/default b/cluster/saltbase/salt/kubelet/default index 40c3d2b9893..7ae38e1284a 100644 --- a/cluster/saltbase/salt/kubelet/default +++ b/cluster/saltbase/salt/kubelet/default @@ -1,5 +1,5 @@ {% set daemon_args = "$DAEMON_ARGS" -%} -{% if grains['os_family'] == 'RedHat' -%} +{% if pillar.get('is_systemd') -%} {% set daemon_args = "" -%} {% endif -%} diff --git a/cluster/saltbase/salt/kubelet/init.sls b/cluster/saltbase/salt/kubelet/init.sls index 8a8838a46a4..2dd0399a71d 100644 --- a/cluster/saltbase/salt/kubelet/init.sls +++ b/cluster/saltbase/salt/kubelet/init.sls @@ -1,4 +1,4 @@ -{% if grains['os_family'] == 'RedHat' %} +{% if pillar.get('is_systemd') %} {% set environment_file = '/etc/sysconfig/kubelet' %} {% else %} {% set environment_file = '/etc/default/kubelet' %} @@ -19,25 +19,6 @@ - group: root - mode: 755 -{% if grains['os_family'] == 'RedHat' %} - -/usr/lib/systemd/system/kubelet.service: - file.managed: - - source: salt://kubelet/kubelet.service - - user: root - - group: root - -{% else %} - -/etc/init.d/kubelet: - file.managed: - - source: salt://kubelet/initd - - user: root - - group: root - - mode: 755 - -{% endif %} - # The default here is that this file is blank. If this is the case, the kubelet # won't be able to parse it as JSON and will try to use the kubernetes_auth file # instead. You'll see a single error line in the kubelet start up file @@ -64,12 +45,46 @@ - mode: 400 - makedirs: true +{% if pillar.get('is_systemd') %} + +{{ pillar.get('systemd_system_path') }}/kubelet.service: + file.managed: + - source: salt://kubelet/kubelet.service + - user: root + - group: root + +# The service.running block below doesn't work reliably +# Instead we run our script which e.g. does a systemd daemon-reload +# But we keep the service block below, so it can be used by dependencies +# TODO: Fix this +fix-service-kubelet: + cmd.wait: + - name: /opt/kubernetes/helpers/services bounce kubelet + - watch: + - file: /usr/local/bin/kubelet + - file: {{ pillar.get('systemd_system_path') }}/kubelet.service + - file: {{ environment_file }} + - file: /var/lib/kubelet/kubernetes_auth + +{% else %} + +/etc/init.d/kubelet: + file.managed: + - source: salt://kubelet/initd + - user: root + - group: root + - mode: 755 + +{% endif %} + kubelet: service.running: - enable: True - watch: - file: /usr/local/bin/kubelet -{% if grains['os_family'] != 'RedHat' %} +{% if pillar.get('is_systemd') %} + - file: {{ pillar.get('systemd_system_path') }}/kubelet.service +{% else %} - file: /etc/init.d/kubelet {% endif %} {% if grains['os_family'] == 'RedHat' %} diff --git a/cluster/saltbase/salt/monit/init.sls b/cluster/saltbase/salt/monit/init.sls index 9a189e4e8da..97a35ca3b08 100644 --- a/cluster/saltbase/salt/monit/init.sls +++ b/cluster/saltbase/salt/monit/init.sls @@ -1,4 +1,4 @@ -{% if grains['os_family'] != 'RedHat' %} +{% if not pillar.get('is_systemd') %} monit: pkg: diff --git a/cluster/saltbase/salt/salt-helpers/init.sls b/cluster/saltbase/salt/salt-helpers/init.sls new file mode 100644 index 00000000000..5298e4f63a3 --- /dev/null +++ b/cluster/saltbase/salt/salt-helpers/init.sls @@ -0,0 +1,15 @@ +{% if pillar.get('is_systemd') %} +/opt/kubernetes/helpers: + file.directory: + - user: root + - group: root + - makedirs: True + - dir_mode: 755 + +/opt/kubernetes/helpers/services: + file.managed: + - source: salt://salt-helpers/services + - user: root + - group: root + - mode: 755 +{% endif %} diff --git a/cluster/saltbase/salt/salt-helpers/services b/cluster/saltbase/salt/salt-helpers/services new file mode 100644 index 00000000000..c1ff8a07791 --- /dev/null +++ b/cluster/saltbase/salt/salt-helpers/services @@ -0,0 +1,67 @@ +#!/bin/bash + +# Copyright 2015 The Kubernetes Authors All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +ACTION=${1} +SERVICE=${2} + +if [[ -z "${ACTION}" || -z "${SERVICE}" ]]; then + echo "Syntax: ${0} " + exit 1 +fi + + +function reload_state() { + systemctl daemon-reload +} + +function start_service() { + systemctl start ${SERVICE} +} + +function stop_service() { + systemctl stop ${SERVICE} +} + +function enable_service() { + systemctl enable ${SERVICE} +} + +function disable_service() { + systemctl disable ${SERVICE} +} + +function restart_service() { + systemctl restart ${SERVICE} +} + +if [[ "${ACTION}" == "up" ]]; then + reload_state + enable_service + start_service +elif [[ "${ACTION}" == "bounce" ]]; then + reload_state + enable_service + restart_service +elif [[ "${ACTION}" == "down" ]]; then + reload_state + disable_service + stop_service +else + echo "Unknown action: ${ACTION}" + exit 1 +fi diff --git a/cluster/saltbase/salt/top.sls b/cluster/saltbase/salt/top.sls index 642461b7302..268efb0480c 100644 --- a/cluster/saltbase/salt/top.sls +++ b/cluster/saltbase/salt/top.sls @@ -2,6 +2,7 @@ base: '*': - base - debian-auto-upgrades + - salt-helpers 'roles:kubernetes-pool': - match: grain From 944fc1ed5835adcb8b5616857816a7599b192b8e Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Wed, 1 Jul 2015 06:38:14 -0400 Subject: [PATCH 2/7] Set standard bash options in services helper script --- cluster/saltbase/salt/salt-helpers/services | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cluster/saltbase/salt/salt-helpers/services b/cluster/saltbase/salt/salt-helpers/services index c1ff8a07791..f55b9b39c77 100644 --- a/cluster/saltbase/salt/salt-helpers/services +++ b/cluster/saltbase/salt/salt-helpers/services @@ -14,7 +14,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -set -e +set -o errexit +set -o nounset +set -o pipefail ACTION=${1} SERVICE=${2} From ad0293e3f3fc8cacd7ad6d7e1e9db266e4818c9e Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Wed, 1 Jul 2015 06:47:55 -0400 Subject: [PATCH 3/7] Salt: Add more dependencies to systemd services This may help Salt reload services correctly, although we still need the script until Salt's bug with reloading services on systemd is resolved. Salt bug: https://github.com/saltstack/salt/issues/16778 --- cluster/saltbase/salt/docker/init.sls | 3 +++ cluster/saltbase/salt/kube-addons/init.sls | 7 ++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/cluster/saltbase/salt/docker/init.sls b/cluster/saltbase/salt/docker/init.sls index d74abbf5828..6985d6e709f 100644 --- a/cluster/saltbase/salt/docker/init.sls +++ b/cluster/saltbase/salt/docker/init.sls @@ -151,6 +151,9 @@ docker: - enable: True - watch: - file: {{ environment_file }} +{% if pillar.get('is_systemd') %} + - file: {{ pillar.get('systemd_system_path') }}/docker.service +{% endif %} {% if override_docker_ver != '' %} - require: - pkg: lxc-docker-{{ override_docker_ver }} diff --git a/cluster/saltbase/salt/kube-addons/init.sls b/cluster/saltbase/salt/kube-addons/init.sls index 3e7816ca338..c88f3050c52 100644 --- a/cluster/saltbase/salt/kube-addons/init.sls +++ b/cluster/saltbase/salt/kube-addons/init.sls @@ -133,6 +133,8 @@ addon-dir-create: - group: root - mode: 755 +{% endif %} + # Stop kube-addons service each time salt is executed, just in case # there was a modification of addons. # Actually, this should be handled by watching file changes, but @@ -146,5 +148,8 @@ kube-addons: - enable: True - require: - service: service-kube-addon-stop - + - watch: +{% if pillar.get('is_systemd') %} + - file: {{ pillar.get('systemd_system_path') }}/kube-addons.service {% endif %} + From 60d822435bf5692d076e0871c3624a77613ca47e Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Fri, 3 Jul 2015 10:24:32 -0400 Subject: [PATCH 4/7] Salt: clean daemon_args on RedHat, not systemd I don't think it actually makes a difference based on how we're using it, but this is now more of a precise change. --- cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest | 2 +- cluster/saltbase/salt/kube-proxy/default | 2 +- cluster/saltbase/salt/kubelet/default | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest index ffdb07f2f91..07162880a6d 100644 --- a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest +++ b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest @@ -1,5 +1,5 @@ {% set daemon_args = "$DAEMON_ARGS" -%} -{% if pillar.get('is_systemd') -%} +{% if grains['os_family'] == 'RedHat' -%} {% set daemon_args = "" -%} {% endif -%} diff --git a/cluster/saltbase/salt/kube-proxy/default b/cluster/saltbase/salt/kube-proxy/default index 7d7a9470c37..84d9b7232e3 100644 --- a/cluster/saltbase/salt/kube-proxy/default +++ b/cluster/saltbase/salt/kube-proxy/default @@ -1,5 +1,5 @@ {% set daemon_args = "$DAEMON_ARGS" -%} -{% if pillar.get('is_systemd') -%} +{% if grains['os_family'] == 'RedHat' -%} {% set daemon_args = "" -%} {% endif -%} {# TODO(azure-maintainer): add support for distributing kubeconfig with token to kube-proxy #} diff --git a/cluster/saltbase/salt/kubelet/default b/cluster/saltbase/salt/kubelet/default index 7ae38e1284a..40c3d2b9893 100644 --- a/cluster/saltbase/salt/kubelet/default +++ b/cluster/saltbase/salt/kubelet/default @@ -1,5 +1,5 @@ {% set daemon_args = "$DAEMON_ARGS" -%} -{% if pillar.get('is_systemd') -%} +{% if grains['os_family'] == 'RedHat' -%} {% set daemon_args = "" -%} {% endif -%} From a5b3c73ac4505448afe47859493f5915bb24a024 Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Fri, 3 Jul 2015 10:26:21 -0400 Subject: [PATCH 5/7] Salt: Add service block for kube-proxy for systemd We have the workaround for Salt's problems here, but we should still express our intent. --- cluster/saltbase/salt/kube-proxy/init.sls | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/cluster/saltbase/salt/kube-proxy/init.sls b/cluster/saltbase/salt/kube-proxy/init.sls index 7dabce92a2e..3761b5bbce5 100644 --- a/cluster/saltbase/salt/kube-proxy/init.sls +++ b/cluster/saltbase/salt/kube-proxy/init.sls @@ -53,16 +53,20 @@ kube-proxy: - group: root - mode: 755 +{% endif %} + kube-proxy-service: service.running: - name: kube-proxy - enable: True - watch: - file: {{ environment_file }} +{% if pillar.get('is_systemd') %} + - file: {{ pillar.get('systemd_system_path') }}/kube-proxy.service +{% else %} - file: /etc/init.d/kube-proxy - - file: /var/lib/kube-proxy/kubeconfig - {% endif %} + - file: /var/lib/kube-proxy/kubeconfig /var/lib/kube-proxy/kubeconfig: file.managed: From 600a0d6fe7663ec09f171ebf978de346588489fa Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Fri, 3 Jul 2015 12:41:59 -0400 Subject: [PATCH 6/7] Salt: have kube-addons service depend on init file For symmetry with systemd --- cluster/saltbase/salt/kube-addons/init.sls | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cluster/saltbase/salt/kube-addons/init.sls b/cluster/saltbase/salt/kube-addons/init.sls index c88f3050c52..d35a77e5558 100644 --- a/cluster/saltbase/salt/kube-addons/init.sls +++ b/cluster/saltbase/salt/kube-addons/init.sls @@ -151,5 +151,6 @@ kube-addons: - watch: {% if pillar.get('is_systemd') %} - file: {{ pillar.get('systemd_system_path') }}/kube-addons.service -{% endif %} - +{% else %} + - file: /etc/init.d/kube-addons +{% endif %} \ No newline at end of file From 25007421bab64edfcc50d5636919cd696386365a Mon Sep 17 00:00:00 2001 From: Justin Santa Barbara Date: Fri, 3 Jul 2015 12:43:36 -0400 Subject: [PATCH 7/7] Salt: re-remove comment block It had been removed in upstream, but had been kept by mistake here. --- cluster/saltbase/salt/kube-master-addons/init.sls | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/cluster/saltbase/salt/kube-master-addons/init.sls b/cluster/saltbase/salt/kube-master-addons/init.sls index 572ce3c1ce3..acade6d2440 100644 --- a/cluster/saltbase/salt/kube-master-addons/init.sls +++ b/cluster/saltbase/salt/kube-master-addons/init.sls @@ -41,19 +41,6 @@ master-docker-image-tags: - group: root - mode: 755 -# Current containervm image by default has both docker and kubelet -# running. But during cluster creation stage, docker and kubelet -# could be overwritten completely, or restarted due to flag changes. -# The ordering of salt states for service docker, kubelet and -# master-addon below is very important to avoid the race between -# salt restart docker or kubelet and kubelet start master components. -# Without the ordering of salt states, when gce instance boot up, -# configure-vm.sh will run and download the release. At the end of -# boot, run-salt will run kube-master-addons service which installs -# master component manifest files to kubelet config directory before -# the installation of proper version kubelet. Please see -# https://github.com/GoogleCloudPlatform/kubernetes/issues/10122#issuecomment-114566063 -# for detail explanation on this very issue. kube-master-addons: service.running: - enable: True