diff --git a/cluster/saltbase/salt/etcd/default b/cluster/saltbase/salt/etcd/default new file mode 100644 index 0000000000000..408f0b6995cf8 --- /dev/null +++ b/cluster/saltbase/salt/etcd/default @@ -0,0 +1,6 @@ +{% set etcd_servers = "127.0.0.1" -%} +{% if grains.etcd_servers is defined -%} + {% set etcd_servers = grains.etcd_servers -%} +{% endif -%} + +DAEMON_ARGS="-addr {{etcd_servers}}:4001 -bind-addr {{etcd_servers}}:4001 -data-dir /var/etcd/data" diff --git a/cluster/saltbase/salt/etcd/etcd.conf b/cluster/saltbase/salt/etcd/etcd.conf new file mode 100644 index 0000000000000..9c6b4a3be0ec0 --- /dev/null +++ b/cluster/saltbase/salt/etcd/etcd.conf @@ -0,0 +1,4 @@ +bind_addr = "0.0.0.0" +peer_bind_addr = "0.0.0.0" +data_dir = "/var/etcd/data" +max_retry_attempts = 60 diff --git a/cluster/saltbase/salt/etcd/etcd.manifest b/cluster/saltbase/salt/etcd/etcd.manifest deleted file mode 100644 index e0b0c74ab26d9..0000000000000 --- a/cluster/saltbase/salt/etcd/etcd.manifest +++ /dev/null @@ -1,54 +0,0 @@ -{% set ipv4_addr = salt['grains.get']('fqdn_ip4')[0] -%} - -{ -"apiVersion": "v1beta3", -"kind": "Pod", -"metadata": {"name":"etcd-server"}, -"spec":{ -"hostNetwork": true, -"containers":[ - { - "name": "etcd-container", - "image": "kubernetes/etcd:2.0.5.1", - "command": [ - "/usr/local/bin/etcd", - "--addr", - "{{ipv4_addr}}:4001", - "--bind-addr", - "0.0.0.0:4001", - "--data-dir", - "/var/etcd/data", - "--initial-advertise-peer-urls", - "http://kubernetes-master:2380", - "--name", - "kubernetes-master", - "--initial-cluster", - "kubernetes-master=http://kubernetes-master:2380", - ">> /var/log/etcd.log" - ], - "ports":[ - { "name": "serverport", - "containerPort": 2380, - "hostPort": 2380},{ - "name": "clientport", - "containerPort": 4001, - "hostPort": 4001} - ], - "volumeMounts": [ - { "name": "varetcd", - "mountPath": "/var/etcd", - "readOnly": false}, - { "name": "logetcd", - "mountPath": "/var/log/etcd.log", - "readOnly": false} - ] - } ], -"volumes":[ - { "name": "varetcd", - "hostPath": { - "path": "/mnt/master-pd/var/etcd"} - }, - { "name": "logetcd", - "hostPath": { - "path": "/var/log/etcd.log"}}] -}} diff --git a/cluster/saltbase/salt/etcd/etcd.service b/cluster/saltbase/salt/etcd/etcd.service new file mode 100644 index 0000000000000..26f0771837b6f --- /dev/null +++ b/cluster/saltbase/salt/etcd/etcd.service @@ -0,0 +1,13 @@ +[Unit] +Description=etcd +Documentation=https://github.com/coreos/etcd + +[Service] +Type=simple +EnvironmentFile=/etc/default/etcd +ExecStart=/usr/local/bin/etcd $DAEMON_ARGS +Restart=always +RestartSec=30 + +[Install] +WantedBy=multi-user.target diff --git a/cluster/saltbase/salt/etcd/init.sls b/cluster/saltbase/salt/etcd/init.sls index 45310cfe60d94..5278c1be10bd1 100644 --- a/cluster/saltbase/salt/etcd/init.sls +++ b/cluster/saltbase/salt/etcd/init.sls @@ -1,49 +1,140 @@ -delete_etc_etcd_dir: - file.absent: - - name: /etc/etcd +# We are caching the etcd tar file in GCS for reliability and speed. To +# update this to a new version, do the following: +# 2. Download tar file: +# curl -LO https://github.com/coreos/etcd/releases/download//etcd--linux-amd64.tar.gz +# 3. Upload to GCS (the cache control makes : +# gsutil cp gs://kubernetes-release/etcd/ +# 4. Make it world readable: +# gsutil -m acl ch -R -g all:R gs://kubernetes-release/etcd/ +# 5. Get a hash of the tar: +# shasum +# 6. Update this file with new tar version and new hash -delete_etcd_conf: - file.absent: - - name: /etc/etcd/etcd.conf +{% set etcd_version="v2.0.5" %} +{% set etcd_tar_url="https://storage.googleapis.com/kubernetes-release/etcd/etcd-%s-linux-amd64.tar.gz" + | format(etcd_version) %} +{% set etcd_tar_hash="sha1=34b185efa954327d6cdfe6be5b1eb5fcfb7c478c" %} -touch /var/log/etcd.log: - cmd.run: - - creates: /var/log/etcd.log - -/var/etcd: +etcd-tar: + archive: + - extracted + - user: root + - name: /usr/local/src + - source: {{ etcd_tar_url }} + - source_hash: {{ etcd_tar_hash }} + - archive_format: tar + - if_missing: /usr/local/src/etcd-{{ etcd_version }}-linux-amd64 +{% if grains['saltversioninfo'] <= (2014, 7, 0, 0) %} + - tar_options: xz +{% endif %} file.directory: + - name: /usr/local/src/etcd-{{ etcd_version }}-linux-amd64 - user: root - group: root - - dir_mode: 700 + - watch: + - archive: etcd-tar - recurse: - user - group - - mode -delete_etcd_default: - file.absent: - - name: /etc/default/etcd +etcd-symlink: + file.symlink: + - name: /usr/local/bin/etcd + - target: /usr/local/src/etcd-{{ etcd_version }}-linux-amd64/etcd + - force: true + - watch: + - archive: etcd-tar + +etcdctl-symlink: + file.symlink: + - name: /usr/local/bin/etcdctl + - target: /usr/local/src/etcd-{{ etcd_version }}-linux-amd64/etcdctl + - force: true + - watch: + - archive: etcd-tar + +etcd: + group.present: + - system: True + user.present: + - system: True + - gid_from_name: True + - shell: /sbin/nologin + - home: /var/etcd + +/etc/etcd: + file.directory: + - user: root + - group: root + - dir_mode: 755 + +/etc/etcd/etcd.conf: + file.managed: + - source: salt://etcd/etcd.conf + - user: root + - group: root + - mode: 644 + +/var/etcd: + file.directory: + - user: etcd + - group: etcd + - dir_mode: 700 + - require: + - user: etcd + - group: etcd -delete_etcd_service_file: - file.absent: - - name: /usr/lib/systemd/system/etcd.service +/var/etcd/data: + file.directory: + - user: etcd + - group: etcd + - dir_mode: 700 + - require: + - user: etcd + - group: etcd -delete_etcd_initd: - file.absent: - - name: /etc/init.d/etcd +{% if grains['os_family'] == 'RedHat' %} -/etc/kubernetes/manifests/etcd.manifest: +/etc/default/etcd: file.managed: - - source: salt://etcd/etcd.manifest + - source: salt://etcd/default - template: jinja - user: root - group: root - mode: 644 - - makedirs: true - - dir_mode: 755 -#stop legacy etcd_service -stop_etcd-service: - service.dead: +/usr/lib/systemd/system/etcd.service: + file.managed: + - source: salt://etcd/etcd.service + - user: root + - group: root + +{% else %} + +/etc/init.d/etcd: + file.managed: + - source: salt://etcd/initd + - user: root + - group: root + - mode: 755 + +{% endif %} + +etcd-service: + service.running: - name: etcd - - enable: None + - enable: True + - watch: + - file: /etc/etcd/etcd.conf + {% if grains['os_family'] == 'RedHat' %} + - file: /usr/lib/systemd/system/etcd.service + - file: /etc/default/etcd + {% endif %} + - file: etcd-tar + - file: etcd-symlink + - require: + - file: /var/etcd + - file: /var/etcd/data + - user: etcd + - group: etcd + diff --git a/cluster/saltbase/salt/etcd/initd b/cluster/saltbase/salt/etcd/initd new file mode 100755 index 0000000000000..8a29d5ed5f32a --- /dev/null +++ b/cluster/saltbase/salt/etcd/initd @@ -0,0 +1,120 @@ +#!/bin/bash +# +### BEGIN INIT INFO +# Provides: etcd +# Required-Start: $local_fs $network $syslog +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: The etcd key-value share configuration service. +# Description: This launches and controls the etcd daemon. +### END INIT INFO + + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="The etcd key-value share configuration service" +NAME=etcd +DAEMON=/usr/local/bin/$NAME +# DAEMON_ARGS="-peer-addr $HOSTNAME:7001 -name $HOSTNAME" +host_ip=$(hostname -i) +DAEMON_ARGS="-addr ${host_ip}:4001 -bind-addr 0.0.0.0:4001 -data-dir /var/etcd/data -initial-advertise-peer-urls http://${HOSTNAME}:2380 -name ${HOSTNAME} -initial-cluster ${HOSTNAME}=http://${HOSTNAME}:2380" +DAEMON_LOG_FILE=/var/log/$NAME.log +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME +DAEMON_USER=etcd + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --background --no-close \ + --make-pidfile --pidfile $PIDFILE \ + --exec $DAEMON -c $DAEMON_USER --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --background --no-close \ + --make-pidfile --pidfile $PIDFILE \ + --exec $DAEMON -c $DAEMON_USER -- \ + $DAEMON_ARGS >> $DAEMON_LOG_FILE 2>&1 \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) log_end_msg 0 || exit 0 ;; + 2) log_end_msg 1 || exit 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) log_end_msg 0 ;; + 2) exit 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac diff --git a/cluster/saltbase/salt/monit/etcd b/cluster/saltbase/salt/monit/etcd new file mode 100644 index 0000000000000..981c880b8868a --- /dev/null +++ b/cluster/saltbase/salt/monit/etcd @@ -0,0 +1,9 @@ +check process etcd with pidfile /var/run/etcd.pid +group etcd +start program = "/etc/init.d/etcd start" +stop program = "/etc/init.d/etcd stop" +if failed + port 4001 + protocol http + request "/v2/keys/" +then restart diff --git a/cluster/saltbase/salt/monit/init.sls b/cluster/saltbase/salt/monit/init.sls index e925496340933..e51300684a58d 100644 --- a/cluster/saltbase/salt/monit/init.sls +++ b/cluster/saltbase/salt/monit/init.sls @@ -4,6 +4,16 @@ monit: pkg: - installed +{% if "kubernetes-master" in grains.get('roles', []) %} +/etc/monit/conf.d/etcd: + file: + - managed + - source: salt://monit/etcd + - user: root + - group: root + - mode: 644 +{% endif %} + /etc/monit/conf.d/docker: file: - managed