diff --git a/icebox/cluster/azure/config-default.sh b/icebox/cluster/azure/config-default.sh deleted file mode 100644 index 64d8f0cf45c90..0000000000000 --- a/icebox/cluster/azure/config-default.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash - -# Copyright 2014 Google Inc. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -SCRIPT_DIR=$(CDPATH="" cd $(dirname $0); pwd) -source $SCRIPT_DIR/../release/azure/config.sh - -AZ_SSH_KEY=$HOME/.ssh/azure_rsa -AZ_SSH_CERT=$HOME/.ssh/azure.pem -AZ_IMAGE=b39f27a8b8c64d52b05eac6a62ebad85__Ubuntu-14_04_1-LTS-amd64-server-20140926-en-us-30GB -AZ_SUBNET=Subnet-1 -AZ_VNET=kube-$AZ_HSH -AZ_CS=kube-$AZ_HSH - -NUM_MINIONS=4 - -MASTER_NAME="${INSTANCE_PREFIX}-master" -MASTER_TAG="${INSTANCE_PREFIX}-master" -MINION_TAG="${INSTANCE_PREFIX}-minion" -MINION_NAMES=($(eval echo ${INSTANCE_PREFIX}-minion-{1..${NUM_MINIONS}})) -MINION_IP_RANGES=($(eval echo "10.244.{1..${NUM_MINIONS}}.0/24")) -MINION_SCOPES="" diff --git a/icebox/cluster/azure/templates/download-release.sh b/icebox/cluster/azure/templates/download-release.sh deleted file mode 100644 index 0eed27faf65c4..0000000000000 --- a/icebox/cluster/azure/templates/download-release.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -# Copyright 2014 Google Inc. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Download and install release - -# This script assumes that the environment variable MASTER_RELEASE_TAR contains -# the release tar to download and unpack. It is meant to be pushed to the -# master and run. - -echo "Downloading release ($MASTER_RELEASE_TAR)" -wget $MASTER_RELEASE_TAR - -echo "Unpacking release" -rm -rf master-release || false -tar xzf master-release.tgz - -echo "Running release install script" -sudo master-release/src/scripts/master-release-install.sh diff --git a/icebox/cluster/azure/templates/salt-master.sh b/icebox/cluster/azure/templates/salt-master.sh deleted file mode 100644 index d9da3e6b07dae..0000000000000 --- a/icebox/cluster/azure/templates/salt-master.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash - -# Copyright 2014 Google Inc. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Prepopulate the name of the Master -mkdir -p /etc/salt/minion.d -echo "master: $MASTER_NAME" > /etc/salt/minion.d/master.conf - -cat </etc/salt/minion.d/grains.conf -grains: - roles: - - kubernetes-master - cloud: azure -EOF - -# Auto accept all keys from minions that try to join -mkdir -p /etc/salt/master.d -cat </etc/salt/master.d/auto-accept.conf -auto_accept: True -EOF - -cat </etc/salt/master.d/reactor.conf -# React to new minions starting by running highstate on them. -reactor: - - 'salt/minion/*/start': - - /srv/reactor/start.sls -EOF - -mkdir -p /srv/salt/nginx -echo $MASTER_HTPASSWD > /srv/salt/nginx/htpasswd - -mkdir -p /etc/openvpn -umask=$(umask) -umask 0066 -echo "$CA_CRT" > /etc/openvpn/ca.crt -echo "$SERVER_CRT" > /etc/openvpn/server.crt -echo "$SERVER_KEY" > /etc/openvpn/server.key -umask $umask - -# Install Salt -# -# We specify -X to avoid a race condition that can cause minion failure to -# install. See https://github.com/saltstack/salt-bootstrap/issues/270 -# -# -M installs the master -curl -L http://bootstrap.saltstack.com | sh -s -- -M -X - -echo $MASTER_HTPASSWD > /srv/salt/nginx/htpasswd diff --git a/icebox/cluster/azure/templates/salt-minion.sh b/icebox/cluster/azure/templates/salt-minion.sh deleted file mode 100644 index e60152ef7e648..0000000000000 --- a/icebox/cluster/azure/templates/salt-minion.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash - -# Copyright 2014 Google Inc. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -mkdir -p /etc/openvpn -umask=$(umask) -umask 0066 -echo "$CA_CRT" > /etc/openvpn/ca.crt -echo "$CLIENT_CRT" > /etc/openvpn/client.crt -echo "$CLIENT_KEY" > /etc/openvpn/client.key -umask $umask - -# Prepopulate the name of the Master -mkdir -p /etc/salt/minion.d -echo "master: $MASTER_NAME" > /etc/salt/minion.d/master.conf - -# Turn on debugging for salt-minion -# echo "DAEMON_ARGS=\"\$DAEMON_ARGS --log-file-level=debug\"" > /etc/default/salt-minion - -hostnamef=$(hostname -f) -sudo apt-get install ipcalc -netmask=$(ipcalc $MINION_IP_RANGE | grep Netmask | awk '{ print $2 }') -network=$(ipcalc $MINION_IP_RANGE | grep Address | awk '{ print $2 }') -cbrstring="$network $netmask" - -# Our minions will have a pool role to distinguish them from the master. -cat </etc/salt/minion.d/grains.conf -grains: - roles: - - kubernetes-pool - cbr-cidr: $MINION_IP_RANGE - cloud: azure - hostnamef: $hostnamef - cbr-string: $cbrstring -EOF - -# Install Salt -# -# We specify -X to avoid a race condition that can cause minion failure to -# install. See https://github.com/saltstack/salt-bootstrap/issues/270 -curl -L http://bootstrap.saltstack.com | sh -s -- -X diff --git a/icebox/cluster/azure/util.sh b/icebox/cluster/azure/util.sh deleted file mode 100644 index 3dfc61cfa468d..0000000000000 --- a/icebox/cluster/azure/util.sh +++ /dev/null @@ -1,294 +0,0 @@ -#!/bin/bash - -# Copyright 2014 Google Inc. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -SCRIPT_DIR=$(CDPATH="" cd $(dirname $0); pwd) - -# Use the config file specified in $KUBE_CONFIG_FILE, or default to -# config-default.sh. -source ${SCRIPT_DIR}/azure/${KUBE_CONFIG_FILE-"config-default.sh"} - -function detect-minions () { - ssh_ports=($(eval echo "2200{1..$NUM_MINIONS}")) - for (( i=0; i<${#MINION_NAMES[@]}; i++)); do - MINION_NAMES[$i]=$(ssh -i $AZ_SSH_KEY -p ${ssh_ports[$i]} $AZ_CS.cloudapp.net hostname -f) - done -} - -function detect-master () { - KUBE_MASTER_IP=${AZ_CS}.cloudapp.net - echo "Using master: $KUBE_MASTER (external IP: $KUBE_MASTER_IP)" -} - -function get-password { - file=${HOME}/.kubernetes_auth - if [ -e ${file} ]; then - user=$(cat $file | python -c 'import json,sys;print json.load(sys.stdin)["User"]') - passwd=$(cat $file | python -c 'import json,sys;print json.load(sys.stdin)["Password"]') - return - fi - user=admin - passwd=$(python -c 'import string,random; print "".join(random.SystemRandom().choice(string.ascii_letters + string.digits) for _ in range(16))') - - # Store password for reuse. - cat << EOF > ~/.kubernetes_auth -{ - "User": "$user", - "Password": "$passwd" -} -EOF - chmod 0600 ~/.kubernetes_auth -} - -# Verify prereqs -function verify-prereqs { - echo "OK" - # Already done in sourcing config-default, which sources - # release/azure/config.sh -} - -# Instantiate a kubernetes cluster -function kube-up { - KUBE_TEMP=$(mktemp -d -t kubernetes.XXXXXX) - trap "rm -rf ${KUBE_TEMP}" EXIT - - get-password - python $SCRIPT_DIR/../third_party/htpasswd/htpasswd.py -b -c \ - ${KUBE_TEMP}/htpasswd $user $passwd - HTPASSWD=$(cat ${KUBE_TEMP}/htpasswd) - - # Generate openvpn certs - echo 01 > ${KUBE_TEMP}/ca.srl - openssl genrsa -out ${KUBE_TEMP}/ca.key - openssl req -new -x509 -days 1095 \ - -key ${KUBE_TEMP}/ca.key \ - -out ${KUBE_TEMP}/ca.crt \ - -subj "/CN=openvpn-ca" - openssl genrsa -out ${KUBE_TEMP}/server.key - openssl req -new \ - -key ${KUBE_TEMP}/server.key \ - -out ${KUBE_TEMP}/server.csr \ - -subj "/CN=server" - openssl x509 -req -days 1095 \ - -in ${KUBE_TEMP}/server.csr \ - -CA ${KUBE_TEMP}/ca.crt \ - -CAkey ${KUBE_TEMP}/ca.key \ - -CAserial ${KUBE_TEMP}/ca.srl \ - -out ${KUBE_TEMP}/server.crt - for (( i=0; i<${#MINION_NAMES[@]}; i++)); do - openssl genrsa -out ${KUBE_TEMP}/${MINION_NAMES[$i]}.key - openssl req -new \ - -key ${KUBE_TEMP}/${MINION_NAMES[$i]}.key \ - -out ${KUBE_TEMP}/${MINION_NAMES[$i]}.csr \ - -subj "/CN=${MINION_NAMES[$i]}" - openssl x509 -req -days 1095 \ - -in ${KUBE_TEMP}/${MINION_NAMES[$i]}.csr \ - -CA ${KUBE_TEMP}/ca.crt \ - -CAkey ${KUBE_TEMP}/ca.key \ - -CAserial ${KUBE_TEMP}/ca.srl \ - -out ${KUBE_TEMP}/${MINION_NAMES[$i]}.crt - done - - # Build up start up script for master - ( - echo "#!/bin/bash" - echo "MASTER_NAME=${MASTER_NAME}" - echo "MASTER_RELEASE_TAR=${FULL_URL}" - echo "MASTER_HTPASSWD='${HTPASSWD}'" - echo "CA_CRT=\"$(cat ${KUBE_TEMP}/ca.crt)\"" - echo "SERVER_CRT=\"$(cat ${KUBE_TEMP}/server.crt)\"" - echo "SERVER_KEY=\"$(cat ${KUBE_TEMP}/server.key)\"" - grep -v "^#" $SCRIPT_DIR/azure/templates/download-release.sh - grep -v "^#" $SCRIPT_DIR/azure/templates/salt-master.sh - ) > ${KUBE_TEMP}/master-start.sh - - echo "Starting VMs" - - if [ ! -f $AZ_SSH_KEY ]; then - ssh-keygen -f $AZ_SSH_KEY -N '' - fi - - if [ ! -f $AZ_SSH_CERT ]; then - openssl req -new -x509 -days 1095 -key $AZ_SSH_KEY -out $AZ_SSH_CERT \ - -subj "/CN=azure-ssh-key" - fi - - if [ -z "$(azure network vnet show $AZ_VNET 2>/dev/null | grep data)" ]; then - #azure network vnet create with $AZ_SUBNET - #FIXME not working - echo error create vnet $AZ_VNET with subnet $AZ_SUBNET - exit 1 - fi - - azure vm create \ - -w $AZ_VNET \ - -n $MASTER_NAME \ - -l "$AZ_LOCATION" \ - -t $AZ_SSH_CERT \ - -e 22000 -P \ - -d ${KUBE_TEMP}/master-start.sh \ - -b $AZ_SUBNET \ - $AZ_CS $AZ_IMAGE $USER - - ssh_ports=($(eval echo "2200{1..$NUM_MINIONS}")) - - for (( i=0; i<${#MINION_NAMES[@]}; i++)); do - ( - echo "#!/bin/bash" - echo "MASTER_NAME=${MASTER_NAME}" - echo "MINION_IP_RANGE=${MINION_IP_RANGES[$i]}" - echo "CA_CRT=\"$(cat ${KUBE_TEMP}/ca.crt)\"" - echo "CLIENT_CRT=\"$(cat ${KUBE_TEMP}/${MINION_NAMES[$i]}.crt)\"" - echo "CLIENT_KEY=\"$(cat ${KUBE_TEMP}/${MINION_NAMES[$i]}.key)\"" - grep -v "^#" $SCRIPT_DIR/azure/templates/salt-minion.sh - ) > ${KUBE_TEMP}/minion-start-${i}.sh - - azure vm create \ - -c -w $AZ_VNET \ - -n ${MINION_NAMES[$i]} \ - -l "$AZ_LOCATION" \ - -t $AZ_SSH_CERT \ - -e ${ssh_ports[$i]} -P \ - -d ${KUBE_TEMP}/minion-start-${i}.sh \ - -b $AZ_SUBNET \ - $AZ_CS $AZ_IMAGE $USER - done - - azure vm endpoint create $MASTER_NAME 443 - - echo "Waiting for cluster initialization." - echo - echo " This will continually check to see if the API for kubernetes is reachable." - echo " This might loop forever if there was some uncaught error during start" - echo " up." - echo - - until $(curl --insecure --user ${user}:${passwd} --max-time 5 \ - --fail --output /dev/null --silent https://$AZ_CS.cloudapp.net/api/v1beta1/pods); do - printf "." - sleep 2 - done - - # Basic sanity checking - for (( i=0; i<${#MINION_NAMES[@]}; i++)); do - # Make sure docker is installed - ssh -i $AZ_SSH_KEY -p ${ssh_ports[$i]} $AZ_CS.cloudapp.net which docker > /dev/null - if [ "$?" != "0" ]; then - echo "Docker failed to install on ${MINION_NAMES[$i]}. Your cluster is unlikely to work correctly." - echo "Please run ./cluster/kube-down.sh and re-create the cluster. (sorry!)" - exit 1 - fi - - # Make sure the kubelet is running - ssh -i $AZ_SSH_KEY -p ${ssh_ports[$i]} $AZ_CS.cloudapp.net /etc/init.d/kubelet status - if [ "$?" != "0" ]; then - echo "Kubelet failed to install on ${MINION_NAMES[$i]}. Your cluster is unlikely to work correctly." - echo "Please run ./cluster/kube-down.sh and re-create the cluster. (sorry!)" - exit 1 - fi - done - - echo - echo "Kubernetes cluster is running. The master is running at:" - echo - echo " https://$AZ_CS.cloudapp.net" - echo - echo "The user name and password to use is located in ~/.kubernetes_auth." - echo - echo "Security note: The server above uses a self signed certificate. This is" - echo " subject to \"Man in the middle\" type attacks." - echo -} - -# Delete a kubernetes cluster -function kube-down { - echo "Bringing down cluster" - set +e - azure vm delete $MASTER_NAME -b -q - for (( i=0; i<${#MINION_NAMES[@]}; i++)); do - azure vm delete ${MINION_NAMES[$i]} -b -q - done -} - -# # Update a kubernetes cluster with latest source -# function kube-push { - -# # Find the release to use. Generally it will be passed when doing a 'prod' -# # install and will default to the release/config.sh version when doing a -# # developer up. -# find-release $1 - -# # Detect the project into $PROJECT -# detect-master - -# ( -# echo MASTER_RELEASE_TAR=$RELEASE_NORMALIZED/master-release.tgz -# grep -v "^#" $(dirname $0)/templates/download-release.sh -# echo "echo Executing configuration" -# echo "sudo salt '*' mine.update" -# echo "sudo salt --force-color '*' state.highstate" -# ) | gcutil ssh --project ${PROJECT} --zone ${ZONE} $KUBE_MASTER bash - -# get-password - -# echo "Kubernetes cluster is updated. The master is running at:" -# echo -# echo " https://${KUBE_MASTER_IP}" -# echo -# echo "The user name and password to use is located in ~/.kubernetes_auth." -# echo -# echo "Security note: The server above uses a self signed certificate. This is" -# echo " subject to \"Man in the middle\" type attacks." -# echo -# } - -# # Execute prior to running tests to build a release if required for env -# function test-build-release { -# # Build source -# ${KUBE_REPO_ROOT}/hack/build-go.sh -# # Make a release -# $(dirname $0)/../release/release.sh -# } - -# # Execute prior to running tests to initialize required structure -# function test-setup { - -# # Detect the project into $PROJECT if it isn't set -# # gce specific -# detect-project - -# if [[ ${ALREADY_UP} -ne 1 ]]; then -# # Open up port 80 & 8080 so common containers on minions can be reached -# gcutil addfirewall \ -# --norespect_terminal_width \ -# --project ${PROJECT} \ -# --target_tags ${MINION_TAG} \ -# --allowed tcp:80,tcp:8080 \ -# --network ${NETWORK} \ -# ${MINION_TAG}-${INSTANCE_PREFIX}-http-alt -# fi - -# } - -# # Execute after running tests to perform any required clean-up -# function test-teardown { -# echo "Shutting down test cluster in background." -# gcutil deletefirewall \ -# --project ${PROJECT} \ -# --norespect_terminal_width \ -# --force \ -# ${MINION_TAG}-${INSTANCE_PREFIX}-http-alt || true > /dev/null -# $(dirname $0)/../cluster/kube-down.sh > /dev/null -# } diff --git a/icebox/release/azure/config.sh b/icebox/release/azure/config.sh deleted file mode 100644 index 19738bd82fd66..0000000000000 --- a/icebox/release/azure/config.sh +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 2014 Google Inc. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -INSTANCE_PREFIX=kubenertes -AZ_LOCATION='West US' -TAG=testing - -if [ -z "$(which azure)" ]; then - echo "Couldn't find azure in PATH" - echo " please install with 'npm install azure-cli'" - exit 1 -fi - -if [ -z "$(azure account list | grep true)" ]; then - echo "Default azure account not set" - echo " please set with 'azure account set'" - exit 1 -fi - -account=$(azure account list | grep true | awk '{ print $2 }') -if which md5 > /dev/null 2>&1; then - AZ_HSH=$(md5 -q -s $account) -else - AZ_HSH=$(echo -n "$account" | md5sum) -fi -AZ_HSH=${AZ_HSH:0:7} -AZ_STG=kube$AZ_HSH -CONTAINER=kube-$TAG -FULL_URL="https://${AZ_STG}.blob.core.windows.net/$CONTAINER/master-release.tgz" diff --git a/icebox/release/azure/release.sh b/icebox/release/azure/release.sh deleted file mode 100755 index c6bc000112b5e..0000000000000 --- a/icebox/release/azure/release.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash - -# Copyright 2014 Google Inc. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# This script will build and release Kubernetes. - -set -eu -set -o pipefail -IFS=$'\n\t' -SCRIPT_DIR=$(CDPATH="" cd $(dirname $0); pwd) - -function json_val () { - python -c 'import json,sys;obj=json.load(sys.stdin);print obj'$1''; -} - -source $SCRIPT_DIR/config.sh - -$SCRIPT_DIR/../build-release.sh $INSTANCE_PREFIX - -if [ -z "$(azure storage account show $AZ_STG 2>/dev/null | \ - grep data)" ]; then - azure storage account create -l "$AZ_LOCATION" $AZ_STG -fi - -stg_key=$(azure storage account keys list $AZ_STG --json | \ - json_val '["primaryKey"]') - -if [ -z "$(azure storage container show -a $AZ_STG -k "$stg_key" \ - $CONTAINER 2>/dev/null | grep data)" ]; then - azure storage container create \ - -a $AZ_STG \ - -k "$stg_key" \ - -p Blob \ - $CONTAINER -fi - -if [ -n "$(azure storage blob show -a $AZ_STG -k "$stg_key" \ - $CONTAINER master-release.tgz 2>/dev/null | grep data)" ]; then - azure storage blob delete \ - -a $AZ_STG \ - -k "$stg_key" \ - $CONTAINER \ - master-release.tgz -fi - -azure storage blob upload \ - -a $AZ_STG \ - -k "$stg_key" \ - $SCRIPT_DIR/../../_output/release/master-release.tgz \ - $CONTAINER \ - master-release.tgz