airship
/
promenade
Code Issues Proposed changes

Allow multiple join IPs 

This provides more robustness in testing and removes a nosec.

Additionally, commit 5a8b1d8 introduced a random failure in the
resiliency gate, due to there being a chance to choose the intentionally
downed node for the join ip.

Change-Id: I77b410b8e51f9d41eca2be4f5f770694140733b4
This commit is contained in:
Mark Burnett 2018-08-02 10:31:09 -05:00
parent 37ebe7ba11
commit 8d3e44c7d6
5 changed files with 32 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
promenade/config.py
View File

@ -165,6 +165,18 @@ class Configuration:
if value: if value:
return value return value
@property
def join_ips(self):
maybe_ips = self.get_path('KubernetesNode:join_ips')
if maybe_ips is not None:
return maybe_ips
else:
maybe_ip = self._get_first('KubernetesNode:join_ip', 'Genesis:ip')
if maybe_ip:
return [maybe_ip]
else:
return jinja2.StrictUndefined('Could not find join IPs')
def get_path(self, path, default=None): def get_path(self, path, default=None):
kind, jsonpath = path.split(':') kind, jsonpath = path.split(':')
document = _get(self.documents, kind=kind) document = _get(self.documents, kind=kind)

12
promenade/control/join_scripts.py
View File

@ -14,7 +14,6 @@
import falcon import falcon
import kubernetes import kubernetes
import random
from promenade.control.base import BaseResource from promenade.control.base import BaseResource
from promenade.builder import Builder from promenade.builder import Builder
@ -43,7 +42,7 @@ class JoinScriptsResource(BaseResource):
dynamic_labels = _get_param_list(req, 'labels.dynamic') dynamic_labels = _get_param_list(req, 'labels.dynamic')
static_labels = _get_param_list(req, 'labels.static') static_labels = _get_param_list(req, 'labels.static')
join_ip = _get_join_ip() join_ips = _get_join_ips()
try: try:
config = Configuration.from_design_ref( config = Configuration.from_design_ref(
@ -71,7 +70,7 @@ class JoinScriptsResource(BaseResource):
'data': { 'data': {
'hostname': hostname, 'hostname': hostname,
'ip': ip, 'ip': ip,
'join_ip': join_ip, 'join_ips': join_ips,
'labels': { 'labels': {
'dynamic': dynamic_labels, 'dynamic': dynamic_labels,
'static': static_labels, 'static': static_labels,
@ -88,16 +87,13 @@ class JoinScriptsResource(BaseResource):
resp.status = falcon.HTTP_200 resp.status = falcon.HTTP_200
def _get_join_ip(): def _get_join_ips():
# TODO(mark-burnett): Handle errors # TODO(mark-burnett): Handle errors
kubernetes.config.load_incluster_config() kubernetes.config.load_incluster_config()
client = kubernetes.client.CoreV1Api() client = kubernetes.client.CoreV1Api()
response = client.list_node(label_selector='kubernetes-apiserver=enabled') response = client.list_node(label_selector='kubernetes-apiserver=enabled')
# Ignore bandit false positive: B311:blacklist return list(map(_extract_ip, response.items))
# The choice of which master to join to is a load-balancing concern, not a
# security concern.
return random.choice(list(map(_extract_ip, response.items))) # nosec
def _extract_ip(item): def _extract_ip(item):

6
promenade/schemas/KubernetesNode.yaml
View File

@ -29,6 +29,11 @@ data:
join_ip: join_ip:
$ref: '#/definitions/ip_address' $ref: '#/definitions/ip_address'
join_ips:
type: array
item:
$ref: '#/definitions/ip_address'
labels: labels:
properties: properties:
static: static:
@ -43,6 +48,5 @@ data:
required: required:
- ip - ip
- join_ip
additionalProperties: false additionalProperties: false
... ...

6
promenade/templates/roles/common/etc/promenade/haproxy/haproxy.cfg
View File

@ -25,12 +25,12 @@ frontend default-kubernetes-fe
bind *:{{ config['KubernetesNetwork:kubernetes.haproxy_port'] }} bind *:{{ config['KubernetesNetwork:kubernetes.haproxy_port'] }}
default_backend default-kubernetes-be default_backend default-kubernetes-be
{% set ip = config.get_first('KubernetesNode:join_ip', 'Genesis:ip') -%}
backend default-kubernetes-be backend default-kubernetes-be
option tcp-check option tcp-check
{%- set port = config['KubernetesNetwork:kubernetes.apiserver_port'] %} {%- set port = config['KubernetesNetwork:kubernetes.apiserver_port'] %}
{%- for ip in config.join_ips %}
server s{{ ip }} {{ ip }}:{{ port }} check port {{ port }} server s{{ ip }} {{ ip }}:{{ port }} check port {{ port }}
{%- endfor %}
frontend kube-system-kubernetes-etcd-fe frontend kube-system-kubernetes-etcd-fe
bind *:{{ config['KubernetesNetwork:etcd.haproxy_port'] }} bind *:{{ config['KubernetesNetwork:etcd.haproxy_port'] }}
@ -39,4 +39,6 @@ frontend kube-system-kubernetes-etcd-fe
backend kube-system-kubernetes-etcd-be backend kube-system-kubernetes-etcd-be
option tcp-check option tcp-check
{%- set port = config['KubernetesNetwork:etcd.container_port'] %} {%- set port = config['KubernetesNetwork:etcd.container_port'] %}
{%- for ip in config.join_ips %}
server s{{ ip }} {{ ip }}:{{ port }} check port {{ port }} server s{{ ip }} {{ ip }}:{{ port }} check port {{ port }}
{%- endfor %}

9
tools/gate/config-templates/joining-host-config.yaml
View File

@ -70,7 +70,9 @@ metadata:
data: data:
hostname: ${MASTER2_HOSTNAME} hostname: ${MASTER2_HOSTNAME}
ip: ${MASTER2_IP} ip: ${MASTER2_IP}
join_ip: ${GENESIS_IP} join_ips:
- ${GENESIS_IP}
- ${MASTER1_IP}
labels: labels:
dynamic: dynamic:
- calico-etcd=enabled - calico-etcd=enabled
@ -100,7 +102,10 @@ metadata:
data: data:
hostname: ${WORKER_HOSTNAME} hostname: ${WORKER_HOSTNAME}
ip: ${WORKER_IP} ip: ${WORKER_IP}
join_ip: ${MASTER1_IP} join_ips:
- ${GENESIS_IP}
- ${MASTER1_IP}
- ${MASTER2_IP}
labels: labels:
dynamic: dynamic:
- openstack-compute-node=enabled - openstack-compute-node=enabled