summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPete Birley <pete@port.direct>2018-06-14 22:02:23 -0500
committerPete Birley <pete@port.direct>2018-06-16 15:58:11 +0000
commit426f8dacf31f608f828dbd2c75c0dfdc5a52cc60 (patch)
treee98709c882f45a867f3d7a228ee4d48ebd2a5275
parent8adc845af51927ff0ead24d4027a803a5bc644d0 (diff)
MaaS: Slightly clean systemd and enable Stdout logging for journald
This PS updates the charts and images for running systemd in a more kubernetes friendly way: - The hosts cgroupfs is mounted in read only - Required mounts are created (tmp tmp/lock) - A tty is created for the container - A unit is added to each image that streams journald to stdout Follow up patches will improve the image builds, create cgroups in an init container, and also drop unrequired privileges from the containers in addition to compatibility with recent helm-toolkits. Change-Id: If3b0df28fea967c5ff67df51e1e95bc74f906222 Signed-off-by: Pete Birley <pete@port.direct>
Notes
Notes (review): Code-Review+1: Steve Wilkerson <wilkers.steve@gmail.com> Code-Review+2: Mark Burnett <mark.m.burnett@gmail.com> Code-Review+1: Tin Lam <tin@irrational.io> Code-Review+1: Chris Wedgwood <cw@f00f.org> Code-Review+2: Bryan Strassner <bryan.strassner@gmail.com> Workflow+1: Felipe Monteiro <felipe.monteiro@att.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Tue, 19 Jun 2018 16:36:01 +0000 Reviewed-on: https://review.openstack.org/575590 Project: openstack/airship-maas Branch: refs/heads/master
-rw-r--r--charts/maas/templates/bin/_start.sh.tpl2
-rw-r--r--charts/maas/templates/deployment-rack.yaml20
-rw-r--r--charts/maas/templates/statefulset-region.yaml19
-rw-r--r--images/maas-rack-controller/Dockerfile6
-rw-r--r--images/maas-rack-controller/scripts/journalctl-to-tty.service13
-rw-r--r--images/maas-region-controller/Dockerfile6
-rw-r--r--images/maas-region-controller/journalctl-to-tty.service13
7 files changed, 76 insertions, 3 deletions
diff --git a/charts/maas/templates/bin/_start.sh.tpl b/charts/maas/templates/bin/_start.sh.tpl
index 1292e82..0cee4c8 100644
--- a/charts/maas/templates/bin/_start.sh.tpl
+++ b/charts/maas/templates/bin/_start.sh.tpl
@@ -33,4 +33,4 @@ fi
33 33
34chsh -s /bin/bash maas 34chsh -s /bin/bash maas
35 35
36exec /bin/systemd --system 36exec /sbin/init --log-target=console 3>&1
diff --git a/charts/maas/templates/deployment-rack.yaml b/charts/maas/templates/deployment-rack.yaml
index 802d76c..9b4690d 100644
--- a/charts/maas/templates/deployment-rack.yaml
+++ b/charts/maas/templates/deployment-rack.yaml
@@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14See the License for the specific language governing permissions and 14See the License for the specific language governing permissions and
15limitations under the License. 15limitations under the License.
16*/}} 16*/}}
17
17{{- if .Values.manifests.rack_deployment }} 18{{- if .Values.manifests.rack_deployment }}
18{{- if empty .Values.conf.maas.url.maas_url -}} 19{{- if empty .Values.conf.maas.url.maas_url -}}
19{{- tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.maas.url "maas_url" | quote | trunc 0 -}} 20{{- tuple "maas_region_ui" "default" "region_ui" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.maas.url "maas_url" | quote | trunc 0 -}}
@@ -55,6 +56,7 @@ spec:
55 - name: maas-rack 56 - name: maas-rack
56 image: {{ .Values.images.tags.maas_rack }} 57 image: {{ .Values.images.tags.maas_rack }}
57 imagePullPolicy: {{ .Values.images.pull_policy }} 58 imagePullPolicy: {{ .Values.images.pull_policy }}
59 tty: true
58 env: 60 env:
59 - name: MAAS_ENDPOINT 61 - name: MAAS_ENDPOINT
60 value: {{ .Values.conf.maas.url.maas_url }} 62 value: {{ .Values.conf.maas.url.maas_url }}
@@ -69,6 +71,15 @@ spec:
69 securityContext: 71 securityContext:
70 privileged: true 72 privileged: true
71 volumeMounts: 73 volumeMounts:
74 - mountPath: /sys/fs/cgroup
75 name: host-sys-fs-cgroup
76 readOnly: true
77 - mountPath: /run
78 name: pod-run
79 - mountPath: /run/lock
80 name: pod-run-lock
81 - mountPath: /tmp
82 name: pod-tmp
72{{- if .Values.conf.maas.ntp.disable_ntpd_rack }} 83{{- if .Values.conf.maas.ntp.disable_ntpd_rack }}
73 - name: maas-bin 84 - name: maas-bin
74 mountPath: /usr/sbin/ntpd 85 mountPath: /usr/sbin/ntpd
@@ -96,6 +107,15 @@ spec:
96{{- end }} 107{{- end }}
97{{ if $mounts_maas_rack.volumeMounts }}{{ toYaml $mounts_maas_rack.volumeMounts | indent 12 }}{{ end }} 108{{ if $mounts_maas_rack.volumeMounts }}{{ toYaml $mounts_maas_rack.volumeMounts | indent 12 }}{{ end }}
98 volumes: 109 volumes:
110 - name: host-sys-fs-cgroup
111 hostPath:
112 path: /sys/fs/cgroup
113 - name: pod-run
114 emptyDir: {}
115 - name: pod-run-lock
116 emptyDir: {}
117 - name: pod-tmp
118 emptyDir: {}
99{{- if .Values.manifests.secret_ssh_key }} 119{{- if .Values.manifests.secret_ssh_key }}
100 - name: maas-ssh 120 - name: maas-ssh
101 emptyDir: {} 121 emptyDir: {}
diff --git a/charts/maas/templates/statefulset-region.yaml b/charts/maas/templates/statefulset-region.yaml
index a258d4f..b1f5222 100644
--- a/charts/maas/templates/statefulset-region.yaml
+++ b/charts/maas/templates/statefulset-region.yaml
@@ -52,6 +52,7 @@ spec:
52 - name: maas-region 52 - name: maas-region
53 image: {{ .Values.images.tags.maas_region }} 53 image: {{ .Values.images.tags.maas_region }}
54 imagePullPolicy: {{ .Values.images.pull_policy }} 54 imagePullPolicy: {{ .Values.images.pull_policy }}
55 tty: true
55{{ tuple $envAll $envAll.Values.pod.resources.maas_region | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} 56{{ tuple $envAll $envAll.Values.pod.resources.maas_region | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
56 ports: 57 ports:
57 - name: r-ui 58 - name: r-ui
@@ -64,6 +65,15 @@ spec:
64 command: 65 command:
65 - /tmp/start.sh 66 - /tmp/start.sh
66 volumeMounts: 67 volumeMounts:
68 - mountPath: /sys/fs/cgroup
69 name: host-sys-fs-cgroup
70 readOnly: true
71 - mountPath: /run
72 name: pod-run
73 - mountPath: /run/lock
74 name: pod-run-lock
75 - mountPath: /tmp
76 name: pod-tmp
67 - name: maas-region-secret 77 - name: maas-region-secret
68 mountPath: /var/lib/maas/secret 78 mountPath: /var/lib/maas/secret
69 subPath: REGION_SECRET 79 subPath: REGION_SECRET
@@ -104,6 +114,15 @@ spec:
104{{- end }} 114{{- end }}
105{{- if $mounts_maas_region.volumeMounts }}{{ toYaml $mounts_maas_region.volumeMounts | indent 12 }}{{ end }} 115{{- if $mounts_maas_region.volumeMounts }}{{ toYaml $mounts_maas_region.volumeMounts | indent 12 }}{{ end }}
106 volumes: 116 volumes:
117 - name: host-sys-fs-cgroup
118 hostPath:
119 path: /sys/fs/cgroup
120 - name: pod-run
121 emptyDir: {}
122 - name: pod-run-lock
123 emptyDir: {}
124 - name: pod-tmp
125 emptyDir: {}
107 - name: maas-etc 126 - name: maas-etc
108 configMap: 127 configMap:
109 name: maas-etc 128 name: maas-etc
diff --git a/images/maas-rack-controller/Dockerfile b/images/maas-rack-controller/Dockerfile
index 9bdf0a5..12c8695 100644
--- a/images/maas-rack-controller/Dockerfile
+++ b/images/maas-rack-controller/Dockerfile
@@ -45,5 +45,9 @@ RUN systemctl enable register-rack-controller.service
45RUN mv /usr/sbin/tcpdump /usr/bin/tcpdump 45RUN mv /usr/sbin/tcpdump /usr/bin/tcpdump
46RUN ln -s /usr/bin/tcpdump /usr/sbin/tcpdump 46RUN ln -s /usr/bin/tcpdump /usr/sbin/tcpdump
47 47
48COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
49RUN mkdir -p /etc/systemd/system/basic.target.wants ;\
50 ln -s /etc/systemd/system/journalctl-to-tty.service /etc/systemd/system/basic.target.wants/journalctl-to-tty.service
51
48# initalize systemd 52# initalize systemd
49CMD ["/sbin/init"] 53CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]
diff --git a/images/maas-rack-controller/scripts/journalctl-to-tty.service b/images/maas-rack-controller/scripts/journalctl-to-tty.service
new file mode 100644
index 0000000..2725055
--- /dev/null
+++ b/images/maas-rack-controller/scripts/journalctl-to-tty.service
@@ -0,0 +1,13 @@
1[Unit]
2Description=Journald console log streamer
3Requires=systemd-journald.service
4After=systemd-journald.service
5
6[Service]
7Restart=always
8RestartSec=0
9ExecStart=/bin/journalctl -f
10StandardOutput=tty
11
12[Install]
13WantedBy=basic.target
diff --git a/images/maas-region-controller/Dockerfile b/images/maas-region-controller/Dockerfile
index 4c26e87..66f6bd5 100644
--- a/images/maas-region-controller/Dockerfile
+++ b/images/maas-region-controller/Dockerfile
@@ -62,5 +62,9 @@ RUN cd /usr/lib/python3/dist-packages/maasserver && patch compose_preseed.py < /
62RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed_network.py < /tmp/2.3_route.patch 62RUN cd /usr/lib/python3/dist-packages/maasserver && patch preseed_network.py < /tmp/2.3_route.patch
63RUN cd /usr/lib/python3/dist-packages/maasserver/models/signals && patch interfaces.py < /tmp/2.3_recursion_fix.patch 63RUN cd /usr/lib/python3/dist-packages/maasserver/models/signals && patch interfaces.py < /tmp/2.3_recursion_fix.patch
64 64
65COPY journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
66RUN mkdir -p /etc/systemd/system/basic.target.wants ;\
67 ln -s /etc/systemd/system/journalctl-to-tty.service /etc/systemd/system/basic.target.wants/journalctl-to-tty.service
68
65# initalize systemd 69# initalize systemd
66CMD ["/sbin/init"] 70CMD ["/bin/bash", "-c", "exec /sbin/init --log-target=console 3>&1"]
diff --git a/images/maas-region-controller/journalctl-to-tty.service b/images/maas-region-controller/journalctl-to-tty.service
new file mode 100644
index 0000000..2725055
--- /dev/null
+++ b/images/maas-region-controller/journalctl-to-tty.service
@@ -0,0 +1,13 @@
1[Unit]
2Description=Journald console log streamer
3Requires=systemd-journald.service
4After=systemd-journald.service
5
6[Service]
7Restart=always
8RestartSec=0
9ExecStart=/bin/journalctl -f
10StandardOutput=tty
11
12[Install]
13WantedBy=basic.target