From 4b349d9471a9ef578571a449811ae1707d5dc818 Mon Sep 17 00:00:00 2001 From: Ruslan Aliev Date: Mon, 20 May 2024 10:55:45 -0500 Subject: [PATCH] ETCD aux pod define resources Signed-off-by: Ruslan Aliev Change-Id: Ib2e666572fbe76bfa1ff542dd76e3c1d833e9268 --- .../templates/etc/_kubernetes-etcd.yaml.tpl | 4 ++-- charts/etcd/values.yaml | 6 +----- promenade/schemas/Genesis.yaml | 2 ++ .../genesis-etcd/server-container.yaml | 4 ++++ .../manifests/auxiliary-kubernetes-etcd.yaml | 10 +++++++++- .../apparmor/001-setup-apparmor-profiles.sh | 20 +++++++++++++++++++ .../deploy-promenade-containerd.yaml | 2 +- tools/zuul/playbooks/deploy-promenade.yaml | 2 +- 8 files changed, 40 insertions(+), 10 deletions(-) create mode 100755 tools/deployment/apparmor/001-setup-apparmor-profiles.sh diff --git a/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl b/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl index b75ddecb..2c440828 100644 --- a/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl +++ b/charts/etcd/templates/etc/_kubernetes-etcd.yaml.tpl @@ -74,8 +74,8 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP - - name: ETCD_LOG_PACKAGE_LEVELS - value: {{ default "" .Values.etcd.logging.log_level | include "helm-toolkit.utils.joinListWithComma" }} + - name: ETCD_LOG_LEVEL + value: {{ default "" .Values.etcd.logging.log_level }} - name: ETCD_CLIENT_CERT_AUTH value: "true" - name: ETCD_PEER_CLIENT_CERT_AUTH diff --git a/charts/etcd/values.yaml b/charts/etcd/values.yaml index 389b1b93..17470ec1 100644 --- a/charts/etcd/values.yaml +++ b/charts/etcd/values.yaml @@ -54,11 +54,7 @@ etcd: cleanup_data: true etcdctl_api: "3" logging: - # Set individual etcd subpackages to specific log levels. - # An example being etcdserver=WARNING,security=DEBUG - log_level: - - etcdserver=DEBUG - - security=DEBUG + log_level: debug backup: enabled: true host_backup_path: /var/backups diff --git a/promenade/schemas/Genesis.yaml b/promenade/schemas/Genesis.yaml index 8df1f9d4..eccff4db 100644 --- a/promenade/schemas/Genesis.yaml +++ b/promenade/schemas/Genesis.yaml @@ -121,6 +121,8 @@ data: type: string gomaxprocs: type: integer + resources: + type: object additionalProperties: false files: diff --git a/promenade/templates/include/genesis-etcd/server-container.yaml b/promenade/templates/include/genesis-etcd/server-container.yaml index 1ae8b920..72a199a6 100644 --- a/promenade/templates/include/genesis-etcd/server-container.yaml +++ b/promenade/templates/include/genesis-etcd/server-container.yaml @@ -1,5 +1,9 @@ - name: etcd-{{ etcd_name }} image: {{ config['Genesis:images.kubernetes.etcd'] }} +{%- if config['Genesis:etcd.resources'] is defined %} + resources: +{{ config.get_path('Genesis:etcd.resources', {}) | toyaml | trim | indent(8, true) }} +{%- endif %} env: - name: ETCD_NAME value: {{ etcd_name }} diff --git a/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml b/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml index e090dda7..8061d480 100644 --- a/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml +++ b/promenade/templates/roles/genesis/etc/kubernetes/manifests/auxiliary-kubernetes-etcd.yaml @@ -34,6 +34,14 @@ spec: | wc -l } + anchor_number_ready () { + NUM=$(kubectl -n kube-system get daemonset kubernetes-etcd-anchor --ignore-not-found -o jsonpath="{.status.numberReady}" || true) + if [ -z "$NUM" ]; then + NUM=0 + fi + return $NUM + } + remove_if_possible () { MEMBER_NAME="$1" MEMBER_ID=$(etcdctl member list | grep "${MEMBER_NAME}" | awk -F ', ' '{ print $1 }') @@ -50,7 +58,7 @@ spec: OLD_LEADER="$1" OLD_LEADER_EP=$(etcdctl member list | grep "$OLD_LEADER" | awk -F ', ' '{print $5}') NEW_LEADER=$(etcdctl member list | grep '\bstarted\b' | grep -Ev "\\b(auxiliary-0|auxiliary-1)\\b" | head -1 | awk -F ', ' '{print $1}') - if [ -n "$NEW_LEADER" ]; then + if [ -n "$NEW_LEADER" ] && [ -n "$OLD_LEADER_EP" ]; then if ! ETCDCTL_ENDPOINTS="$OLD_LEADER_EP" etcdctl move-leader "$NEW_LEADER"; then echo "Attempted abdication, but failed." return diff --git a/tools/deployment/apparmor/001-setup-apparmor-profiles.sh b/tools/deployment/apparmor/001-setup-apparmor-profiles.sh new file mode 100755 index 00000000..e26bf2a7 --- /dev/null +++ b/tools/deployment/apparmor/001-setup-apparmor-profiles.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +set -xe + +# Ensure that apparmor is installed and enabled +sudo -H -E apt-get install -y apparmor +sudo systemctl enable apparmor && sudo systemctl start apparmor +sudo systemctl status apparmor.service diff --git a/tools/zuul/playbooks/deploy-promenade-containerd.yaml b/tools/zuul/playbooks/deploy-promenade-containerd.yaml index 27a8414b..bfb9b406 100644 --- a/tools/zuul/playbooks/deploy-promenade-containerd.yaml +++ b/tools/zuul/playbooks/deploy-promenade-containerd.yaml @@ -52,7 +52,7 @@ set -xe; ./tools/deployment/apparmor/001-setup-apparmor-profiles.sh args: - chdir: "{{ zuul.projects['opendev.org/openstack/openstack-helm-infra'].src_dir }}" + chdir: "{{ zuul.project.src_dir }}" executable: /bin/bash - name: List interfaces diff --git a/tools/zuul/playbooks/deploy-promenade.yaml b/tools/zuul/playbooks/deploy-promenade.yaml index 2e831f81..2508dd1b 100644 --- a/tools/zuul/playbooks/deploy-promenade.yaml +++ b/tools/zuul/playbooks/deploy-promenade.yaml @@ -39,7 +39,7 @@ set -xe; ./tools/deployment/apparmor/001-setup-apparmor-profiles.sh args: - chdir: "{{ zuul.projects['opendev.org/openstack/openstack-helm-infra'].src_dir }}" + chdir: "{{ zuul.project.src_dir }}" executable: /bin/bash - name: Generate configuration files