Hello community, here is the log from the commit of package kubernetes-salt for openSUSE:Factory checked in at 2018-05-04 11:30:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubernetes-salt (Old) and /work/SRC/openSUSE:Factory/.kubernetes-salt.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubernetes-salt" Fri May 4 11:30:49 2018 rev:16 rq:603698 version:3.0.0+git_r750_8f19e53 Changes: -------- --- /work/SRC/openSUSE:Factory/kubernetes-salt/kubernetes-salt.changes 2018-04-27 16:10:20.752038484 +0200 +++ /work/SRC/openSUSE:Factory/.kubernetes-salt.new/kubernetes-salt.changes 2018-05-04 11:30:54.696658103 +0200 @@ -1,0 +2,45 @@ +Thu May 3 10:02:57 UTC 2018 - containers-bugow...@suse.de + +- Commit 0294ed9 by Alvaro Saurin alvaro.sau...@gmail.com + Do not try to use the mine when we can get the same information with a + module. + + (cherry picked from commit dfd3b8a6a65c7d969466b09a1f20536a525ae42a) + + bsc#1091077 + + +------------------------------------------------------------------- +Wed May 2 11:57:18 UTC 2018 - containers-bugow...@suse.de + +- Commit 17e9533 by Kiall Mac Innes ki...@macinnes.ie + Harden the waiting for CRI socket to become active + + * Allow more time for the CRI socket to become active - 20 seconds + * Explicitly fail if the socket does not become active within this + time. + + Related to bsc#1091419 + + +------------------------------------------------------------------- +Sun Apr 29 13:31:42 UTC 2018 - containers-bugow...@suse.de + +- Commit c03b41d by Alvaro Saurin alvaro.sau...@gmail.com + Retry the `wait_for_http` when waiting for the API server. Use the same + cleanup.post-orchestration that tyhe forces removal uses. Some other removal + orchestration fixes and improvements. + + feature#node_removal + + +------------------------------------------------------------------- +Fri Apr 27 15:15:36 UTC 2018 - containers-bugow...@suse.de + +- Commit 03242db by Kiall Mac Innes ki...@macinnes.ie + Fix caasp_etcd.get_member_id error handling + + caasp_etcd.get_member_id was referencing a variable that doesn't exist. + + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kubernetes-salt.spec ++++++ --- /var/tmp/diff_new_pack.CtkU2t/_old 2018-05-04 11:30:55.264637263 +0200 +++ /var/tmp/diff_new_pack.CtkU2t/_new 2018-05-04 11:30:55.268637117 +0200 @@ -32,7 +32,7 @@ Name: kubernetes-salt %define gitrepo salt -Version: 3.0.0+git_r742_8508870 +Version: 3.0.0+git_r750_8f19e53 Release: 0 BuildArch: noarch Summary: Production-Grade Container Scheduling and Management ++++++ master.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/pillar/cri.sls new/salt-master/pillar/cri.sls --- old/salt-master/pillar/cri.sls 2018-04-26 11:56:10.000000000 +0200 +++ new/salt-master/pillar/cri.sls 2018-05-03 12:03:26.000000000 +0200 @@ -1,6 +1,6 @@ cri: chosen: 'docker' - socket_timeout: 10 + socket_timeout: 20 docker: description: Docker open-source container engine package: docker diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_modules/caasp_cri.py new/salt-master/salt/_modules/caasp_cri.py --- old/salt-master/salt/_modules/caasp_cri.py 2018-04-26 11:56:10.000000000 +0200 +++ new/salt-master/salt/_modules/caasp_cri.py 2018-05-03 12:03:26.000000000 +0200 @@ -199,7 +199,7 @@ ''' socket = cri_runtime_endpoint() - timeout = int(__salt__['pillar.get']('cri:socket_timeout', '10')) + timeout = int(__salt__['pillar.get']('cri:socket_timeout', '20')) expire = time.time() + timeout while time.time() < expire: @@ -207,6 +207,11 @@ return time.sleep(0.3) + raise CommandExecutionError( + 'CRI socket did not become ready', + info={'errors': ['CRI socket did not become ready']} + ) + def needs_docker(): ''' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_modules/caasp_etcd.py new/salt-master/salt/_modules/caasp_etcd.py --- old/salt-master/salt/_modules/caasp_etcd.py 2018-04-26 11:56:10.000000000 +0200 +++ new/salt-master/salt/_modules/caasp_etcd.py 2018-05-03 12:03:26.000000000 +0200 @@ -222,7 +222,7 @@ return member_line.split(':')[0] except Exception as e: - error('cannot get member ID for "%s": %s', e, this_nodename) + error('cannot get member ID for "%s": %s', e, target_nodename) error('output: %s', members_output) return '' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_modules/caasp_net.py new/salt-master/salt/_modules/caasp_net.py --- old/salt-master/salt/_modules/caasp_net.py 2018-04-26 11:56:10.000000000 +0200 +++ new/salt-master/salt/_modules/caasp_net.py 2018-05-03 12:03:26.000000000 +0200 @@ -10,38 +10,41 @@ return "caasp_net" -def _get_local_id(): - return __salt__['grains.get']('id') - - -def get_iface_ip(iface, **kwargs): +def get_iface_ip(iface, host=None, ifaces=None): ''' given an 'iface' (and an optional 'host' and list of 'ifaces'), return the IP address associated with 'iface' ''' - host = kwargs.pop('host', _get_local_id()) - all_ifaces = __salt__['caasp_grains.get'](host, 'network.interfaces', type='glob') - ifaces = kwargs.pop('ifaces', all_ifaces[host]) + if not ifaces: + if not host or host == get_nodename(): + ifaces = __salt__['network.interfaces']() + else: + ifaces = __salt__['caasp_grains.get'](host, 'network.interfaces', type='glob') + + iface = ifaces.get(iface) + ipv4addr = iface.get('inet', [{}]) + return ipv4addr[0].get('address') - return ifaces.get(iface).get('inet', [{}])[0].get('address') - -def get_primary_iface(**kwargs): +def get_primary_iface(host=None): ''' (given some optional 'host') return the name of the primary iface (the iface associated with the default route) ''' - host = kwargs.pop('host', _get_local_id()) - all_routes = __salt__['caasp_grains.get'](host, 'network.default_route', type='glob') - return all_routes[host][0]['interface'] + if not host or host == get_nodename(): + default_route_lst = __salt__['network.default_route']() + return default_route_lst[0]['interface'] + else: + all_routes = __salt__['caasp_grains.get'](host, 'network.default_route', type='glob') + return all_routes[host][0]['interface'] -def get_primary_ip(**kwargs): +def get_primary_ip(host=None, ifaces=None): ''' (given an optional minion 'host' and a list of its network interfaces, 'ifaces'), return the primary IP ''' - return get_iface_ip(get_primary_iface(**kwargs), **kwargs) + return get_iface_ip(iface=get_primary_iface(host=host), host=host, ifaces=ifaces) def get_primary_ips_for(compound, **kwargs): @@ -51,19 +54,15 @@ ''' res = [] all_ifaces = __salt__['caasp_grains.get'](compound, 'network.interfaces') - for host in all_ifaces.keys(): - res.append(get_primary_ip(host=host, **kwargs)) - return res + return [get_primary_ip(host=host, **kwargs) for host in all_ifaces.keys()] -def get_nodename(**kwargs): +def get_nodename(host=None, **kwargs): ''' (given some optional 'host') return the `nodename` ''' - _not_provided = object() - host = kwargs.pop('host', _not_provided) - if host is _not_provided: + if not host: assert __opts__['__role'] != 'master' return __salt__['grains.get']('nodename') else: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/_modules/caasp_nodes.py new/salt-master/salt/_modules/caasp_nodes.py --- old/salt-master/salt/_modules/caasp_nodes.py 2018-04-26 11:56:10.000000000 +0200 +++ new/salt-master/salt/_modules/caasp_nodes.py 2018-05-03 12:03:26.000000000 +0200 @@ -467,6 +467,9 @@ affected_roles.sort() affected_items.append('P@roles:(' + '|'.join(affected_roles) + ')') + # exclude some roles + affected_items.append('not G@roles:ca') + if kwargs.get('exclude_in_progress', True): affected_items.append('not G@bootstrap_in_progress:true') affected_items.append('not G@update_in_progress:true') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/cleanup/remove-post-orchestration.sls new/salt-master/salt/cleanup/remove-post-orchestration.sls --- old/salt-master/salt/cleanup/remove-post-orchestration.sls 2018-04-26 11:56:10.000000000 +0200 +++ new/salt-master/salt/cleanup/remove-post-orchestration.sls 2018-05-03 12:03:26.000000000 +0200 @@ -1,6 +1,3 @@ -include: - - kubectl-config - {%- set target = salt.caasp_pillar.get('target') %} {%- set forced = salt.caasp_pillar.get('forced', False) %} @@ -10,9 +7,12 @@ # k8s cluster ############### -{%- set k8s_nodes = salt.caasp_nodes.get_with_expr('G@roles:kube-master', booted=True) %} +{%- set k8s_nodes = salt.caasp_nodes.get_with_expr('P@roles:(kube-master|kube-minion)', booted=True) %} {%- if forced or target in k8s_nodes %} +include: + - kubectl-config + {%- from '_macros/kubectl.jinja' import kubectl with context %} {{ kubectl("remove-node", @@ -32,3 +32,11 @@ - nodename: {{ nodename }} {%- endif %} + + +{%- if not (forced or target in k8s_nodes + etcd_members) %} +{# Make suse we do not generate an empty file if target is not a etcd/master #} +dummy_step: + cmd.run: + - name: "echo saltstack bug 14553" +{%- endif %} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/kube-apiserver/init.sls new/salt-master/salt/kube-apiserver/init.sls --- old/salt-master/salt/kube-apiserver/init.sls 2018-04-26 11:56:10.000000000 +0200 +++ new/salt-master/salt/kube-apiserver/init.sls 2018-05-03 12:03:26.000000000 +0200 @@ -53,27 +53,29 @@ - sls: ca-cert - caasp_retriable: {{ pillar['ssl']['kube_apiserver_crt'] }} - x509: {{ pillar['paths']['service_account_key'] }} - # wait until the API server is actually up and running - http.wait_for_successful_query: - {% set api_server = "api." + pillar['internal_infra_domain'] -%} - {% set api_ssl_port = pillar['api']['int_ssl_port'] -%} - - name: {{ 'https://' + api_server + ':' + api_ssl_port }}/healthz - - wait_for: 300 - - ca_bundle: {{ pillar['ssl']['ca_file'] }} - - status: 200 - - watch: - - service: kube-apiserver -# Wait for the kube-apiserver to be answering on any location. Even if our local instance is already -# up, it could happen that HAProxy did not yet realize it's up, so let's wait until HAProxy agrees -# with us. -kube-apiserver-up: - http.wait_for_successful_query: - {% set api_server = "api." + pillar['internal_infra_domain'] -%} - {% set api_ssl_port = pillar['api']['ssl_port'] -%} - - name: {{ 'https://' + api_server + ':' + api_ssl_port }}/healthz +# +# Wait for (in order) +# 1. the local ("internal") API server +# 2. the API-through-haproxy, to be answering on any location. Even if our +# local instance is already up, it could happen that HAProxy did not +# yet realize it's up, so let's wait until HAProxy agrees with us. +# +{%- set api_server = 'api.' + pillar['internal_infra_domain'] %} + +{%- for port in ['int_ssl_port', 'ssl_port'] %} + +kube-apiserver-wait-port-{{ port }}: + caasp_retriable.retry: + - target: http.wait_for_successful_query + - name: {{ 'https://' + api_server + ':' + pillar['api'][port] }}/healthz - wait_for: 300 + # retry just in case the API server returns a transient error + - retry: + attempts: 3 - ca_bundle: {{ pillar['ssl']['ca_file'] }} - status: 200 - watch: - service: kube-apiserver + +{% endfor %} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/salt-master/salt/orch/removal.sls new/salt-master/salt/orch/removal.sls --- old/salt-master/salt/orch/removal.sls 2018-04-26 11:56:10.000000000 +0200 +++ new/salt-master/salt/orch/removal.sls 2018-05-03 12:03:26.000000000 +0200 @@ -8,14 +8,14 @@ {#- This sends a "are you still there?" message to all #} {#- the nodes and wait for a response, so it takes some time. #} {#- Hopefully this list will not be too long... #} +{%- set all_responsive_nodes_tgt = 'not G@roles:ca' %} + {%- set nodes_down = salt.saltutil.runner('manage.down') %} {%- if not nodes_down %} {%- do salt.caasp_log.debug('all nodes seem to be up') %} - {%- set all_responsive_nodes_tgt = 'P@roles:(etcd|kube-master|kube-minion)' %} {%- else %} {%- do salt.caasp_log.debug('nodes "%s" seem to be down', nodes_down|join(',')) %} - {%- set all_responsive_nodes_tgt = 'not L@' + nodes_down|join(',') - + ' and P@roles:(etcd|kube-master|kube-minion)' %} + {%- set all_responsive_nodes_tgt = all_responsive_nodes_tgt + ' and not L@' + nodes_down|join(',') %} {%- if target in nodes_down %} {%- do salt.caasp_log.abort('target is unresponsive, forced removal must be used') %} @@ -44,7 +44,7 @@ # This will ensure the update-etc-hosts orchestration is not run. set-cluster-wide-removal-grain: salt.function: - - tgt: 'P@roles:(kube-master|kube-minion|etcd)' + - tgt: '{{ all_responsive_nodes_tgt }}' - tgt_type: compound - name: grains.setval - arg: @@ -55,7 +55,7 @@ # (ie, expired certs produce really funny errors) update-config: salt.state: - - tgt: '{{ all_responsive_nodes_tgt }}' + - tgt: 'P@roles:(kube-master|kube-minion|etcd) and {{ all_responsive_nodes_tgt }}' - tgt_type: compound - sls: - etc-hosts @@ -70,7 +70,7 @@ assign-removal-grain: salt.function: - - tgt: {{ target }} + - tgt: '{{ target }}' - name: grains.setval - arg: - node_removal_in_progress @@ -114,7 +114,6 @@ - saltutil.refresh_pillar - saltutil.refresh_grains - mine.update - - saltutil.sync_all - require: - update-config - assign-removal-grain @@ -122,6 +121,16 @@ - assign-{{ role }}-role-to-replacement {%- endfor %} +update-modules: + salt.function: + - tgt: '{{ all_responsive_nodes_tgt }}' + - tgt_type: compound + - name: saltutil.sync_all + - kwarg: + refresh: True + - require: + - sync-all + {############################## # replacement setup #############################} @@ -133,11 +142,11 @@ - tgt: '{{ replacement }}' - highstate: True - require: - - sync-all + - update-modules kubelet-setup: salt.state: - - tgt: {{ replacement }} + - tgt: '{{ replacement }}' - sls: - kubelet.configure-taints - kubelet.configure-labels @@ -178,7 +187,7 @@ stop-services-in-target: salt.state: - - tgt: {{ target }} + - tgt: '{{ target }}' - sls: - container-feeder.stop {%- if target in masters %} @@ -193,15 +202,15 @@ - etcd.stop {%- endif %} - require: - - sync-all - {%- if replacement %} + - update-modules + {%- if replacement %} - remove-addition-grain - {%- endif %} + {%- endif %} # remove any other configuration in the machines cleanups-in-target-before-rebooting: salt.state: - - tgt: {{ target }} + - tgt: '{{ target }}' - sls: {%- if target in masters %} - kube-apiserver.remove-pre-reboot @@ -223,7 +232,7 @@ # shutdown the node shutdown-target: salt.function: - - tgt: {{ target }} + - tgt: '{{ target }}' - name: cmd.run - arg: - sleep 15; systemctl poweroff @@ -243,14 +252,9 @@ - sls: - cleanup.remove-post-orchestration - require: - - sync-all - shutdown-target - {%- if replacement %} - - remove-addition-grain - {%- endif %} -# remove the Salt key -# (it will appear as "unaccepted") +# remove the Salt key and the mine for the target remove-target-salt-key: salt.wheel: - name: key.reject @@ -277,12 +281,14 @@ # the etcd server we have just removed (but they would # keep working fine as long as we had >1 etcd servers) -{%- set affected_tgt = salt.caasp_nodes.get_expr_affected_by(target, - excluded=[replacement] + nodes_down, - masters=masters, - minions=minions, - etcd_members=etcd_members) %} -{%- do salt.caasp_log.debug('will high-state machines affected by removal: "%s"', affected_tgt) %} +{%- set affected_expr = salt.caasp_nodes.get_expr_affected_by(target, + excluded=[replacement] + nodes_down, + masters=masters, + minions=minions, + etcd_members=etcd_members) %} + +{%- if affected_expr %} + {%- do salt.caasp_log.debug('will high-state machines affected by removal: %s', affected_expr) %} # make sure the cluster has up-to-date state sync-after-removal: @@ -295,19 +301,32 @@ - require: - remove-target-mine +update-modules-after-removal: + salt.function: + - tgt: '{{ all_responsive_nodes_tgt }}' + - tgt_type: compound + - name: saltutil.sync_all + - kwarg: + refresh: True + - require: + - sync-after-removal + highstate-affected: salt.state: - - tgt: '{{ affected_tgt }}' + - tgt: '{{ affected_expr }}' - tgt_type: compound - highstate: True - batch: 1 - require: - - sync-after-removal + - update-modules-after-removal + +{%- endif %} {# affected_expr #} # remove the we-are-removing-some-node grain in the cluster remove-cluster-wide-removal-grain: salt.function: - - tgt: 'P@roles:(kube-master|kube-minion|etcd)' + - tgt: '{{ all_responsive_nodes_tgt }}' + - tgt_type: compound - name: grains.delval - arg: - removal_in_progress