diff --git a/contrib/drivers/heat/dcos_centos_template_def.py b/contrib/drivers/heat/dcos_centos_template_def.py new file mode 100644 index 0000000000000000000000000000000000000000..09f003f67df9000f62a6c761d6688cc0a0505ea5 --- /dev/null +++ b/contrib/drivers/heat/dcos_centos_template_def.py @@ -0,0 +1,166 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from oslo_config import cfg +from oslo_log import log as logging +from oslo_serialization import jsonutils + +from magnum.drivers.heat import template_def + +CONF = cfg.CONF + +LOG = logging.getLogger(__name__) + + +class ServerAddressOutputMapping(template_def.OutputMapping): + + public_ip_output_key = None + private_ip_output_key = None + + def __init__(self, dummy_arg, cluster_attr=None): + self.cluster_attr = cluster_attr + self.heat_output = self.public_ip_output_key + + def set_output(self, stack, cluster_template, cluster): + if not cluster_template.floating_ip_enabled: + self.heat_output = self.private_ip_output_key + + LOG.debug("Using heat_output: %s", self.heat_output) + super(ServerAddressOutputMapping, + self).set_output(stack, cluster_template, cluster) + + +class MasterAddressOutputMapping(ServerAddressOutputMapping): + public_ip_output_key = 'dcos_master' + private_ip_output_key = 'dcos_master_private' + + +class NodeAddressOutputMapping(ServerAddressOutputMapping): + public_ip_output_key = 'dcos_slaves' + private_ip_output_key = 'dcos_slaves_private' + + +class DcosCentosTemplateDefinition(template_def.BaseTemplateDefinition): + """DC/OS template for Centos.""" + + def __init__(self): + super(DcosCentosTemplateDefinition, self).__init__() + self.add_parameter('external_network', + cluster_template_attr='external_network_id', + required=True) + self.add_parameter('number_of_slaves', + cluster_attr='node_count') + self.add_parameter('master_flavor', + cluster_template_attr='master_flavor_id') + self.add_parameter('slave_flavor', + cluster_template_attr='flavor_id') + self.add_parameter('cluster_name', + cluster_attr='name') + self.add_parameter('volume_driver', + cluster_template_attr='volume_driver') + + self.add_output('api_address', + cluster_attr='api_address') + self.add_output('dcos_master_private', + cluster_attr=None) + self.add_output('dcos_slaves_private', + cluster_attr=None) + self.add_output('dcos_slaves', + cluster_attr='node_addresses', + mapping_type=NodeAddressOutputMapping) + self.add_output('dcos_master', + cluster_attr='master_addresses', + mapping_type=MasterAddressOutputMapping) + + def get_params(self, context, cluster_template, cluster, **kwargs): + extra_params = kwargs.pop('extra_params', {}) + # HACK(apmelton) - This uses the user's bearer token, ideally + # it should be replaced with an actual trust token with only + # access to do what the template needs it to do. + osc = self.get_osc(context) + extra_params['auth_url'] = context.auth_url + extra_params['username'] = context.user_name + extra_params['tenant_name'] = context.tenant + extra_params['domain_name'] = context.domain_name + extra_params['region_name'] = osc.cinder_region_name() + + # Mesos related label parameters are deleted + # Because they are not optional in DC/OS configuration + label_list = ['rexray_preempt', + 'exhibitor_storage_backend', + 'exhibitor_zk_hosts', + 'exhibitor_zk_path', + 'aws_access_key_id', + 'aws_region', + 'aws_secret_access_key', + 'exhibitor_explicit_keys', + 's3_bucket', + 's3_prefix', + 'exhibitor_azure_account_name', + 'exhibitor_azure_account_key', + 'exhibitor_azure_prefix', + 'dcos_overlay_enable', + 'dcos_overlay_config_attempts', + 'dcos_overlay_mtu', + 'dcos_overlay_network', + 'dns_search', + 'check_time', + 'docker_remove_delay', + 'gc_delay', + 'log_directory', + 'process_timeout', + 'oauth_enabled', + 'telemetry_enabled'] + + for label in label_list: + extra_params[label] = cluster_template.labels.get(label) + + # By default, master_discovery is set to 'static' + # If --master-lb-enabled is specified, + # master_discovery will be set to 'master_http_loadbalancer' + if cluster_template.master_lb_enabled: + extra_params['master_discovery'] = 'master_http_loadbalancer' + + if 'true' == extra_params['dcos_overlay_enable']: + overlay_obj = jsonutils.loads(extra_params['dcos_overlay_network']) + extra_params['dcos_overlay_network'] = ''' vtep_subnet: %s + vtep_mac_oui: %s + overlays:''' % (overlay_obj['vtep_subnet'], + overlay_obj['vtep_mac_oui']) + + for item in overlay_obj['overlays']: + extra_params['dcos_overlay_network'] += ''' + - name: %s + subnet: %s + prefix: %s''' % (item['name'], + item['subnet'], + item['prefix']) + + scale_mgr = kwargs.pop('scale_manager', None) + if scale_mgr: + hosts = self.get_output('dcos_slaves_private') + extra_params['slaves_to_remove'] = ( + scale_mgr.get_removal_nodes(hosts)) + + return super(DcosCentosTemplateDefinition, + self).get_params(context, cluster_template, cluster, + extra_params=extra_params, + **kwargs) + + def get_env_files(self, cluster_template): + env_files = [] + + template_def.add_priv_net_env_file(env_files, cluster_template) + template_def.add_lb_env_file(env_files, cluster_template) + template_def.add_fip_env_file(env_files, cluster_template) + + return env_files diff --git a/magnum/drivers/common/templates/environments/disable_floating_ip.yaml b/magnum/drivers/common/templates/environments/disable_floating_ip.yaml index cf512734c178244b7864855d1d344a15e40aaf65..521f0025a7d89f2f53897c83c7c9bc2ba7967548 100644 --- a/magnum/drivers/common/templates/environments/disable_floating_ip.yaml +++ b/magnum/drivers/common/templates/environments/disable_floating_ip.yaml @@ -11,3 +11,9 @@ resource_registry: # kubeminion.yaml "Magnum::Optional::KubeMinion::Neutron::FloatingIP": "OS::Heat::None" + + # dcosmaster.yaml + "Magnum::Optional::DcosMaster::Neutron::FloatingIP": "OS::Heat::None" + + # dcosslave.yaml + "Magnum::Optional::DcosSlave::Neutron::FloatingIP": "OS::Heat::None" diff --git a/magnum/drivers/common/templates/environments/enable_floating_ip.yaml b/magnum/drivers/common/templates/environments/enable_floating_ip.yaml index 19e2d741ca3d10c71ae358b1075756ea1376e73a..a5de1492a952bf5ead32627189d684883ca9c2d2 100644 --- a/magnum/drivers/common/templates/environments/enable_floating_ip.yaml +++ b/magnum/drivers/common/templates/environments/enable_floating_ip.yaml @@ -8,3 +8,9 @@ resource_registry: # kubeminion.yaml "Magnum::Optional::KubeMinion::Neutron::FloatingIP": "OS::Neutron::FloatingIP" + + # dcosmaster.yaml + "Magnum::Optional::DcosMaster::Neutron::FloatingIP": "OS::Neutron::FloatingIP" + + # dcosslave.yaml + "Magnum::Optional::DcosSlave::Neutron::FloatingIP": "OS::Neutron::FloatingIP" diff --git a/magnum/drivers/dcos_centos_v1/README.md b/magnum/drivers/dcos_centos_v1/README.md new file mode 100644 index 0000000000000000000000000000000000000000..cb13ec0235e52ee408f647f091a151b6ebb2daa0 --- /dev/null +++ b/magnum/drivers/dcos_centos_v1/README.md @@ -0,0 +1,103 @@ +How to build a centos image which contains DC/OS 1.8.x +====================================================== + +Here is the advanced DC/OS 1.8 installation guide. + +See [Advanced DC/OS Installation Guide] +(https://dcos.io/docs/1.8/administration/installing/custom/advanced/) +See [Install Docker on CentOS] +(https://dcos.io/docs/1.8/administration/installing/custom/system-requirements/install-docker-centos/) +See [Adding agent nodes] +(https://dcos.io/docs/1.8/administration/installing/custom/add-a-node/) + +Create a centos image using DIB following the steps outlined in DC/OS installation guide. + +1. Install and configure docker in chroot. +2. Install system requirements in chroot. +3. Download `dcos_generate_config.sh` outside chroot. + This file will be used to run `dcos_generate_config.sh --genconf` to generate + config files on the node during magnum cluster creation. +4. Some configuration changes are required for DC/OS, i.e disabling the firewalld + and adding the group named nogroup. + See comments in the script file. + +Use the centos image to build a DC/OS cluster. +Command: + `magnum cluster-template-create` + `magnum cluster-create` + +After all the instances with centos image are created. +1. Pass parameters to config.yaml with magnum cluster template properties. +2. Run `dcos_generate_config.sh --genconf` to generate config files. +3. Run `dcos_install.sh master` on master node and `dcos_install.sh slave` on slave node. + +If we want to scale the DC/OS cluster. +Command: + `magnum cluster-update` + +The same steps as cluster creation. +1. Create new instances, generate config files on them and install. +2. Or delete those agent nodes where containers are not running. + + +How to use magnum dcos coe +=============================================== + +We are assuming that magnum has been installed and the magnum path is `/opt/stack/magnum`. + +1. Copy dcos magnum coe source code +$ mv -r /opt/stack/magnum/contrib/drivers/dcos_centos_v1 /opt/stack/magnum/magnum/drivers/ +$ mv /opt/stack/magnum/contrib/drivers/common/dcos_* /opt/stack/magnum/magnum/drivers/common/ +$ cd /opt/stack/magnum +$ sudo python setup.py install + +2. Add driver in setup.cfg +dcos_centos_v1 = magnum.drivers.dcos_centos_v1.driver:Driver + +3. Restart your magnum services. + +4. Prepare centos image with elements dcos and docker installed + See how to build a centos image in /opt/stack/magnum/magnum/drivers/dcos_centos_v1/image/README.md + +5. Create glance image +$ glance image-create --name centos-7-dcos.qcow2 \ + --visibility public \ + --disk-format qcow2 \ + --container-format bare \ + --os-distro=centos \ + < centos-7-dcos.qcow2 + +6. Create magnum cluster template + Configure DC/OS cluster with --labels + See https://dcos.io/docs/1.8/administration/installing/custom/configuration-parameters/ +$ magnum cluster-template-create --name dcos-cluster-template \ + --image-id centos-7-dcos.qcow2 \ + --keypair-id testkey \ + --external-network-id public \ + --dns-nameserver 8.8.8.8 \ + --flavor-id m1.medium \ + --labels oauth_enabled=false \ + --coe dcos + + Here is an example to specify the overlay network in DC/OS, + 'dcos_overlay_network' should be json string format. +$ magnum cluster-template-create --name dcos-cluster-template \ + --image-id centos-7-dcos.qcow2 \ + --keypair-id testkey \ + --external-network-id public \ + --dns-nameserver 8.8.8.8 \ + --flavor-id m1.medium \ + --labels oauth_enabled=false \ + --labels dcos_overlay_enable='true' \ + --labels dcos_overlay_config_attempts='6' \ + --labels dcos_overlay_mtu='9001' \ + --labels dcos_overlay_network='{"vtep_subnet": "44.128.0.0/20",\ + "vtep_mac_oui": "70:B3:D5:00:00:00","overlays":\ + [{"name": "dcos","subnet": "9.0.0.0/8","prefix": 26}]}' \ + --coe dcos + +7. Create magnum cluster +$ magnum cluster-create --name dcos-cluster --cluster-template dcos-cluster-template --node-count 1 + +8. You need to wait for a while after magnum cluster creation completed to make + DC/OS web interface accessible. diff --git a/magnum/drivers/dcos_centos_v1/__init__.py b/magnum/drivers/dcos_centos_v1/__init__.py new file mode 100644 index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 diff --git a/magnum/drivers/dcos_centos_v1/template_def.py b/magnum/drivers/dcos_centos_v1/template_def.py new file mode 100644 index 0000000000000000000000000000000000000000..6cb23b7984bfd78e0b397a833dc16ed55c0c7322 --- /dev/null +++ b/magnum/drivers/dcos_centos_v1/template_def.py @@ -0,0 +1,181 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import os + +from oslo_config import cfg +from oslo_log import log as logging +from oslo_serialization import jsonutils + +from magnum.drivers.common import template_def + +CONF = cfg.CONF + +LOG = logging.getLogger(__name__) + +class ServerAddressOutputMapping(template_def.OutputMapping): + + public_ip_output_key = None + private_ip_output_key = None + + def __init__(self, dummy_arg, cluster_attr=None): + self.cluster_attr = cluster_attr + self.heat_output = self.public_ip_output_key + + def set_output(self, stack, cluster_template, cluster): + if not cluster_template.floating_ip_enabled: + self.heat_output = self.private_ip_output_key + + LOG.debug("Using heat_output: %s", self.heat_output) + super(ServerAddressOutputMapping, + self).set_output(stack, cluster_template, cluster) + + +class MasterAddressOutputMapping(ServerAddressOutputMapping): + public_ip_output_key = 'dcos_master' + private_ip_output_key = 'dcos_master_private' + + +class NodeAddressOutputMapping(ServerAddressOutputMapping): + public_ip_output_key = 'dcos_slaves' + private_ip_output_key = 'dcos_slaves_private' + + +class DcosCentosTemplateDefinition(template_def.BaseTemplateDefinition): + """DC/OS template for Centos.""" + + def __init__(self): + super(DcosCentosTemplateDefinition, self).__init__() + self.add_parameter('external_network', + cluster_template_attr='external_network_id', + required=True) + self.add_parameter('number_of_slaves', + cluster_attr='node_count') + self.add_parameter('master_flavor', + cluster_template_attr='master_flavor_id') + self.add_parameter('slave_flavor', + cluster_template_attr='flavor_id') + self.add_parameter('cluster_name', + cluster_attr='name') + self.add_parameter('volume_driver', + cluster_template_attr='volume_driver') + + self.add_output('api_address', + cluster_attr='api_address') + self.add_output('dcos_master_private', + cluster_attr=None) + self.add_output('dcos_slaves_private', + cluster_attr=None) + self.add_output('dcos_slaves', + cluster_attr='node_addresses', + mapping_type=NodeAddressOutputMapping) + self.add_output('dcos_master', + cluster_attr='master_addresses', + mapping_type=MasterAddressOutputMapping) + + def get_params(self, context, cluster_template, cluster, **kwargs): + extra_params = kwargs.pop('extra_params', {}) + # HACK(apmelton) - This uses the user's bearer token, ideally + # it should be replaced with an actual trust token with only + # access to do what the template needs it to do. + osc = self.get_osc(context) + extra_params['auth_url'] = context.auth_url + extra_params['username'] = context.user_name + extra_params['tenant_name'] = context.tenant + extra_params['domain_name'] = context.domain_name + extra_params['region_name'] = osc.cinder_region_name() + + # Mesos related label parameters are deleted + # Because they are not optional in DC/OS configuration + label_list = ['rexray_preempt', + 'exhibitor_storage_backend', + 'exhibitor_zk_hosts', + 'exhibitor_zk_path', + 'aws_access_key_id', + 'aws_region', + 'aws_secret_access_key', + 'exhibitor_explicit_keys', + 's3_bucket', + 's3_prefix', + 'exhibitor_azure_account_name', + 'exhibitor_azure_account_key', + 'exhibitor_azure_prefix', + 'dcos_overlay_enable', + 'dcos_overlay_config_attempts', + 'dcos_overlay_mtu', + 'dcos_overlay_network', + 'dns_search', + 'check_time', + 'docker_remove_delay', + 'gc_delay', + 'log_directory', + 'process_timeout', + 'oauth_enabled', + 'telemetry_enabled'] + + for label in label_list: + extra_params[label] = cluster_template.labels.get(label) + + # By default, master_discovery is set to 'static' + # If --master-lb-enabled is specified, + # master_discovery will be set to 'master_http_loadbalancer' + if cluster_template.master_lb_enabled: + extra_params['master_discovery'] = 'master_http_loadbalancer' + + if 'true' == extra_params['dcos_overlay_enable']: + overlay_obj = jsonutils.loads(extra_params['dcos_overlay_network']) + extra_params['dcos_overlay_network'] = ''' vtep_subnet: %s + vtep_mac_oui: %s + overlays:''' % (overlay_obj['vtep_subnet'], + overlay_obj['vtep_mac_oui']) + + for item in overlay_obj['overlays']: + extra_params['dcos_overlay_network'] += ''' + - name: %s + subnet: %s + prefix: %s''' % (item['name'], + item['subnet'], + item['prefix']) + + scale_mgr = kwargs.pop('scale_manager', None) + if scale_mgr: + hosts = self.get_output('dcos_slaves_private') + extra_params['slaves_to_remove'] = ( + scale_mgr.get_removal_nodes(hosts)) + + return super(DcosCentosTemplateDefinition, + self).get_params(context, cluster_template, cluster, + extra_params=extra_params, + **kwargs) + + def get_env_files(self, cluster_template): + env_files = [] + + return env_files + +class DcosCentosVMTemplateDefinition(DcosCentosTemplateDefinition): + """DC/OS template for Centos VM.""" + + provides = [ + {'server_type': 'vm', + 'os': 'centos', + 'coe': 'mesos'}, + ] + + @property + def driver_module_path(self): + return __name__[:__name__.rindex('.')] + + @property + def template_path(self): + return os.path.join(os.path.dirname(os.path.realpath(__file__)), + 'templates/dcoscluster.yaml') diff --git a/magnum/drivers/dcos_centos_v1/templates/dcoscluster.yaml b/magnum/drivers/dcos_centos_v1/templates/dcoscluster.yaml new file mode 100644 index 0000000000000000000000000000000000000000..3fb7accb94b5f7529952b4bd41f3f78c6765b047 --- /dev/null +++ b/magnum/drivers/dcos_centos_v1/templates/dcoscluster.yaml @@ -0,0 +1,629 @@ +heat_template_version: 2016-04-08 + +description: > + This template will boot a DC/OS cluster with one or more masters + (as specified by number_of_masters, default is 1) and one or more slaves + (as specified by the number_of_slaves parameter, which + defaults to 1). + +parameters: + + cluster_name: + type: string + description: human readable name for the DC/OS cluster + default: my-cluster + + number_of_masters: + type: number + description: how many DC/OS masters to spawn initially + default: 1 + + # In DC/OS, there are two types of slave nodes, public and private. + # Public slave nodes have external access and private slave nodes don't. + # Magnum only supports one type of slave nodes and I decide not to modify + # cluster template properties. So I create slave nodes as private agents. + number_of_slaves: + type: number + description: how many DC/OS agents or slaves to spawn initially + default: 1 + + master_flavor: + type: string + default: m1.medium + description: flavor to use when booting the master servers + + slave_flavor: + type: string + default: m1.medium + description: flavor to use when booting the slave servers + + server_image: + type: string + default: centos-dcos + description: glance image used to boot the server + + ssh_key_name: + type: string + description: name of ssh key to be provisioned on our server + + external_network: + type: string + description: uuid/name of a network to use for floating ip addresses + default: public + + fixed_network: + type: string + description: uuid/name of an existing network to use to provision machines + default: "" + + fixed_subnet: + type: string + description: uuid/name of an existing subnet to use to provision machines + default: "" + + fixed_network_cidr: + type: string + description: network range for fixed ip network + default: 10.0.0.0/24 + + dns_nameserver: + type: string + description: address of a dns nameserver reachable in your environment + + http_proxy: + type: string + description: http proxy address for docker + default: "" + + https_proxy: + type: string + description: https proxy address for docker + default: "" + + no_proxy: + type: string + description: no proxies for docker + default: "" + + ###################################################################### + # + # Rexray Configuration + # + + trustee_domain_id: + type: string + description: domain id of the trustee + default: "" + + trustee_user_id: + type: string + description: user id of the trustee + default: "" + + trustee_username: + type: string + description: username of the trustee + default: "" + + trustee_password: + type: string + description: password of the trustee + default: "" + hidden: true + + trust_id: + type: string + description: id of the trust which is used by the trustee + default: "" + hidden: true + + ###################################################################### + # + # Rexray Configuration + # + + volume_driver: + type: string + description: volume driver to use for container storage + default: "" + + username: + type: string + description: user name + + tenant_name: + type: string + description: > + tenant_name is used to isolate access to cloud resources + + domain_name: + type: string + description: > + domain is to define the administrative boundaries for management + of Keystone entities + + region_name: + type: string + description: a logically separate section of the cluster + + rexray_preempt: + type: string + description: > + enables any host to take control of a volume irrespective of whether + other hosts are using the volume + default: "false" + + auth_url: + type: string + description: url for keystone + + slaves_to_remove: + type: comma_delimited_list + description: > + List of slaves to be removed when doing an update. Individual slave may + be referenced several ways: (1) The resource name (e.g.['1', '3']), + (2) The private IP address ['10.0.0.4', '10.0.0.6']. Note: the list should + be empty when doing a create. + default: [] + + wait_condition_timeout: + type: number + description: > + timeout for the Wait Conditions + default: 6000 + + password: + type: string + description: > + user password, not set in current implementation, only used to + fill in for DC/OS config file + default: + password + hidden: true + + ###################################################################### + # + # DC/OS parameters + # + + # cluster_name + + exhibitor_storage_backend: + type: string + default: "static" + + exhibitor_zk_hosts: + type: string + default: "" + + exhibitor_zk_path: + type: string + default: "" + + aws_access_key_id: + type: string + default: "" + + aws_region: + type: string + default: "" + + aws_secret_access_key: + type: string + default: "" + + exhibitor_explicit_keys: + type: string + default: "" + + s3_bucket: + type: string + default: "" + + s3_prefix: + type: string + default: "" + + exhibitor_azure_account_name: + type: string + default: "" + + exhibitor_azure_account_key: + type: string + default: "" + + exhibitor_azure_prefix: + type: string + default: "" + + # master_discovery default set to "static" + # If --master-lb-enabled is specified, + # master_discovery will be set to "master_http_loadbalancer" + master_discovery: + type: string + default: "static" + + # master_list + + # exhibitor_address + + # num_masters + + #################################################### + # Networking + + dcos_overlay_enable: + type: string + default: "" + constraints: + - allowed_values: + - "true" + - "false" + - "" + + dcos_overlay_config_attempts: + type: string + default: "" + + dcos_overlay_mtu: + type: string + default: "" + + dcos_overlay_network: + type: string + default: "" + + dns_search: + type: string + description: > + This parameter specifies a space-separated list of domains that + are tried when an unqualified domain is entered + default: "" + + # resolvers + + # use_proxy + + #################################################### + # Performance and Tuning + + check_time: + type: string + default: "true" + constraints: + - allowed_values: + - "true" + - "false" + + docker_remove_delay: + type: number + default: 1 + + gc_delay: + type: number + default: 2 + + log_directory: + type: string + default: "/genconf/logs" + + process_timeout: + type: number + default: 120 + + #################################################### + # Security And Authentication + + oauth_enabled: + type: string + default: "true" + constraints: + - allowed_values: + - "true" + - "false" + + telemetry_enabled: + type: string + default: "true" + constraints: + - allowed_values: + - "true" + - "false" + +resources: + + ###################################################################### + # + # Master SoftwareConfig. + # + + write_params_master: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: {get_file: fragments/write-heat-params.sh} + inputs: + - name: HTTP_PROXY + type: String + - name: HTTPS_PROXY + type: String + - name: NO_PROXY + type: String + - name: AUTH_URL + type: String + - name: USERNAME + type: String + - name: PASSWORD + type: String + - name: TENANT_NAME + type: String + - name: VOLUME_DRIVER + type: String + - name: REGION_NAME + type: String + - name: DOMAIN_NAME + type: String + - name: REXRAY_PREEMPT + type: String + - name: CLUSTER_NAME + type: String + - name: EXHIBITOR_STORAGE_BACKEND + type: String + - name: EXHIBITOR_ZK_HOSTS + type: String + - name: EXHIBITOR_ZK_PATH + type: String + - name: AWS_ACCESS_KEY_ID + type: String + - name: AWS_REGION + type: String + - name: AWS_SECRET_ACCESS_KEY + type: String + - name: EXHIBITOR_EXPLICIT_KEYS + type: String + - name: S3_BUCKET + type: String + - name: S3_PREFIX + type: String + - name: EXHIBITOR_AZURE_ACCOUNT_NAME + type: String + - name: EXHIBITOR_AZURE_ACCOUNT_KEY + type: String + - name: EXHIBITOR_AZURE_PREFIX + type: String + - name: MASTER_DISCOVERY + type: String + - name: MASTER_LIST + type: String + - name: EXHIBITOR_ADDRESS + type: String + - name: NUM_MASTERS + type: String + - name: DCOS_OVERLAY_ENABLE + type: String + - name: DCOS_OVERLAY_CONFIG_ATTEMPTS + type: String + - name: DCOS_OVERLAY_MTU + type: String + - name: DCOS_OVERLAY_NETWORK + type: String + - name: DNS_SEARCH + type: String + - name: RESOLVERS + type: String + - name: CHECK_TIME + type: String + - name: DOCKER_REMOVE_DELAY + type: String + - name: GC_DELAY + type: String + - name: LOG_DIRECTORY + type: String + - name: PROCESS_TIMEOUT + type: String + - name: OAUTH_ENABLED + type: String + - name: TELEMETRY_ENABLED + type: String + - name: ROLES + type: String + + ###################################################################### + # + # DC/OS configuration SoftwareConfig. + # Configuration files are readered and injected into instance. + # + + dcos_config: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: {get_file: fragments/configure-dcos.sh} + + ###################################################################### + # + # Master SoftwareDeployment. + # + + write_params_master_deployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + config: {get_resource: write_params_master} + servers: {get_attr: [dcos_masters, attributes, dcos_server_id]} + input_values: + HTTP_PROXY: {get_param: http_proxy} + HTTPS_PROXY: {get_param: https_proxy} + NO_PROXY: {get_param: no_proxy} + AUTH_URL: {get_param: auth_url} + USERNAME: {get_param: username} + PASSWORD: {get_param: password} + TENANT_NAME: {get_param: tenant_name} + VOLUME_DRIVER: {get_param: volume_driver} + REGION_NAME: {get_param: region_name} + DOMAIN_NAME: {get_param: domain_name} + REXRAY_PREEMPT: {get_param: rexray_preempt} + CLUSTER_NAME: {get_param: cluster_name} + EXHIBITOR_STORAGE_BACKEND: {get_param: exhibitor_storage_backend} + EXHIBITOR_ZK_HOSTS: {get_param: exhibitor_zk_hosts} + EXHIBITOR_ZK_PATH: {get_param: exhibitor_zk_path} + AWS_ACCESS_KEY_ID: {get_param: aws_access_key_id} + AWS_REGION: {get_param: aws_region} + AWS_SECRET_ACCESS_KEY: {get_param: aws_secret_access_key} + EXHIBITOR_EXPLICIT_KEYS: {get_param: exhibitor_explicit_keys} + S3_BUCKET: {get_param: s3_bucket} + S3_PREFIX: {get_param: s3_prefix} + EXHIBITOR_AZURE_ACCOUNT_NAME: {get_param: exhibitor_azure_account_name} + EXHIBITOR_AZURE_ACCOUNT_KEY: {get_param: exhibitor_azure_account_key} + EXHIBITOR_AZURE_PREFIX: {get_param: exhibitor_azure_prefix} + MASTER_DISCOVERY: {get_param: master_discovery} + MASTER_LIST: {list_join: [' ', {get_attr: [dcos_masters, dcos_master_ip]}]} + EXHIBITOR_ADDRESS: {get_attr: [dcos_masters, dcos_master_ip]} + NUM_MASTERS: {get_param: number_of_masters} + DCOS_OVERLAY_ENABLE: {get_param: dcos_overlay_enable} + DCOS_OVERLAY_CONFIG_ATTEMPTS: {get_param: dcos_overlay_config_attempts} + DCOS_OVERLAY_MTU: {get_param: dcos_overlay_mtu} + DCOS_OVERLAY_NETWORK: {get_param: dcos_overlay_network} + DNS_SEARCH: {get_param: dns_search} + RESOLVERS: {get_param: dns_nameserver} + CHECK_TIME: {get_param: check_time} + DOCKER_REMOVE_DELAY: {get_param: docker_remove_delay} + GC_DELAY: {get_param: gc_delay} + LOG_DIRECTORY: {get_param: log_directory} + PROCESS_TIMEOUT: {get_param: process_timeout} + OAUTH_ENABLED: {get_param: oauth_enabled} + TELEMETRY_ENABLED: {get_param: telemetry_enabled} + ROLES: master + + dcos_config_deployment: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: + - write_params_master_deployment + properties: + config: {get_resource: dcos_config} + servers: {get_attr: [dcos_masters, attributes, dcos_server_id]} + + ###################################################################### + # + # DC/OS masters. This is a resource group that will create + # <number_of_masters> masters. + # + + dcos_masters: + type: OS::Heat::ResourceGroup + properties: + count: {get_param: number_of_masters} + resource_def: + type: dcosmaster.yaml + properties: + ssh_key_name: {get_param: ssh_key_name} + server_image: {get_param: server_image} + master_flavor: {get_param: master_flavor} + external_network: {get_param: external_network} + fixed_network: "" + fixed_subnet: "" + secgroup_base_id: "" + secgroup_dcos_id: "" + api_pool_80_id: "" + api_pool_443_id: "" + api_pool_8080_id: "" + api_pool_5050_id: "" + api_pool_2181_id: "" + api_pool_8181_id: "" + + ###################################################################### + # + # DC/OS slaves. This is a resource group that will initially + # create <number_of_slaves> public or private slaves, + # and needs to be manually scaled. + # + + dcos_slaves: + type: OS::Heat::ResourceGroup + depends_on: + - dcos_masters + properties: + count: {get_param: number_of_slaves} + removal_policies: [{resource_list: {get_param: slaves_to_remove}}] + resource_def: + type: dcosslave.yaml + properties: + ssh_key_name: {get_param: ssh_key_name} + server_image: {get_param: server_image} + slave_flavor: {get_param: slave_flavor} + fixed_network: "" + fixed_subnet: "" + external_network: {get_param: external_network} + wait_condition_timeout: {get_param: wait_condition_timeout} + secgroup_base_id: "" + # DC/OS params + auth_url: {get_param: auth_url} + username: {get_param: username} + password: {get_param: password} + tenant_name: {get_param: tenant_name} + volume_driver: {get_param: volume_driver} + region_name: {get_param: region_name} + domain_name: {get_param: domain_name} + rexray_preempt: {get_param: rexray_preempt} + http_proxy: {get_param: http_proxy} + https_proxy: {get_param: https_proxy} + no_proxy: {get_param: no_proxy} + cluster_name: {get_param: cluster_name} + exhibitor_storage_backend: {get_param: exhibitor_storage_backend} + exhibitor_zk_hosts: {get_param: exhibitor_zk_hosts} + exhibitor_zk_path: {get_param: exhibitor_zk_path} + aws_access_key_id: {get_param: aws_access_key_id} + aws_region: {get_param: aws_region} + aws_secret_access_key: {get_param: aws_secret_access_key} + exhibitor_explicit_keys: {get_param: exhibitor_explicit_keys} + s3_bucket: {get_param: s3_bucket} + s3_prefix: {get_param: s3_prefix} + exhibitor_azure_account_name: {get_param: exhibitor_azure_account_name} + exhibitor_azure_account_key: {get_param: exhibitor_azure_account_key} + exhibitor_azure_prefix: {get_param: exhibitor_azure_prefix} + master_discovery: {get_param: master_discovery} + master_list: {list_join: [' ', {get_attr: [dcos_masters, dcos_master_ip]}]} + exhibitor_address: {get_attr: [dcos_masters, resource.0.dcos_master_external_ip]} + num_masters: {get_param: number_of_masters} + dcos_overlay_enable: {get_param: dcos_overlay_enable} + dcos_overlay_config_attempts: {get_param: dcos_overlay_config_attempts} + dcos_overlay_mtu: {get_param: dcos_overlay_mtu} + dcos_overlay_network: {get_param: dcos_overlay_network} + dns_search: {get_param: dns_search} + resolvers: {get_param: dns_nameserver} + check_time: {get_param: check_time} + docker_remove_delay: {get_param: docker_remove_delay} + gc_delay: {get_param: gc_delay} + log_directory: {get_param: log_directory} + process_timeout: {get_param: process_timeout} + oauth_enabled: {get_param: oauth_enabled} + telemetry_enabled: {get_param: telemetry_enabled} + +outputs: + + api_address: + value: {get_attr: [dcos_masters, resource.0.dcos_master_external_ip]} + description: > + This is the API endpoint of the DC/OS master. Use this to access + the DC/OS API from outside the cluster. + + dcos_master_private: + value: {get_attr: [dcos_masters, dcos_master_ip]} + description: > + This is a list of the "private" addresses of all the DC/OS masters. + + dcos_master: + value: {get_attr: [dcos_masters, dcos_master_external_ip]} + description: > + This is the "public" ip address of the DC/OS master server. Use this address to + log in to the DC/OS master via ssh or to access the DC/OS API + from outside the cluster. + + dcos_slaves_private: + value: {get_attr: [dcos_slaves, dcos_slave_ip]} + description: > + This is a list of the "private" addresses of all the DC/OS slaves. + + dcos_slaves: + value: {get_attr: [dcos_slaves, dcos_slave_external_ip]} + description: > + This is a list of the "public" addresses of all the DC/OS slaves. diff --git a/magnum/drivers/dcos_centos_v1/templates/dcosmaster.yaml b/magnum/drivers/dcos_centos_v1/templates/dcosmaster.yaml new file mode 100644 index 0000000000000000000000000000000000000000..e2a7c431bb16c4da07cdf60b6ade25b19206e897 --- /dev/null +++ b/magnum/drivers/dcos_centos_v1/templates/dcosmaster.yaml @@ -0,0 +1,96 @@ +heat_template_version: 2016-04-08 + +description: > + This is a nested stack that defines a single DC/OS master, This stack is + included by a ResourceGroup resource in the parent template + (dcoscluster.yaml). + +parameters: + + server_image: + type: string + description: glance image used to boot the server + + master_flavor: + type: string + description: flavor to use when booting the server + + ssh_key_name: + type: string + description: name of ssh key to be provisioned on our server + + external_network: + type: string + description: uuid/name of a network to use for floating ip addresses + + fixed_network: + type: string + description: Network from which to allocate fixed addresses. + + fixed_subnet: + type: string + description: Subnet from which to allocate fixed addresses. + + secgroup_base_id: + type: string + description: ID of the security group for base. + + secgroup_dcos_id: + type: string + description: ID of the security group for DC/OS master. + + api_pool_80_id: + type: string + description: ID of the load balancer pool of Http. + + api_pool_443_id: + type: string + description: ID of the load balancer pool of Https. + + api_pool_8080_id: + type: string + description: ID of the load balancer pool of Marathon. + + api_pool_5050_id: + type: string + description: ID of the load balancer pool of Mesos master. + + api_pool_2181_id: + type: string + description: ID of the load balancer pool of Zookeeper. + + api_pool_8181_id: + type: string + description: ID of the load balancer pool of Exhibitor. + +resources: + + ###################################################################### + # + # DC/OS master server. + # + + dcos-master: + type: OS::Nova::Server + properties: + image: {get_param: server_image} + flavor: {get_param: master_flavor} + key_name: {get_param: ssh_key_name} + user_data_format: SOFTWARE_CONFIG + metadata: + cern-services: false + +outputs: + + dcos_master_ip: + value: {get_attr: [dcos-master, first_address]} + description: > + This is the "private" address of the DC/OS master node. + dcos_master_external_ip: + value: {get_attr: [dcos-master, first_address]} + description: > + This is the "public" address of the DC/OS master node. + dcos_server_id: + value: {get_resource: dcos-master} + description: > + This is the logical id of the DC/OS master node. diff --git a/magnum/drivers/dcos_centos_v1/templates/dcosslave.yaml b/magnum/drivers/dcos_centos_v1/templates/dcosslave.yaml new file mode 100644 index 0000000000000000000000000000000000000000..9c166ae1e98abf506b97867a906934df1101d1a7 --- /dev/null +++ b/magnum/drivers/dcos_centos_v1/templates/dcosslave.yaml @@ -0,0 +1,314 @@ +heat_template_version: 2016-04-08 + +description: > + This is a nested stack that defines a single DC/OS slave, This stack is + included by a ResourceGroup resource in the parent template + (dcoscluster.yaml). + +parameters: + + server_image: + type: string + description: glance image used to boot the server + + slave_flavor: + type: string + description: flavor to use when booting the server + + ssh_key_name: + type: string + description: name of ssh key to be provisioned on our server + + external_network: + type: string + description: uuid/name of a network to use for floating ip addresses + + wait_condition_timeout: + type: number + description : > + timeout for the Wait Conditions + + http_proxy: + type: string + description: http proxy address for docker + + https_proxy: + type: string + description: https proxy address for docker + + no_proxy: + type: string + description: no proxies for docker + + auth_url: + type: string + description: > + url for DC/OS to authenticate before sending request + + username: + type: string + description: user name + + password: + type: string + description: > + user password, not set in current implementation, only used to + fill in for Kubernetes config file + hidden: true + + tenant_name: + type: string + description: > + tenant_name is used to isolate access to Compute resources + + volume_driver: + type: string + description: volume driver to use for container storage + + region_name: + type: string + description: A logically separate section of the cluster + + domain_name: + type: string + description: > + domain is to define the administrative boundaries for management + of Keystone entities + + fixed_network: + type: string + description: Network from which to allocate fixed addresses. + + fixed_subnet: + type: string + description: Subnet from which to allocate fixed addresses. + + secgroup_base_id: + type: string + description: ID of the security group for base. + + rexray_preempt: + type: string + description: > + enables any host to take control of a volume irrespective of whether + other hosts are using the volume + + ###################################################################### + # + # DC/OS parameters + # + cluster_name: + type: string + description: human readable name for the DC/OS cluster + default: my-cluster + + exhibitor_storage_backend: + type: string + + exhibitor_zk_hosts: + type: string + + exhibitor_zk_path: + type: string + + aws_access_key_id: + type: string + + aws_region: + type: string + + aws_secret_access_key: + type: string + + exhibitor_explicit_keys: + type: string + + s3_bucket: + type: string + + s3_prefix: + type: string + + exhibitor_azure_account_name: + type: string + + exhibitor_azure_account_key: + type: string + + exhibitor_azure_prefix: + type: string + + master_discovery: + type: string + + master_list: + type: string + + exhibitor_address: + type: string + default: 127.0.0.1 + + num_masters: + type: number + + dcos_overlay_enable: + type: string + + dcos_overlay_config_attempts: + type: string + + dcos_overlay_mtu: + type: string + + dcos_overlay_network: + type: string + + dns_search: + type: string + + resolvers: + type: string + + check_time: + type: string + + docker_remove_delay: + type: number + + gc_delay: + type: number + + log_directory: + type: string + + process_timeout: + type: number + + oauth_enabled: + type: string + + telemetry_enabled: + type: string + +resources: + + slave_wait_handle: + type: OS::Heat::WaitConditionHandle + + slave_wait_condition: + type: OS::Heat::WaitCondition + depends_on: dcos-slave + properties: + handle: {get_resource: slave_wait_handle} + timeout: {get_param: wait_condition_timeout} + + ##################################################################### + # + # software configs. these are components that are combined into + # a multipart MIME user-data archive. + # + + write_heat_params: + type: OS::Heat::SoftwareConfig + properties: + group: ungrouped + config: + str_replace: + template: {get_file: fragments/write-heat-params.sh} + params: + "$HTTP_PROXY": {get_param: http_proxy} + "$HTTPS_PROXY": {get_param: https_proxy} + "$NO_PROXY": {get_param: no_proxy} + "$AUTH_URL": {get_param: auth_url} + "$USERNAME": {get_param: username} + "$PASSWORD": {get_param: password} + "$TENANT_NAME": {get_param: tenant_name} + "$VOLUME_DRIVER": {get_param: volume_driver} + "$REGION_NAME": {get_param: region_name} + "$DOMAIN_NAME": {get_param: domain_name} + "$REXRAY_PREEMPT": {get_param: rexray_preempt} + "$CLUSTER_NAME": {get_param: cluster_name} + "$EXHIBITOR_STORAGE_BACKEND": {get_param: exhibitor_storage_backend} + "$EXHIBITOR_ZK_HOSTS": {get_param: exhibitor_zk_hosts} + "$EXHIBITOR_ZK_PATH": {get_param: exhibitor_zk_path} + "$AWS_ACCESS_KEY_ID": {get_param: aws_access_key_id} + "$AWS_REGION": {get_param: aws_region} + "$AWS_SECRET_ACCESS_KEY": {get_param: aws_secret_access_key} + "$EXHIBITOR_EXPLICIT_KEYS": {get_param: exhibitor_explicit_keys} + "$S3_BUCKET": {get_param: s3_bucket} + "$S3_PREFIX": {get_param: s3_prefix} + "$EXHIBITOR_AZURE_ACCOUNT_NAME": {get_param: exhibitor_azure_account_name} + "$EXHIBITOR_AZURE_ACCOUNT_KEY": {get_param: exhibitor_azure_account_key} + "$EXHIBITOR_AZURE_PREFIX": {get_param: exhibitor_azure_prefix} + "$MASTER_DISCOVERY": {get_param: master_discovery} + "$MASTER_LIST": {get_param: master_list} + "$EXHIBITOR_ADDRESS": {get_param: exhibitor_address} + "$NUM_MASTERS": {get_param: num_masters} + "$DCOS_OVERLAY_ENABLE": {get_param: dcos_overlay_enable} + "$DCOS_OVERLAY_CONFIG_ATTEMPTS": {get_param: dcos_overlay_config_attempts} + "$DCOS_OVERLAY_MTU": {get_param: dcos_overlay_mtu} + "$DCOS_OVERLAY_NETWORK": {get_param: dcos_overlay_network} + "$DNS_SEARCH": {get_param: dns_search} + "$RESOLVERS": {get_param: resolvers} + "$CHECK_TIME": {get_param: check_time} + "$DOCKER_REMOVE_DELAY": {get_param: docker_remove_delay} + "$GC_DELAY": {get_param: gc_delay} + "$LOG_DIRECTORY": {get_param: log_directory} + "$PROCESS_TIMEOUT": {get_param: process_timeout} + "$OAUTH_ENABLED": {get_param: oauth_enabled} + "$TELEMETRY_ENABLED": {get_param: telemetry_enabled} + "$ROLES": slave + + dcos_config: + type: OS::Heat::SoftwareConfig + properties: + group: ungrouped + config: {get_file: fragments/configure-dcos.sh} + + slave_wc_notify: + type: OS::Heat::SoftwareConfig + properties: + group: ungrouped + config: + str_replace: + template: | + #!/bin/bash -v + wc_notify --data-binary '{"status": "SUCCESS"}' + params: + wc_notify: {get_attr: [slave_wait_handle, curl_cli]} + + dcos_slave_init: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: write_heat_params} + - config: {get_resource: dcos_config} + - config: {get_resource: slave_wc_notify} + + ###################################################################### + # + # a single DC/OS slave. + # + + dcos-slave: + type: OS::Nova::Server + properties: + image: {get_param: server_image} + flavor: {get_param: slave_flavor} + key_name: {get_param: ssh_key_name} + user_data_format: RAW + user_data: {get_resource: dcos_slave_init} + metadata: + cern-services: false + +outputs: + + dcos_slave_ip: + value: {get_attr: [dcos-slave, first_address]} + description: > + This is the "private" address of the DC/OS slave node. + + dcos_slave_external_ip: + value: {get_attr: [dcos-slave, first_address]} + description: > + This is the "public" address of the DC/OS slave node. diff --git a/magnum/drivers/dcos_centos_v1/templates/fragments/configure-dcos.sh b/magnum/drivers/dcos_centos_v1/templates/fragments/configure-dcos.sh new file mode 100644 index 0000000000000000000000000000000000000000..b592982474ca6d3d1ccf16a2972626a7c6a4a9da --- /dev/null +++ b/magnum/drivers/dcos_centos_v1/templates/fragments/configure-dcos.sh @@ -0,0 +1,187 @@ +#!/bin/bash + +. /etc/sysconfig/heat-params + +GENCONF_SCRIPT_DIR=/opt/dcos + +sudo mkdir -p $GENCONF_SCRIPT_DIR/genconf +sudo chown -R centos $GENCONF_SCRIPT_DIR/genconf + +# Configure ip-detect +cat > $GENCONF_SCRIPT_DIR/genconf/ip-detect <<EOF +#!/usr/bin/env bash +set -o nounset -o errexit +export PATH=/usr/sbin:/usr/bin:\$PATH +echo \$(ip addr show eth0 | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | head -1) +EOF + +# Configure config.yaml +CONFIG_YAML_FILE=$GENCONF_SCRIPT_DIR/genconf/config.yaml + +#################################################### +# Cluster Setup + +# bootstrap_url is not configurable +echo "bootstrap_url: file://$GENCONF_SCRIPT_DIR/genconf/serve" > $CONFIG_YAML_FILE + +# cluster_name +echo "cluster_name: $CLUSTER_NAME" >> $CONFIG_YAML_FILE + +# exhibitor_storage_backend +if [ "static" == "$EXHIBITOR_STORAGE_BACKEND" ]; then + echo "exhibitor_storage_backend: static" >> $CONFIG_YAML_FILE +elif [ "zookeeper" == "$EXHIBITOR_STORAGE_BACKEND" ]; then + echo "exhibitor_storage_backend: zookeeper" >> $CONFIG_YAML_FILE + echo "exhibitor_zk_hosts: $EXHIBITOR_ZK_HOSTS" >> $CONFIG_YAML_FILE + echo "exhibitor_zk_path: $EXHIBITOR_ZK_PATH" >> $CONFIG_YAML_FILE +elif [ "aws_s3" == "$EXHIBITOR_STORAGE_BACKEND" ]; then + echo "exhibitor_storage_backend: aws_s3" >> $CONFIG_YAML_FILE + echo "aws_access_key_id: $AWS_ACCESS_KEY_ID" >> $CONFIG_YAML_FILE + echo "aws_region: $AWS_REGIION" >> $CONFIG_YAML_FILE + echo "aws_secret_access_key: $AWS_SECRET_ACCESS_KEY" >> $CONFIG_YAML_FILE + echo "exhibitor_explicit_keys: $EXHIBITOR_EXPLICIT_KEYS" >> $CONFIG_YAML_FILE + echo "s3_bucket: $S3_BUCKET" >> $CONFIG_YAML_FILE + echo "s3_prefix: $S3_PREFIX" >> $CONFIG_YAML_FILE +elif [ "azure" == "$EXHIBITOR_STORAGE_BACKEND" ]; then + echo "exhibitor_storage_backend: azure" >> $CONFIG_YAML_FILE + echo "exhibitor_azure_account_name: $EXHIBITOR_AZURE_ACCOUNT_NAME" >> $CONFIG_YAML_FILE + echo "exhibitor_azure_account_key: $EXHIBITOR_AZURE_ACCOUNT_KEY" >> $CONFIG_YAML_FILE + echo "exhibitor_azure_prefix: $EXHIBITOR_AZURE_PREFIX" >> $CONFIG_YAML_FILE +fi + +# master_discovery +if [ "static" == "$MASTER_DISCOVERY" ]; then + echo "master_discovery: static" >> $CONFIG_YAML_FILE + echo "master_list:" >> $CONFIG_YAML_FILE + for ip in $MASTER_LIST; do + echo "- ${ip}" >> $CONFIG_YAML_FILE + done +elif [ "master_http_loadbalancer" == "$MASTER_DISCOVERY" ]; then + echo "master_discovery: master_http_loadbalancer" >> $CONFIG_YAML_FILE + echo "exhibitor_address: $EXHIBITOR_ADDRESS" >> $CONFIG_YAML_FILE + echo "num_masters: $NUM_MASTERS" >> $CONFIG_YAML_FILE + echo "master_list:" >> $CONFIG_YAML_FILE + for ip in $MASTER_LIST; do + echo "- ${ip}" >> $CONFIG_YAML_FILE + done +fi + +#################################################### +# Networking + +# dcos_overlay_enable +if [ "false" == "$DCOS_OVERLAY_ENABLE" ]; then + echo "dcos_overlay_enable: false" >> $CONFIG_YAML_FILE +elif [ "true" == "$DCOS_OVERLAY_ENABLE" ]; then + echo "dcos_overlay_enable: true" >> $CONFIG_YAML_FILE + echo "dcos_overlay_config_attempts: $DCOS_OVERLAY_CONFIG_ATTEMPTS" >> $CONFIG_YAML_FILE + echo "dcos_overlay_mtu: $DCOS_OVERLAY_MTU" >> $CONFIG_YAML_FILE + echo "dcos_overlay_network:" >> $CONFIG_YAML_FILE + echo "$DCOS_OVERLAY_NETWORK" >> $CONFIG_YAML_FILE +fi + +# dns_search +if [ -n "$DNS_SEARCH" ]; then + echo "dns_search: $DNS_SEARCH" >> $CONFIG_YAML_FILE +fi + +# resolvers +echo "resolvers:" >> $CONFIG_YAML_FILE +for ip in $RESOLVERS; do +echo "- ${ip}" >> $CONFIG_YAML_FILE +done + +# use_proxy +if [ -n "$HTTP_PROXY" ] && [ -n "$HTTPS_PROXY" ]; then +echo "use_proxy: true" >> $CONFIG_YAML_FILE +echo "http_proxy: $HTTP_PROXY" >> $CONFIG_YAML_FILE +echo "https_proxy: $HTTPS_PROXY" >> $CONFIG_YAML_FILE +if [ -n "$NO_PROXY" ]; then + echo "no_proxy:" >> $CONFIG_YAML_FILE + for ip in $NO_PROXY; do + echo "- ${ip}" >> $CONFIG_YAML_FILE + done +fi +fi + +#################################################### +# Performance and Tuning + +# check_time +if [ "false" == "$CHECK_TIME" ]; then + echo "check_time: false" >> $CONFIG_YAML_FILE +fi + +# docker_remove_delay +if [ "1" != "$DOCKER_REMOVE_DELAY" ]; then + echo "docker_remove_delay: $DOCKER_REMOVE_DELAY" >> $CONFIG_YAML_FILE +fi + +# gc_delay +if [ "2" != "$GC_DELAY" ]; then + echo "gc_delay: $GC_DELAY" >> $CONFIG_YAML_FILE +fi + +# log_directory +if [ "/genconf/logs" != "$LOG_DIRECTORY" ]; then + echo "log_directory: $LOG_DIRECTORY" >> $CONFIG_YAML_FILE +fi + +# process_timeout +if [ "120" != "$PROCESS_TIMEOUT" ]; then + echo "process_timeout: $PROCESS_TIMEOUT" >> $CONFIG_YAML_FILE +fi + +#################################################### +# Security And Authentication + +# oauth_enabled +if [ "false" == "$OAUTH_ENABLED" ]; then + echo "oauth_enabled: false" >> $CONFIG_YAML_FILE +fi + +# telemetry_enabled +if [ "false" == "$TELEMETRY_ENABLED" ]; then + echo "telemetry_enabled: false" >> $CONFIG_YAML_FILE +fi + +#################################################### +# Rexray Configuration + +# NOTE: This feature is considered experimental: use it at your own risk. +# We might add, change, or delete any functionality as described in this document. +# See https://dcos.io/docs/1.8/usage/storage/external-storage/ +if [ "$VOLUME_DRIVER" == "rexray" ]; then + +if [ ${AUTH_URL##*/}=="v3" ]; then + extra_configs="domainName: $DOMAIN_NAME" +else + extra_configs="" +fi + + echo "rexray_config:" >> $CONFIG_YAML_FILE + echo " rexray:" >> $CONFIG_YAML_FILE + echo " modules:" >> $CONFIG_YAML_FILE + echo " default-admin:" >> $CONFIG_YAML_FILE + echo " host: tcp://127.0.0.1:61003" >> $CONFIG_YAML_FILE + echo " storageDrivers:" >> $CONFIG_YAML_FILE + echo " - openstack" >> $CONFIG_YAML_FILE + echo " volume:" >> $CONFIG_YAML_FILE + echo " mount:" >> $CONFIG_YAML_FILE + echo " preempt: $REXRAY_PREEMPT" >> $CONFIG_YAML_FILE + echo " openstack:" >> $CONFIG_YAML_FILE + echo " authUrl: $AUTH_URL" >> $CONFIG_YAML_FILE + echo " username: $USERNAME" >> $CONFIG_YAML_FILE + echo " password: $PASSWORD" >> $CONFIG_YAML_FILE + echo " tenantName: $TENANT_NAME" >> $CONFIG_YAML_FILE + echo " regionName: $REGION_NAME" >> $CONFIG_YAML_FILE + echo " availabilityZoneName: nova" >> $CONFIG_YAML_FILE + echo " $extra_configs" >> $CONFIG_YAML_FILE +fi + + +cd $GENCONF_SCRIPT_DIR +sudo bash $GENCONF_SCRIPT_DIR/dcos_generate_config.sh --genconf + +cd $GENCONF_SCRIPT_DIR/genconf/serve +sudo bash $GENCONF_SCRIPT_DIR/genconf/serve/dcos_install.sh --no-block-dcos-setup $ROLES diff --git a/magnum/drivers/dcos_centos_v1/templates/fragments/write-heat-params.sh b/magnum/drivers/dcos_centos_v1/templates/fragments/write-heat-params.sh new file mode 100644 index 0000000000000000000000000000000000000000..9f7284b7f68b3061b145a585e9f8361ff40d3fc1 --- /dev/null +++ b/magnum/drivers/dcos_centos_v1/templates/fragments/write-heat-params.sh @@ -0,0 +1,56 @@ +#!/bin/sh + +mkdir -p /etc/sysconfig +cat > /etc/sysconfig/heat-params <<EOF +HTTP_PROXY="$HTTP_PROXY" +HTTPS_PROXY="$HTTPS_PROXY" +NO_PROXY="$NO_PROXY" + +AUTH_URL="$AUTH_URL" +USERNAME="$USERNAME" +PASSWORD="$PASSWORD" +TENANT_NAME="$TENANT_NAME" +VOLUME_DRIVER="$VOLUME_DRIVER" +REGION_NAME="$REGION_NAME" +DOMAIN_NAME="$DOMAIN_NAME" +REXRAY_PREEMPT="$REXRAY_PREEMPT" + +CLUSTER_NAME="$CLUSTER_NAME" + +EXHIBITOR_STORAGE_BACKEND="$EXHIBITOR_STORAGE_BACKEND" +EXHIBITOR_ZK_HOSTS="$EXHIBITOR_ZK_HOSTS" +EXHIBITOR_ZK_PATH="$EXHIBITOR_ZK_PATH" +AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" +AWS_REGIION="$AWS_REGIION" +AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" +EXHIBITOR_EXPLICIT_KEYS="$EXHIBITOR_EXPLICIT_KEYS" +S3_BUCKET="$S3_BUCKET" +S3_PREFIX="$S3_PREFIX" +EXHIBITOR_AZURE_ACCOUNT_NAME="$EXHIBITOR_AZURE_ACCOUNT_NAME" +EXHIBITOR_AZURE_ACCOUNT_KEY="$EXHIBITOR_AZURE_ACCOUNT_KEY" +EXHIBITOR_AZURE_PREFIX="$EXHIBITOR_AZURE_PREFIX" + +MASTER_DISCOVERY="$MASTER_DISCOVERY" +MASTER_LIST="$MASTER_LIST" +EXHIBITOR_ADDRESS="$EXHIBITOR_ADDRESS" +NUM_MASTERS="$NUM_MASTERS" + +DCOS_OVERLAY_ENABLE="$DCOS_OVERLAY_ENABLE" +DCOS_OVERLAY_CONFIG_ATTEMPTS="$DCOS_OVERLAY_CONFIG_ATTEMPTS" +DCOS_OVERLAY_MTU="$DCOS_OVERLAY_MTU" +DCOS_OVERLAY_NETWORK="$DCOS_OVERLAY_NETWORK" + +DNS_SEARCH="$DNS_SEARCH" +RESOLVERS="$RESOLVERS" + +CHECK_TIME="$CHECK_TIME" +DOCKER_REMOVE_DELAY="$DOCKER_REMOVE_DELAY" +GC_DELAY="$GC_DELAY" +LOG_DIRECTORY="$LOG_DIRECTORY" +PROCESS_TIMEOUT="$PROCESS_TIMEOUT" + +OAUTH_ENABLED="$OAUTH_ENABLED" +TELEMETRY_ENABLED="$TELEMETRY_ENABLED" + +ROLES="$ROLES" +EOF diff --git a/magnum/drivers/dcos_centos_v1/templates/lb.yaml b/magnum/drivers/dcos_centos_v1/templates/lb.yaml new file mode 100644 index 0000000000000000000000000000000000000000..68481adea8ca5a88f230d9933fc9f95e07c4bb1e --- /dev/null +++ b/magnum/drivers/dcos_centos_v1/templates/lb.yaml @@ -0,0 +1,201 @@ +heat_template_version: 2014-10-16 + +parameters: + + fixed_subnet: + type: string + + external_network: + type: string + +resources: + # Admin Router is a customized Nginx that proxies all of the internal + # services on port 80 and 443 (if https is configured) + # See https://dcos.io/docs/1.8/administration/installing/custom/configuration-parameters/#-a-name-master-a-master_discovery + # If parameter is specified to master_http_loadbalancer, the + # load balancer must accept traffic on ports 8080, 5050, 80, and 443, + # and forward it to the same ports on the master + # + # Opening ports 2181 and 8181 are not mentioned in DC/OS document. + # When I create a cluster with load balancer, slave nodes will connect to + # some services in master nodes with the IP of load balancer, if the port + # is not open it will fail. + loadbalancer: + type: Magnum::Optional::Neutron::LBaaS::LoadBalancer + properties: + vip_subnet: {get_param: fixed_subnet} + + listener_80: + type: Magnum::Optional::Neutron::LBaaS::Listener + properties: + loadbalancer: {get_resource: loadbalancer} + protocol: HTTP + protocol_port: 80 + + pool_80: + type: Magnum::Optional::Neutron::LBaaS::Pool + properties: + lb_algorithm: ROUND_ROBIN + listener: {get_resource: listener_80} + protocol: HTTP + + monitor_80: + type: Magnum::Optional::Neutron::LBaaS::HealthMonitor + properties: + type: TCP + delay: 5 + max_retries: 5 + timeout: 5 + pool: { get_resource: pool_80 } + + listener_443: + depends_on: monitor_80 + type: Magnum::Optional::Neutron::LBaaS::Listener + properties: + loadbalancer: {get_resource: loadbalancer} + protocol: HTTPS + protocol_port: 443 + + pool_443: + type: Magnum::Optional::Neutron::LBaaS::Pool + properties: + lb_algorithm: ROUND_ROBIN + listener: {get_resource: listener_443} + protocol: HTTPS + + monitor_443: + type: Magnum::Optional::Neutron::LBaaS::HealthMonitor + properties: + type: TCP + delay: 5 + max_retries: 5 + timeout: 5 + pool: { get_resource: pool_443 } + + listener_8080: + depends_on: monitor_443 + type: Magnum::Optional::Neutron::LBaaS::Listener + properties: + loadbalancer: {get_resource: loadbalancer} + protocol: TCP + protocol_port: 8080 + + pool_8080: + type: Magnum::Optional::Neutron::LBaaS::Pool + properties: + lb_algorithm: ROUND_ROBIN + listener: {get_resource: listener_8080} + protocol: TCP + + monitor_8080: + type: Magnum::Optional::Neutron::LBaaS::HealthMonitor + properties: + type: TCP + delay: 5 + max_retries: 5 + timeout: 5 + pool: { get_resource: pool_8080 } + + listener_5050: + depends_on: monitor_8080 + type: Magnum::Optional::Neutron::LBaaS::Listener + properties: + loadbalancer: {get_resource: loadbalancer} + protocol: TCP + protocol_port: 5050 + + pool_5050: + type: Magnum::Optional::Neutron::LBaaS::Pool + properties: + lb_algorithm: ROUND_ROBIN + listener: {get_resource: listener_5050} + protocol: TCP + + monitor_5050: + type: Magnum::Optional::Neutron::LBaaS::HealthMonitor + properties: + type: TCP + delay: 5 + max_retries: 5 + timeout: 5 + pool: { get_resource: pool_5050 } + + listener_2181: + depends_on: monitor_5050 + type: Magnum::Optional::Neutron::LBaaS::Listener + properties: + loadbalancer: {get_resource: loadbalancer} + protocol: TCP + protocol_port: 2181 + + pool_2181: + type: Magnum::Optional::Neutron::LBaaS::Pool + properties: + lb_algorithm: ROUND_ROBIN + listener: {get_resource: listener_2181} + protocol: TCP + + monitor_2181: + type: Magnum::Optional::Neutron::LBaaS::HealthMonitor + properties: + type: TCP + delay: 5 + max_retries: 5 + timeout: 5 + pool: { get_resource: pool_2181 } + + listener_8181: + depends_on: monitor_2181 + type: Magnum::Optional::Neutron::LBaaS::Listener + properties: + loadbalancer: {get_resource: loadbalancer} + protocol: TCP + protocol_port: 8181 + + pool_8181: + type: Magnum::Optional::Neutron::LBaaS::Pool + properties: + lb_algorithm: ROUND_ROBIN + listener: {get_resource: listener_8181} + protocol: TCP + + monitor_8181: + type: Magnum::Optional::Neutron::LBaaS::HealthMonitor + properties: + type: TCP + delay: 5 + max_retries: 5 + timeout: 5 + pool: { get_resource: pool_8181 } + + floating: + type: Magnum::Optional::Neutron::LBaaS::FloatingIP + properties: + floating_network: {get_param: external_network} + port_id: {get_attr: [loadbalancer, vip_port_id]} + +outputs: + + pool_80_id: + value: {get_resource: pool_80} + + pool_443_id: + value: {get_resource: pool_443} + + pool_8080_id: + value: {get_resource: pool_8080} + + pool_5050_id: + value: {get_resource: pool_5050} + + pool_2181_id: + value: {get_resource: pool_2181} + + pool_8181_id: + value: {get_resource: pool_8181} + + address: + value: {get_attr: [loadbalancer, vip_address]} + + floating_address: + value: {get_attr: [floating, floating_ip_address]} diff --git a/magnum/drivers/dcos_centos_v1/templates/secgroup.yaml b/magnum/drivers/dcos_centos_v1/templates/secgroup.yaml new file mode 100644 index 0000000000000000000000000000000000000000..8bd60fbb663f88ac9cfc65b7d4ca241b4fa50bd2 --- /dev/null +++ b/magnum/drivers/dcos_centos_v1/templates/secgroup.yaml @@ -0,0 +1,115 @@ +heat_template_version: 2014-10-16 + +parameters: + +resources: + + ###################################################################### + # + # security groups. we need to permit network traffic of various + # sorts. + # The following is a list of ports used by internal DC/OS components, + # and their corresponding systemd unit. + # https://dcos.io/docs/1.8/administration/installing/ports/ + # + # The VIP features, added in DC/OS 1.8, require that ports 32768 - 65535 + # are open between all agent and master nodes for both TCP and UDP. + # https://dcos.io/docs/1.8/administration/upgrading/ + # + + secgroup_base: + type: OS::Neutron::SecurityGroup + properties: + rules: + - protocol: icmp + - protocol: tcp + port_range_min: 22 + port_range_max: 22 + - protocol: tcp + remote_mode: remote_group_id + - protocol: udp + remote_mode: remote_group_id + # All nodes + - protocol: tcp + port_range_min: 32768 + port_range_max: 65535 + # Master nodes + - protocol: tcp + port_range_min: 53 + port_range_max: 53 + - protocol: tcp + port_range_min: 1050 + port_range_max: 1050 + - protocol: tcp + port_range_min: 1801 + port_range_max: 1801 + - protocol: tcp + port_range_min: 7070 + port_range_max: 7070 + # dcos-oauth + - protocol: tcp + port_range_min: 8101 + port_range_max: 8101 + - protocol: tcp + port_range_min: 8123 + port_range_max: 8123 + - protocol: tcp + port_range_min: 9000 + port_range_max: 9000 + - protocol: tcp + port_range_min: 9942 + port_range_max: 9942 + - protocol: tcp + port_range_min: 9990 + port_range_max: 9990 + - protocol: tcp + port_range_min: 15055 + port_range_max: 15055 + - protocol: udp + port_range_min: 53 + port_range_max: 53 + - protocol: udp + port_range_min: 32768 + port_range_max: 65535 + + secgroup_dcos: + type: OS::Neutron::SecurityGroup + properties: + rules: + # Admin Router is a customized Nginx that proxies all of the internal + # services on port 80 and 443 (if https is configured) + # See https://github.com/dcos/adminrouter + # If parameter is specified to master_http_loadbalancer, the + # load balancer must accept traffic on ports 8080, 5050, 80, and 443, + # and forward it to the same ports on the master + # Admin Router http + - protocol: tcp + port_range_min: 80 + port_range_max: 80 + # Admin Router https + - protocol: tcp + port_range_min: 443 + port_range_max: 443 + # Marathon + - protocol: tcp + port_range_min: 8080 + port_range_max: 8080 + # Mesos master + - protocol: tcp + port_range_min: 5050 + port_range_max: 5050 + # Exhibitor + - protocol: tcp + port_range_min: 8181 + port_range_max: 8181 + # Zookeeper + - protocol: tcp + port_range_min: 2181 + port_range_max: 2181 +outputs: + + secgroup_base_id: + value: {get_resource: secgroup_base} + + secgroup_dcos_id: + value: {get_resource: secgroup_dcos} diff --git a/magnum/drivers/dcos_centos_v1/version.py b/magnum/drivers/dcos_centos_v1/version.py new file mode 100644 index 0000000000000000000000000000000000000000..35d1ccb6098747453d827debdeba73cb11345582 --- /dev/null +++ b/magnum/drivers/dcos_centos_v1/version.py @@ -0,0 +1,15 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +version = '1.0.0' +driver = 'dcos_centos_v1' +container_version = '1.11.2'