[ceph.git] / ceph / qa / tasks / kubeadm.py

"""
Kubernetes cluster task, deployed via kubeadm
"""
import argparse
import contextlib
import ipaddress
import json
import logging
import random
import yaml
from io import BytesIO

from teuthology import misc as teuthology
from teuthology import contextutil
from teuthology.config import config as teuth_config
from teuthology.orchestra import run

log = logging.getLogger(__name__)


def _kubectl(ctx, config, args, **kwargs):
    cluster_name = config['cluster']
    ctx.kubeadm[cluster_name].bootstrap_remote.run(
        args=['kubectl'] + args,
        **kwargs,
    )


def kubectl(ctx, config):
    if isinstance(config, str):
        config = [config]
    assert isinstance(config, list)
    for c in config:
        if isinstance(c, str):
            _kubectl(ctx, config, c.split(' '))
        else:
            _kubectl(ctx, config, c)


@contextlib.contextmanager
def preflight(ctx, config):
    run.wait(
        ctx.cluster.run(
            args=[
                'sudo', 'modprobe', 'br_netfilter',
                run.Raw('&&'),
                'sudo', 'sysctl', 'net.bridge.bridge-nf-call-ip6tables=1',
                run.Raw('&&'),
                'sudo', 'sysctl', 'net.bridge.bridge-nf-call-iptables=1',
                run.Raw('&&'),
                'sudo', 'sysctl', 'net.ipv4.ip_forward=1',
                run.Raw('&&'),
                'sudo', 'swapoff', '-a',
            ],
            wait=False,
        )
    )

    # set docker cgroup driver = systemd
    #  see https://kubernetes.io/docs/setup/production-environment/container-runtimes/#docker
    #  see https://github.com/kubernetes/kubeadm/issues/2066
    for remote in ctx.cluster.remotes.keys():
        try:
            orig = remote.read_file('/etc/docker/daemon.json', sudo=True)
            j = json.loads(orig)
        except Exception as e:
            log.info(f'Failed to pull old daemon.json: {e}')
            j = {}
        j["exec-opts"] = ["native.cgroupdriver=systemd"]
        j["log-driver"] = "json-file"
        j["log-opts"] = {"max-size": "100m"}
        j["storage-driver"] = "overlay2"
        remote.write_file('/etc/docker/daemon.json', json.dumps(j), sudo=True)
    run.wait(
        ctx.cluster.run(
            args=[
                'sudo', 'systemctl', 'restart', 'docker',
                run.Raw('||'),
                'true',
            ],
            wait=False,
        )
    )
    yield


@contextlib.contextmanager
def kubeadm_install(ctx, config):
    version = config.get('version', '1.21')

    os_type = teuthology.get_distro(ctx)
    os_version = teuthology.get_distro_version(ctx)

    try:
        if os_type in ['centos', 'rhel']:
            os = f"CentOS_{os_version.split('.')[0]}"
            log.info('Installing cri-o')
            run.wait(
                ctx.cluster.run(
                    args=[
                        'sudo',
                        'curl', '-L', '-o',
                        '/etc/yum.repos.d/devel:kubic:libcontainers:stable.repo',
                        f'https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{os}/devel:kubic:libcontainers:stable.repo',
                        run.Raw('&&'),
                        'sudo',
                        'curl', '-L', '-o',
                        f'/etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:{version}.repo',
                        f'https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{version}/{os}/devel:kubic:libcontainers:stable:cri-o:{version}.repo',
                        run.Raw('&&'),
                        'sudo', 'dnf', 'install', '-y', 'cri-o',
                    ],
                    wait=False,
                )
            )

            log.info('Installing kube{adm,ctl,let}')
            repo = """[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
"""
            for remote in ctx.cluster.remotes.keys():
                remote.write_file(
                    '/etc/yum.repos.d/kubernetes.repo',
                    repo,
                    sudo=True,
                )
            run.wait(
                ctx.cluster.run(
                    args=[
                        'sudo', 'dnf', 'install', '-y',
                        'kubelet', 'kubeadm', 'kubectl',
                        'iproute-tc', 'bridge-utils',
                    ],
                    wait=False,
                )
            )

            # fix cni config
            for remote in ctx.cluster.remotes.keys():
                conf = """# from https://github.com/cri-o/cri-o/blob/master/tutorials/kubernetes.md#flannel-network
{
    "name": "crio",
    "type": "flannel"
}
"""
                remote.write_file('/etc/cni/net.d/10-crio-flannel.conf', conf, sudo=True)
                remote.run(args=[
                    'sudo', 'rm', '-f',
                    '/etc/cni/net.d/87-podman-bridge.conflist',
                    '/etc/cni/net.d/100-crio-bridge.conf',
                ])

            # start crio
            run.wait(
                ctx.cluster.run(
                    args=[
                        'sudo', 'systemctl', 'daemon-reload',
                        run.Raw('&&'),
                        'sudo', 'systemctl', 'enable', 'crio', '--now',
                    ],
                    wait=False,
                )
            )

        elif os_type == 'ubuntu':
            os = f"xUbuntu_{os_version}"
            log.info('Installing kube{adm,ctl,let}')
            run.wait(
                ctx.cluster.run(
                    args=[
                        'sudo', 'apt', 'update',
                        run.Raw('&&'),
                        'sudo', 'apt', 'install', '-y',
                        'apt-transport-https', 'ca-certificates', 'curl',
                        run.Raw('&&'),
                        'sudo', 'curl', '-fsSLo',
                        '/usr/share/keyrings/kubernetes-archive-keyring.gpg',
                        'https://packages.cloud.google.com/apt/doc/apt-key.gpg',
                        run.Raw('&&'),
                        'echo', 'deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main',
                        run.Raw('|'),
                        'sudo', 'tee', '/etc/apt/sources.list.d/kubernetes.list',
                        run.Raw('&&'),
                        'sudo', 'apt', 'update',
                        run.Raw('&&'),
                        'sudo', 'apt', 'install', '-y',
                        'kubelet', 'kubeadm', 'kubectl',
                        'bridge-utils',
                    ],
                    wait=False,
                )
            )

        else:
            raise RuntimeError(f'unsupported distro {os_type} for cri-o')

        run.wait(
            ctx.cluster.run(
                args=[
                    'sudo', 'systemctl', 'enable', '--now', 'kubelet',
                    run.Raw('&&'),
                    'sudo', 'kubeadm', 'config', 'images', 'pull',
                ],
                wait=False,
            )
        )

        yield

    finally:
        if config.get('uninstall', True):
            log.info('Uninstalling kube{adm,let,ctl}')
            if os_type in ['centos', 'rhel']:
                run.wait(
                    ctx.cluster.run(
                        args=[
                            'sudo', 'rm', '-f',
                            '/etc/yum.repos.d/kubernetes.repo',
                            run.Raw('&&'),
                            'sudo', 'dnf', 'remove', '-y',
                            'kubeadm', 'kubelet', 'kubectl', 'cri-o',
                        ],
                        wait=False
                    )
                )
            elif os_type == 'ubuntu' and False:
                run.wait(
                    ctx.cluster.run(
                        args=[
                            'sudo', 'rm', '-f',
                            '/etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list',
                            f'/etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:{version}.list',
                            '/etc/apt/trusted.gpg.d/libcontainers-cri-o.gpg',
                            run.Raw('&&'),
                            'sudo', 'apt', 'remove', '-y',
                            'kkubeadm', 'kubelet', 'kubectl', 'cri-o', 'cri-o-runc',
                        ],
                        wait=False,
                    )
                )


@contextlib.contextmanager
def kubeadm_init_join(ctx, config):
    cluster_name = config['cluster']

    bootstrap_remote = None
    remotes = {}      # remote -> ip
    for remote, roles in ctx.cluster.remotes.items():
        for role in roles:
            if role.startswith('host.'):
                if not bootstrap_remote:
                    bootstrap_remote = remote
                if remote not in remotes:
                    remotes[remote] = remote.ssh.get_transport().getpeername()[0]
    if not bootstrap_remote:
        raise RuntimeError('must define at least one host.something role')
    ctx.kubeadm[cluster_name].bootstrap_remote = bootstrap_remote
    ctx.kubeadm[cluster_name].remotes = remotes
    ctx.kubeadm[cluster_name].token = 'abcdef.' + ''.join([
        random.choice('0123456789abcdefghijklmnopqrstuvwxyz') for _ in range(16)
    ])
    log.info(f'Token: {ctx.kubeadm[cluster_name].token}')
    log.info(f'Remotes: {ctx.kubeadm[cluster_name].remotes}')

    try:
        # init
        cmd = [
            'sudo', 'kubeadm', 'init',
            '--node-name', ctx.kubeadm[cluster_name].bootstrap_remote.shortname,
            '--token', ctx.kubeadm[cluster_name].token,
            '--pod-network-cidr', str(ctx.kubeadm[cluster_name].pod_subnet),
        ]
        bootstrap_remote.run(args=cmd)

        # join additional nodes
        joins = []
        for remote, ip in ctx.kubeadm[cluster_name].remotes.items():
            if remote == bootstrap_remote:
                continue
            cmd = [
                'sudo', 'kubeadm', 'join',
                ctx.kubeadm[cluster_name].remotes[ctx.kubeadm[cluster_name].bootstrap_remote] + ':6443',
                '--node-name', remote.shortname,
                '--token', ctx.kubeadm[cluster_name].token,
                '--discovery-token-unsafe-skip-ca-verification',
            ]
            joins.append(remote.run(args=cmd, wait=False))
        run.wait(joins)
        yield

    except Exception as e:
        log.exception(e)
        raise

    finally:
        log.info('Cleaning up node')
        run.wait(
            ctx.cluster.run(
                args=['sudo', 'kubeadm', 'reset', 'cleanup-node', '-f'],
                wait=False,
            )
        )


@contextlib.contextmanager
def kubectl_config(ctx, config):
    cluster_name = config['cluster']
    bootstrap_remote = ctx.kubeadm[cluster_name].bootstrap_remote

    ctx.kubeadm[cluster_name].admin_conf = \
        bootstrap_remote.read_file('/etc/kubernetes/admin.conf', sudo=True)

    log.info('Setting up kubectl')
    try:
        ctx.cluster.run(args=[
            'mkdir', '-p', '.kube',
            run.Raw('&&'),
            'sudo', 'mkdir', '-p', '/root/.kube',
        ])
        for remote in ctx.kubeadm[cluster_name].remotes.keys():
            remote.write_file('.kube/config', ctx.kubeadm[cluster_name].admin_conf)
            remote.sudo_write_file('/root/.kube/config',
                                   ctx.kubeadm[cluster_name].admin_conf)
        yield

    except Exception as e:
        log.exception(e)
        raise

    finally:
        log.info('Deconfiguring kubectl')
        ctx.cluster.run(args=[
            'rm', '-rf', '.kube',
            run.Raw('&&'),
            'sudo', 'rm', '-rf', '/root/.kube',
        ])


def map_vnet(mip):
    for mapping in teuth_config.get('vnet', []):
        mnet = ipaddress.ip_network(mapping['machine_subnet'])
        vnet = ipaddress.ip_network(mapping['virtual_subnet'])
        if vnet.prefixlen >= mnet.prefixlen:
            log.error(f"virtual_subnet {vnet} prefix >= machine_subnet {mnet} prefix")
            return None
        if mip in mnet:
            pos = list(mnet.hosts()).index(mip)
            log.info(f"{mip} is in {mnet} at pos {pos}")
            sub = list(vnet.subnets(32 - mnet.prefixlen))[pos]
            return sub
    return None


@contextlib.contextmanager
def allocate_pod_subnet(ctx, config):
    """
    Allocate a private subnet that will not collide with other test machines/clusters
    """
    cluster_name = config['cluster']
    assert cluster_name == 'kubeadm', 'multiple subnets not yet implemented'

    log.info('Identifying pod subnet')
    remote = list(ctx.cluster.remotes.keys())[0]
    ip = remote.ssh.get_transport().getpeername()[0]
    mip = ipaddress.ip_address(ip)
    vnet = map_vnet(mip)
    assert vnet
    log.info(f'Pod subnet: {vnet}')
    ctx.kubeadm[cluster_name].pod_subnet = vnet
    yield


@contextlib.contextmanager
def pod_network(ctx, config):
    cluster_name = config['cluster']
    pnet = config.get('pod_network', 'calico')
    if pnet == 'flannel':
        r = ctx.kubeadm[cluster_name].bootstrap_remote.run(
            args=[
                'curl',
                'https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml',
            ],
            stdout=BytesIO(),
        )
        assert r.exitstatus == 0
        flannel = list(yaml.load_all(r.stdout.getvalue(), Loader=yaml.FullLoader))
        for o in flannel:
            if o.get('data', {}).get('net-conf.json'):
                log.info(f'Updating {o}')
                o['data']['net-conf.json'] = o['data']['net-conf.json'].replace(
                    '10.244.0.0/16',
                    str(ctx.kubeadm[cluster_name].pod_subnet)
                )
                log.info(f'Now {o}')
        flannel_yaml = yaml.dump_all(flannel)
        log.debug(f'Flannel:\n{flannel_yaml}')
        _kubectl(ctx, config, ['apply', '-f', '-'], stdin=flannel_yaml)

    elif pnet == 'calico':
        _kubectl(ctx, config, [
            'create', '-f',
            'https://docs.projectcalico.org/manifests/tigera-operator.yaml'
        ])
        cr = {
            'apiVersion': 'operator.tigera.io/v1',
            'kind': 'Installation',
            'metadata': {'name': 'default'},
            'spec': {
                'calicoNetwork': {
                    'ipPools': [
                        {
                            'blockSize': 26,
                            'cidr': str(ctx.kubeadm[cluster_name].pod_subnet),
                            'encapsulation': 'IPIPCrossSubnet',
                            'natOutgoing': 'Enabled',
                            'nodeSelector': 'all()',
                        }
                    ]
                }
            }
        }
        _kubectl(ctx, config, ['create', '-f', '-'], stdin=yaml.dump(cr))

    else:
        raise RuntimeError(f'unrecognized pod_network {pnet}')

    try:
        yield

    finally:
        if pnet == 'flannel':
            _kubectl(ctx, config, [
                'delete', '-f',
                'https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml',
            ])

        elif pnet == 'calico':
            _kubectl(ctx, config, ['delete', 'installation', 'default'])
            _kubectl(ctx, config, [
                'delete', '-f',
                'https://docs.projectcalico.org/manifests/tigera-operator.yaml'
            ])


@contextlib.contextmanager
def setup_pvs(ctx, config):
    """
    Create PVs for all scratch LVs and set up a trivial provisioner
    """
    log.info('Scanning for scratch devices')
    crs = []
    for remote in ctx.cluster.remotes.keys():
        ls = remote.read_file('/scratch_devs').decode('utf-8').strip().splitlines()
        log.info(f'Scratch devices on {remote.shortname}: {ls}')
        for dev in ls:
            devname = dev.split('/')[-1].replace("_", "-")
            crs.append({
                'apiVersion': 'v1',
                'kind': 'PersistentVolume',
                'metadata': {'name': f'{remote.shortname}-{devname}'},
                'spec': {
                    'volumeMode': 'Block',
                    'accessModes': ['ReadWriteOnce'],
                    'capacity': {'storage': '100Gi'},  # doesn't matter?
                    'persistentVolumeReclaimPolicy': 'Retain',
                    'storageClassName': 'scratch',
                    'local': {'path': dev},
                    'nodeAffinity': {
                        'required': {
                            'nodeSelectorTerms': [
                                {
                                    'matchExpressions': [
                                        {
                                            'key': 'kubernetes.io/hostname',
                                            'operator': 'In',
                                            'values': [remote.shortname]
                                        }
                                    ]
                                }
                            ]
                        }
                    }
                }
            })
            # overwriting first few MB is enough to make k8s happy
            remote.run(args=[
                'sudo', 'dd', 'if=/dev/zero', f'of={dev}', 'bs=1M', 'count=10'
            ])
    crs.append({
        'kind': 'StorageClass',
        'apiVersion': 'storage.k8s.io/v1',
        'metadata': {'name': 'scratch'},
        'provisioner': 'kubernetes.io/no-provisioner',
        'volumeBindingMode': 'WaitForFirstConsumer',
    })
    y = yaml.dump_all(crs)
    log.info('Creating PVs + StorageClass')
    log.debug(y)
    _kubectl(ctx, config, ['create', '-f', '-'], stdin=y)

    yield


@contextlib.contextmanager
def final(ctx, config):
    cluster_name = config['cluster']

    # remove master node taint
    _kubectl(ctx, config, [
        'taint', 'node',
        ctx.kubeadm[cluster_name].bootstrap_remote.shortname,
        'node-role.kubernetes.io/master-',
        run.Raw('||'),
        'true',
    ])

    yield


@contextlib.contextmanager
def task(ctx, config):
    if not config:
        config = {}
    assert isinstance(config, dict), \
        "task only supports a dictionary for configuration"

    log.info('Kubeadm start')

    overrides = ctx.config.get('overrides', {})
    teuthology.deep_merge(config, overrides.get('kubeadm', {}))
    log.info('Config: ' + str(config))

    # set up cluster context
    if not hasattr(ctx, 'kubeadm'):
        ctx.kubeadm = {}
    if 'cluster' not in config:
        config['cluster'] = 'kubeadm'
    cluster_name = config['cluster']
    if cluster_name not in ctx.kubeadm:
        ctx.kubeadm[cluster_name] = argparse.Namespace()

    with contextutil.nested(
            lambda: preflight(ctx, config),
            lambda: allocate_pod_subnet(ctx, config),
            lambda: kubeadm_install(ctx, config),
            lambda: kubeadm_init_join(ctx, config),
            lambda: kubectl_config(ctx, config),
            lambda: pod_network(ctx, config),
            lambda: setup_pvs(ctx, config),
            lambda: final(ctx, config),
    ):
        try:
            log.info('Kubeadm complete, yielding')
            yield

        finally:
            log.info('Tearing down kubeadm')
Commit	Line	Data
b3b6e05e TL	1	"""
	2	Kubernetes cluster task, deployed via kubeadm
	3	"""
	4	import argparse
	5	import contextlib
	6	import ipaddress
20effc67	7	import json
b3b6e05e TL	8	import logging
	9	import random
	10	import yaml
	11	from io import BytesIO
	12
	13	from teuthology import misc as teuthology
	14	from teuthology import contextutil
	15	from teuthology.config import config as teuth_config
	16	from teuthology.orchestra import run
	17
	18	log = logging.getLogger(__name__)
	19
	20
	21	def _kubectl(ctx, config, args, **kwargs):
	22	cluster_name = config['cluster']
	23	ctx.kubeadm[cluster_name].bootstrap_remote.run(
	24	args=['kubectl'] + args,
	25	**kwargs,
	26	)
	27
	28
	29	def kubectl(ctx, config):
	30	if isinstance(config, str):
	31	config = [config]
	32	assert isinstance(config, list)
	33	for c in config:
	34	if isinstance(c, str):
	35	_kubectl(ctx, config, c.split(' '))
	36	else:
	37	_kubectl(ctx, config, c)
	38
	39
	40	@contextlib.contextmanager
	41	def preflight(ctx, config):
	42	run.wait(
	43	ctx.cluster.run(
	44	args=[
	45	'sudo', 'modprobe', 'br_netfilter',
	46	run.Raw('&&'),
	47	'sudo', 'sysctl', 'net.bridge.bridge-nf-call-ip6tables=1',
	48	run.Raw('&&'),
	49	'sudo', 'sysctl', 'net.bridge.bridge-nf-call-iptables=1',
	50	run.Raw('&&'),
	51	'sudo', 'sysctl', 'net.ipv4.ip_forward=1',
	52	run.Raw('&&'),
	53	'sudo', 'swapoff', '-a',
	54	],
	55	wait=False,
	56	)
	57	)
a4b75251 TL	58
	59	# set docker cgroup driver = systemd
	60	# see https://kubernetes.io/docs/setup/production-environment/container-runtimes/#docker
	61	# see https://github.com/kubernetes/kubeadm/issues/2066
a4b75251	62	for remote in ctx.cluster.remotes.keys():
20effc67 TL	63	try:
	64	orig = remote.read_file('/etc/docker/daemon.json', sudo=True)
	65	j = json.loads(orig)
	66	except Exception as e:
	67	log.info(f'Failed to pull old daemon.json: {e}')
	68	j = {}
	69	j["exec-opts"] = ["native.cgroupdriver=systemd"]
	70	j["log-driver"] = "json-file"
	71	j["log-opts"] = {"max-size": "100m"}
	72	j["storage-driver"] = "overlay2"
	73	remote.write_file('/etc/docker/daemon.json', json.dumps(j), sudo=True)
a4b75251 TL	74	run.wait(
	75	ctx.cluster.run(
	76	args=[
	77	'sudo', 'systemctl', 'restart', 'docker',
	78	run.Raw('\|\|'),
	79	'true',
	80	],
	81	wait=False,
	82	)
	83	)
b3b6e05e TL	84	yield
	85
	86
	87	@contextlib.contextmanager
	88	def kubeadm_install(ctx, config):
	89	version = config.get('version', '1.21')
	90
	91	os_type = teuthology.get_distro(ctx)
	92	os_version = teuthology.get_distro_version(ctx)
	93
	94	try:
	95	if os_type in ['centos', 'rhel']:
	96	os = f"CentOS_{os_version.split('.')[0]}"
	97	log.info('Installing cri-o')
	98	run.wait(
	99	ctx.cluster.run(
	100	args=[
	101	'sudo',
	102	'curl', '-L', '-o',
	103	'/etc/yum.repos.d/devel:kubic:libcontainers:stable.repo',
	104	f'https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{os}/devel:kubic:libcontainers:stable.repo',
	105	run.Raw('&&'),
	106	'sudo',
	107	'curl', '-L', '-o',
	108	f'/etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:{version}.repo',
	109	f'https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{version}/{os}/devel:kubic:libcontainers:stable:cri-o:{version}.repo',
	110	run.Raw('&&'),
	111	'sudo', 'dnf', 'install', '-y', 'cri-o',
	112	],
	113	wait=False,
	114	)
	115	)
	116
	117	log.info('Installing kube{adm,ctl,let}')
	118	repo = """[kubernetes]
	119	name=Kubernetes
	120	baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-$basearch
	121	enabled=1
	122	gpgcheck=1
	123	repo_gpgcheck=1
	124	gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
	125	"""
	126	for remote in ctx.cluster.remotes.keys():
	127	remote.write_file(
	128	'/etc/yum.repos.d/kubernetes.repo',
	129	repo,
	130	sudo=True,
	131	)
	132	run.wait(
	133	ctx.cluster.run(
	134	args=[
	135	'sudo', 'dnf', 'install', '-y',
	136	'kubelet', 'kubeadm', 'kubectl',
	137	'iproute-tc', 'bridge-utils',
	138	],
	139	wait=False,
	140	)
	141	)
	142
	143	# fix cni config
	144	for remote in ctx.cluster.remotes.keys():
	145	conf = """# from https://github.com/cri-o/cri-o/blob/master/tutorials/kubernetes.md#flannel-network
	146	{
	147	"name": "crio",
148	"type": "flannel"
149	}
150	"""
151	remote.write_file('/etc/cni/net.d/10-crio-flannel.conf', conf, sudo=True)
152	remote.run(args=[
153	'sudo', 'rm', '-f',
154	'/etc/cni/net.d/87-podman-bridge.conflist',
155	'/etc/cni/net.d/100-crio-bridge.conf',
156	])
157
158	# start crio
159	run.wait(
160	ctx.cluster.run(
161	args=[
162	'sudo', 'systemctl', 'daemon-reload',
163	run.Raw('&&'),
164	'sudo', 'systemctl', 'enable', 'crio', '--now',
165	],
166	wait=False,
167	)
168	)
169
170	elif os_type == 'ubuntu':
171	os = f"xUbuntu_{os_version}"
172	log.info('Installing kube{adm,ctl,let}')
173	run.wait(
174	ctx.cluster.run(
175	args=[
176	'sudo', 'apt', 'update',
177	run.Raw('&&'),
178	'sudo', 'apt', 'install', '-y',
179	'apt-transport-https', 'ca-certificates', 'curl',
180	run.Raw('&&'),
181	'sudo', 'curl', '-fsSLo',
182	'/usr/share/keyrings/kubernetes-archive-keyring.gpg',
183	'https://packages.cloud.google.com/apt/doc/apt-key.gpg',
184	run.Raw('&&'),
185	'echo', 'deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main',
186	run.Raw('\|'),
187	'sudo', 'tee', '/etc/apt/sources.list.d/kubernetes.list',
188	run.Raw('&&'),
189	'sudo', 'apt', 'update',
190	run.Raw('&&'),
191	'sudo', 'apt', 'install', '-y',
192	'kubelet', 'kubeadm', 'kubectl',
193	'bridge-utils',
194	],
195	wait=False,
196	)
197	)
198
199	else:
200	raise RuntimeError(f'unsupported distro {os_type} for cri-o')
201
202	run.wait(
203	ctx.cluster.run(
204	args=[
205	'sudo', 'systemctl', 'enable', '--now', 'kubelet',
206	run.Raw('&&'),
207	'sudo', 'kubeadm', 'config', 'images', 'pull',
208	],
209	wait=False,
210	)
211	)
212
213	yield
214
215	finally:
216	if config.get('uninstall', True):
217	log.info('Uninstalling kube{adm,let,ctl}')
218	if os_type in ['centos', 'rhel']:
219	run.wait(
220	ctx.cluster.run(
221	args=[
222	'sudo', 'rm', '-f',
223	'/etc/yum.repos.d/kubernetes.repo',
224	run.Raw('&&'),
225	'sudo', 'dnf', 'remove', '-y',
226	'kubeadm', 'kubelet', 'kubectl', 'cri-o',
227	],
228	wait=False
229	)
230	)
231	elif os_type == 'ubuntu' and False:
232	run.wait(
233	ctx.cluster.run(
234	args=[
235	'sudo', 'rm', '-f',
236	'/etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list',
237	f'/etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:{version}.list',
238	'/etc/apt/trusted.gpg.d/libcontainers-cri-o.gpg',
239	run.Raw('&&'),
240	'sudo', 'apt', 'remove', '-y',
241	'kkubeadm', 'kubelet', 'kubectl', 'cri-o', 'cri-o-runc',
242	],
243	wait=False,
244	)
245	)
246
247
248	@contextlib.contextmanager
249	def kubeadm_init_join(ctx, config):
250	cluster_name = config['cluster']
251
252	bootstrap_remote = None
253	remotes = {} # remote -> ip
254	for remote, roles in ctx.cluster.remotes.items():
255	for role in roles:
256	if role.startswith('host.'):
257	if not bootstrap_remote:
258	bootstrap_remote = remote
259	if remote not in remotes:
260	remotes[remote] = remote.ssh.get_transport().getpeername()[0]
261	if not bootstrap_remote:
262	raise RuntimeError('must define at least one host.something role')
263	ctx.kubeadm[cluster_name].bootstrap_remote = bootstrap_remote
264	ctx.kubeadm[cluster_name].remotes = remotes
265	ctx.kubeadm[cluster_name].token = 'abcdef.' + ''.join([
266	random.choice('0123456789abcdefghijklmnopqrstuvwxyz') for _ in range(16)
267	])
268	log.info(f'Token: {ctx.kubeadm[cluster_name].token}')
269	log.info(f'Remotes: {ctx.kubeadm[cluster_name].remotes}')
270
271	try:
272	# init
273	cmd = [
274	'sudo', 'kubeadm', 'init',
275	'--node-name', ctx.kubeadm[cluster_name].bootstrap_remote.shortname,
276	'--token', ctx.kubeadm[cluster_name].token,
277	'--pod-network-cidr', str(ctx.kubeadm[cluster_name].pod_subnet),
278	]
279	bootstrap_remote.run(args=cmd)
280
281	# join additional nodes
282	joins = []
283	for remote, ip in ctx.kubeadm[cluster_name].remotes.items():
284	if remote == bootstrap_remote:
285	continue
286	cmd = [
287	'sudo', 'kubeadm', 'join',
288	ctx.kubeadm[cluster_name].remotes[ctx.kubeadm[cluster_name].bootstrap_remote] + ':6443',
289	'--node-name', remote.shortname,
290	'--token', ctx.kubeadm[cluster_name].token,
291	'--discovery-token-unsafe-skip-ca-verification',
292	]
293	joins.append(remote.run(args=cmd, wait=False))
294	run.wait(joins)
295	yield
296
297	except Exception as e:
298	log.exception(e)
299	raise
300
301	finally:
302	log.info('Cleaning up node')
303	run.wait(
304	ctx.cluster.run(
305	args=['sudo', 'kubeadm', 'reset', 'cleanup-node', '-f'],
306	wait=False,
307	)
308	)
309
310
311	@contextlib.contextmanager
312	def kubectl_config(ctx, config):
313	cluster_name = config['cluster']
314	bootstrap_remote = ctx.kubeadm[cluster_name].bootstrap_remote
315
316	ctx.kubeadm[cluster_name].admin_conf = \
317	bootstrap_remote.read_file('/etc/kubernetes/admin.conf', sudo=True)
318
319	log.info('Setting up kubectl')
320	try:
321	ctx.cluster.run(args=[
322	'mkdir', '-p', '.kube',
323	run.Raw('&&'),
324	'sudo', 'mkdir', '-p', '/root/.kube',
325	])
326	for remote in ctx.kubeadm[cluster_name].remotes.keys():
327	remote.write_file('.kube/config', ctx.kubeadm[cluster_name].admin_conf)
328	remote.sudo_write_file('/root/.kube/config',
329	ctx.kubeadm[cluster_name].admin_conf)
330	yield
331
332	except Exception as e:
333	log.exception(e)
334	raise
335
336	finally:
337	log.info('Deconfiguring kubectl')
338	ctx.cluster.run(args=[
339	'rm', '-rf', '.kube',
340	run.Raw('&&'),
341	'sudo', 'rm', '-rf', '/root/.kube',
342	])
343
344
345	def map_vnet(mip):
346	for mapping in teuth_config.get('vnet', []):
347	mnet = ipaddress.ip_network(mapping['machine_subnet'])
348	vnet = ipaddress.ip_network(mapping['virtual_subnet'])
349	if vnet.prefixlen >= mnet.prefixlen:
350	log.error(f"virtual_subnet {vnet} prefix >= machine_subnet {mnet} prefix")
351	return None
352	if mip in mnet:
353	pos = list(mnet.hosts()).index(mip)
354	log.info(f"{mip} is in {mnet} at pos {pos}")
355	sub = list(vnet.subnets(32 - mnet.prefixlen))[pos]
356	return sub
357	return None
358
359
360	@contextlib.contextmanager
361	def allocate_pod_subnet(ctx, config):
362	"""
363	Allocate a private subnet that will not collide with other test machines/clusters
364	"""
365	cluster_name = config['cluster']
366	assert cluster_name == 'kubeadm', 'multiple subnets not yet implemented'
367
368	log.info('Identifying pod subnet')
369	remote = list(ctx.cluster.remotes.keys())[0]
370	ip = remote.ssh.get_transport().getpeername()[0]
371	mip = ipaddress.ip_address(ip)
372	vnet = map_vnet(mip)
373	assert vnet
374	log.info(f'Pod subnet: {vnet}')
375	ctx.kubeadm[cluster_name].pod_subnet = vnet
376	yield
377
378
379	@contextlib.contextmanager
380	def pod_network(ctx, config):
381	cluster_name = config['cluster']
382	pnet = config.get('pod_network', 'calico')
383	if pnet == 'flannel':
384	r = ctx.kubeadm[cluster_name].bootstrap_remote.run(
385	args=[
386	'curl',
387	'https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml',
388	],
389	stdout=BytesIO(),
390	)
391	assert r.exitstatus == 0
392	flannel = list(yaml.load_all(r.stdout.getvalue(), Loader=yaml.FullLoader))
393	for o in flannel:
394	if o.get('data', {}).get('net-conf.json'):
395	log.info(f'Updating {o}')
396	o['data']['net-conf.json'] = o['data']['net-conf.json'].replace(
397	'10.244.0.0/16',
398	str(ctx.kubeadm[cluster_name].pod_subnet)
399	)
400	log.info(f'Now {o}')
401	flannel_yaml = yaml.dump_all(flannel)
402	log.debug(f'Flannel:\n{flannel_yaml}')
403	_kubectl(ctx, config, ['apply', '-f', '-'], stdin=flannel_yaml)
404
405	elif pnet == 'calico':
406	_kubectl(ctx, config, [
39ae355f	407	'create', '-f',
b3b6e05e TL	408	'https://docs.projectcalico.org/manifests/tigera-operator.yaml'
	409	])
	410	cr = {
	411	'apiVersion': 'operator.tigera.io/v1',
	412	'kind': 'Installation',
	413	'metadata': {'name': 'default'},
	414	'spec': {
	415	'calicoNetwork': {
	416	'ipPools': [
	417	{
	418	'blockSize': 26,
	419	'cidr': str(ctx.kubeadm[cluster_name].pod_subnet),
20effc67	420	'encapsulation': 'IPIPCrossSubnet',
b3b6e05e TL	421	'natOutgoing': 'Enabled',
	422	'nodeSelector': 'all()',
	423	}
	424	]
	425	}
	426	}
	427	}
	428	_kubectl(ctx, config, ['create', '-f', '-'], stdin=yaml.dump(cr))
	429
	430	else:
	431	raise RuntimeError(f'unrecognized pod_network {pnet}')
	432
	433	try:
	434	yield
	435
	436	finally:
	437	if pnet == 'flannel':
	438	_kubectl(ctx, config, [
	439	'delete', '-f',
	440	'https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml',
	441	])
	442
	443	elif pnet == 'calico':
	444	_kubectl(ctx, config, ['delete', 'installation', 'default'])
	445	_kubectl(ctx, config, [
	446	'delete', '-f',
	447	'https://docs.projectcalico.org/manifests/tigera-operator.yaml'
	448	])
	449
	450
	451	@contextlib.contextmanager
	452	def setup_pvs(ctx, config):
	453	"""
	454	Create PVs for all scratch LVs and set up a trivial provisioner
	455	"""
	456	log.info('Scanning for scratch devices')
	457	crs = []
	458	for remote in ctx.cluster.remotes.keys():
	459	ls = remote.read_file('/scratch_devs').decode('utf-8').strip().splitlines()
	460	log.info(f'Scratch devices on {remote.shortname}: {ls}')
	461	for dev in ls:
	462	devname = dev.split('/')[-1].replace("_", "-")
	463	crs.append({
	464	'apiVersion': 'v1',
	465	'kind': 'PersistentVolume',
	466	'metadata': {'name': f'{remote.shortname}-{devname}'},
	467	'spec': {
	468	'volumeMode': 'Block',
	469	'accessModes': ['ReadWriteOnce'],
	470	'capacity': {'storage': '100Gi'}, # doesn't matter?
20effc67	471	'persistentVolumeReclaimPolicy': 'Retain',
b3b6e05e TL	472	'storageClassName': 'scratch',
	473	'local': {'path': dev},
	474	'nodeAffinity': {
	475	'required': {
	476	'nodeSelectorTerms': [
	477	{
	478	'matchExpressions': [
	479	{
	480	'key': 'kubernetes.io/hostname',
	481	'operator': 'In',
	482	'values': [remote.shortname]
	483	}
	484	]
	485	}
	486	]
	487	}
	488	}
	489	}
	490	})
	491	# overwriting first few MB is enough to make k8s happy
	492	remote.run(args=[
	493	'sudo', 'dd', 'if=/dev/zero', f'of={dev}', 'bs=1M', 'count=10'
	494	])
	495	crs.append({
	496	'kind': 'StorageClass',
	497	'apiVersion': 'storage.k8s.io/v1',
	498	'metadata': {'name': 'scratch'},
	499	'provisioner': 'kubernetes.io/no-provisioner',
	500	'volumeBindingMode': 'WaitForFirstConsumer',
	501	})
	502	y = yaml.dump_all(crs)
	503	log.info('Creating PVs + StorageClass')
	504	log.debug(y)
	505	_kubectl(ctx, config, ['create', '-f', '-'], stdin=y)
	506
	507	yield
	508
	509
	510	@contextlib.contextmanager
	511	def final(ctx, config):
	512	cluster_name = config['cluster']
	513
	514	# remove master node taint
	515	_kubectl(ctx, config, [
	516	'taint', 'node',
	517	ctx.kubeadm[cluster_name].bootstrap_remote.shortname,
	518	'node-role.kubernetes.io/master-',
	519	run.Raw('\|\|'),
	520	'true',
	521	])
	522
	523	yield
	524
	525
	526	@contextlib.contextmanager
	527	def task(ctx, config):
	528	if not config:
	529	config = {}
	530	assert isinstance(config, dict), \
	531	"task only supports a dictionary for configuration"
	532
	533	log.info('Kubeadm start')
	534
	535	overrides = ctx.config.get('overrides', {})
536	teuthology.deep_merge(config, overrides.get('kubeadm', {}))
537	log.info('Config: ' + str(config))
538
539	# set up cluster context
540	if not hasattr(ctx, 'kubeadm'):
541	ctx.kubeadm = {}
542	if 'cluster' not in config:
543	config['cluster'] = 'kubeadm'
544	cluster_name = config['cluster']
545	if cluster_name not in ctx.kubeadm:
546	ctx.kubeadm[cluster_name] = argparse.Namespace()
547
548	with contextutil.nested(
549	lambda: preflight(ctx, config),
550	lambda: allocate_pod_subnet(ctx, config),
551	lambda: kubeadm_install(ctx, config),
552	lambda: kubeadm_init_join(ctx, config),
553	lambda: kubectl_config(ctx, config),
554	lambda: pod_network(ctx, config),
555	lambda: setup_pvs(ctx, config),
556	lambda: final(ctx, config),
557	):
558	try:
559	log.info('Kubeadm complete, yielding')
560	yield
561
562	finally:
563	log.info('Tearing down kubeadm')