Merge ca08724 into ed6d94b

Dockerfile

@@ -20,6 +20,7 @@ RUN pip install ./kqueen
 
 # Avoid Ssh issues with docker overlayfs and sockets
 ENV ANSIBLE_SSH_CONTROL_PATH /dev/shm/cp%%h-%%p-%%r
+ENV ANSIBLE_TIMEOUT 25
 ENV KQUEEN_KS_KUBESPRAY_PATH /code/kubespray
 ENV KQUEEN_KS_ANSIBLE_CMD /usr/local/bin/ansible
 ENV KQUEEN_KS_ANSIBLE_PLAYBOOK_CMD /usr/local/bin/ansible-playbook

kqueen/config/demo_mirantis.py

@@ -47,4 +47,4 @@ class Config(BaseConfig):
     POD_INFRA_IMAGE_REPO = 'docker-prod-local.docker.mirantis.net/mirantis/kubernetes/pause-amd64'
     POD_INFRA_IMAGE_TAG = 'v1.10.4-4'
 
-    KS_DEFAULT_NAMESERVERS = "172.18.80.136"
+    KS_DEFAULT_NAMESERVERS = "172.18.176.6"

kqueen/engines/openstack_kubespray.py

@@ -20,6 +20,9 @@
 logger = logging.getLogger("kqueen_api")
 config = current_config()
 
+MASTER_SECURITY_GR = "kqueen master"
+COMMON_SECURITY_GR = "kqueen common"
+
 
 class OpenstackKubesprayEngine(BaseEngine):
     """OpenStack Kubespray engine.
@@ -596,7 +599,7 @@ def _run_ansible(self, inventory="hosts.json", playbook="cluster.yml"):
             "--extra-vars", "docker_dns_servers_strict=no",
         ]
         env = self._construct_env()
-        self.ansible_log = os.path.join(self._get_cluster_path(), "ansible_log.txt")
+        self.ansible_log = os.path.join(self._get_cluster_path(), "ansible_log_for_{0}_playbook.txt".format(playbook))
         with open(self.ansible_log, "a+") as log_file:
             pipe = subprocess.Popen(
                 args,
@@ -703,14 +706,18 @@ def provision(self):
         router = self.c.create_router(name=self.stack_name,
                                       ext_gateway_net_id=self.meta['ext_net'].id)
         self.c.add_router_interface(router, subnet["id"])
+        master_sg, common_sg = self._set_up_security_groups()
         resources["router_id"] = router["id"]
         resources["network_id"] = network["id"]
         resources["subnet_id"] = subnet["id"]
         for master in self._boot_servers(name=self.stack_name,
                                          servers_range=range(self.meta["master_count"]),
                                          image=self.meta['image'],
                                          flavor=self.meta['master_flavor'],
-                                         network=network):
+                                         network=network,
+                                         sg=["default", master_sg.name, common_sg.name]):
+            if master.status == 'ERROR':
+                raise RuntimeError('Could not spawn the instance. Check Openstack logs')
             fip = self.c.create_floating_ip("public", server=master)
             resources["masters"].append({
                 "id": master.id,
@@ -724,7 +731,10 @@ def provision(self):
                                         image=self.meta['image'],
                                         flavor=self.meta['slave_flavor'],
                                         network=network,
-                                        add_random_suffix=True):
+                                        add_random_suffix=True,
+                                        sg=["default", common_sg.name]):
+            if slave.status == 'ERROR':
+                raise RuntimeError('Could not spawn the instance. Check Openstack logs')
             resources["slaves"].append({
                 "id": slave.id,
                 "ip": list(slave.addresses.values())[0][0]["addr"],
@@ -807,7 +817,39 @@ def _get_userdata(self):
         }
         return "#cloud-config\n" + yaml.dump(userdata)
 
-    def _boot_servers(self, *, name, servers_range, image, flavor, network,
+    def _set_up_security_groups(self):
+        master_sg = self.c.get_security_group(MASTER_SECURITY_GR)
+        if not master_sg:
+            master_sg = self.c.create_security_group(name=MASTER_SECURITY_GR,
+                                                     description="Kqueen master")
+            # etcd server client API
+            self.c.create_security_group_rule(master_sg.id, protocol="tcp",
+                                              port_range_min="2379",
+                                              port_range_max="2380")
+            # k8s API
+            self.c.create_security_group_rule(master_sg.id, protocol="tcp",
+                                              port_range_min="6443",
+                                              port_range_max="6443")
+            # Calico
+            self.c.create_security_group_rule(master_sg.id, protocol="tcp",
+                                              port_range_min="179",
+                                              port_range_max="179")
+
+        common_sg = self.c.get_security_group(COMMON_SECURITY_GR)
+        if not common_sg:
+            common_sg = self.c.create_security_group(name=COMMON_SECURITY_GR,
+                                                     description="Kqueen common")
+            # Kubelet API
+            self.c.create_security_group_rule(common_sg.id, protocol="tcp",
+                                              port_range_min="10250",
+                                              port_range_max="10255")
+            # NodePort Services
+            self.c.create_security_group_rule(common_sg.id, protocol="tcp",
+                                              port_range_min="30000",
+                                              port_range_max="32767")
+        return master_sg, common_sg
+
+    def _boot_servers(self, *, name, servers_range, image, flavor, network, sg,
                       add_random_suffix=False):
         server_ids = []
         for i in servers_range:
@@ -822,6 +864,7 @@ def _boot_servers(self, *, name, servers_range, image, flavor, network,
                 network=network,
                 availability_zone=self.os_kwargs.get("availability_zone", "nova"),
                 key_name=self.cluster.metadata["ssh_key_name"],
+                security_groups=sg
             )
             server_ids.append(server.id)
         retries = 50

setup.py

@@ -15,7 +15,7 @@
     'pytest',
     'pytest-cov',
     'pytest-env',
-    'pytest-flask',
+    'pytest-flask==0.11.0',
     'pytest-ordering',
 ]