kuryr_node: add support

Change-Id: Ia58fa2f020f8e51ddfff36de53b285a3a5051809
Signed-off-by: Antoni Segura Puimedon <celebdor@gmail.com>

playbooks/common/openshift-node/config.yml

@@ -90,6 +90,8 @@
     contiv_role: netplugin
     when: openshift.common.use_contiv | bool
   - role: nickhammond.logrotate
+  - role: kuryr_node
+    when: openshift.common.use_kuryr | bool
   - role: openshift_manage_node
     openshift_master_host: "{{ groups.oo_first_master.0 }}"
   tasks:

roles/kuryr_common/tasks/main.yaml

@@ -0,0 +1,11 @@
+---
+- name: Download delorean repos
+  become: yes
+  get_url:
+    url: "{{ item }}"
+    mode: 0644
+    dest: /etc/yum.repos.d
+  with_items:
+    - "https://trunk.rdoproject.org/centos7-master/current/delorean.repo"
+    - "https://trunk.rdoproject.org/centos7/delorean-deps.repo"
+

roles/kuryr_master/tasks/main.yaml

@@ -0,0 +1,26 @@
+---
+- name: Include common Kuryr role
+  include_role:
+    name: kuryr_common
+
+- name: Install Kuryr CNI
+  become: yes
+  yum:
+    name: openstack-kuryr-kubernetes-controller
+    state: present
+
+- name: Configure kuryr controller
+  become: yes
+  template:
+    src: kuryr.conf.j2
+    dest: /etc/kuryr/kuryr.conf
+    mode: 0640
+    owner: root
+    group: root
+
+- name: Get Kuryr controller started
+  become: yes
+  systemd:
+    name: kuryr-controller
+    state: started
+    enabled: yes

roles/kuryr_node/defaults/main.yml

@@ -0,0 +1,19 @@
+---
+# Kuryr conf directory
+kuryr_config_dir: /etc/kuryr
+
+# Whether to run the cni plugin in debug mode
+kuryr_cni_debug: "false"
+
+# The version of cni binaries
+cni_version: v0.5.1
+
+# Path to bin dir (where kuryr execs get installed)
+bin_dir: /usr/bin
+
+# Path to the cni binaries
+cni_bin_dir: /opt/cni/bin
+
+# URL for cni binaries
+cni_bin_url_base: "https://github.com/containernetworking/cni/releases/download/"
+cni_bin_url: "{{ cni_bin_url_base }}/{{ cni_version }}/cni-{{ cni_version }}.tgz"

roles/kuryr_node/files/99-loopback.conf

@@ -0,0 +1,4 @@
+{
+    "cniVersion": "0.3.0",
+    "type": "loopback"
+}

roles/kuryr_node/tasks/main.yaml

@@ -0,0 +1,93 @@
+---
+- name: Include common Kuryr role
+  include_role:
+    name: kuryr_common
+
+- name: Create CNI extraction tempdir
+  command: mktemp -d
+  register: cni_tmpdir
+
+- name: Download CNI
+  get_url:
+    url: "{{ cni_bin_url }}"
+    mode: 0644
+    dest: "{{ cni_tmpdir.stdout }}"
+  register: downloaded_tarball
+
+- name: Extract CNI
+  unarchive:
+    src: "{{ downloaded_tarball.dest }}"
+    dest:  "{{ cni_tmpdir.stdout }}"
+    remote_src: yes
+  when: downloaded_tarball.changed
+
+- name: Create CNI bin directory
+  file:
+    state: directory
+    path: "{{ cni_bin_dir }}"
+    mode: 0755
+    owner: root
+    group: root
+    recurse: yes
+
+- name: Get loopback cni plugin installed
+  copy:
+    src:  "{{ cni_tmpdir.stdout }}/loopback"
+    dest: "{{ cni_bin_dir }}/loopback"
+    remote_src: True
+    mode: 0755
+
+- name: Ensure CNI net.d exists
+  file:
+    path: /etc/cni/net.d
+    recurse: yes
+    state: directory
+
+- name: Install Kuryr CNI conf
+  become: yes
+  template:
+    src: 10-kuryr.conf.j2
+    dest: /etc/cni/net.d/10-kuryr.conf
+    mode: 0644
+    owner: root
+    group: root
+
+- name: Install Kuryr CNI
+  become: yes
+  yum: name=openstack-kuryr-kubernetes-cni state=present
+
+- name: Symlink Kuryr CNI binary to where K8s expects it
+  become: yes
+  file:
+    src: "{{ bin_dir }}/kuryr-cni"
+    dest: "{{ cni_bin_dir }}/kuryr-cni"
+    state: link
+    owner: root
+    group: root
+
+- name: Configure kuryr CNI
+  become: yes
+  template:
+    src: cni.conf.j2
+    dest: /etc/kuryr/cni.conf
+    mode: 0640
+    owner: root
+    group: root
+
+- name: Check for node config
+  stat: "path=/etc/sysconfig/{{ openshift.common.service_type }}-node"
+  register: node_config_check
+
+- name: Configure OpenShift node with disabled service proxy
+  lineinfile:
+    dest: "{{ node_config_check.stat.path }}"
+    regexp: '^OPTIONS="?(.*?)"?$'
+    backrefs: yes
+    backup: yes
+    line: 'OPTIONS="\1 --disable proxy"'
+  when: node_config_check.stat.isreg
+
+- name: force node restart to disable the proxy
+  service:
+    name: "{{ openshift.common.service_type }}-node"
+    state: restarted

roles/kuryr_node/templates/10-kuryr.conf.j2

@@ -0,0 +1,8 @@
+{
+  "cniVersion": "0.3.0",
+  "name": "kuryr",
+  "type": "kuryr-cni",
+  "kuryr_conf": "{{ kuryr_config_dir }}/cni.conf",
+  "debug": {{ kuryr_cni_debug }}
+}
+

roles/kuryr_node/templates/cni.conf.j2

@@ -0,0 +1,119 @@
+[DEFAULT]
+
+#
+# From kuryr_kubernetes
+#
+# If set to true, the logging level will be set to DEBUG instead of the default
+# INFO level. (boolean value)
+# Note: This option can be changed without restarting.
+#debug = false
+
+# The name of a logging configuration file. This file is appended to any
+# existing logging configuration files. For details about logging configuration
+# files, see the Python logging module documentation. Note that when logging
+# configuration files are used then all logging configuration is set in the
+# configuration file and other logging configuration options are ignored (for
+# example, logging_context_format_string). (string value)
+# Note: This option can be changed without restarting.
+# Deprecated group/name - [DEFAULT]/log_config
+#log_config_append = <None>
+
+# Defines the format string for %%(asctime)s in log records. Default:
+# %(default)s . This option is ignored if log_config_append is set. (string
+# value)
+#log_date_format = %Y-%m-%d %H:%M:%S
+
+# (Optional) Name of log file to send logging output to. If no default is set,
+# logging will go to stderr as defined by use_stderr. This option is ignored if
+# log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logfile
+log_file = /var/log/kuryr/cni.log
+
+# (Optional) The base directory used for relative log_file  paths. This option
+# is ignored if log_config_append is set. (string value)
+# Deprecated group/name - [DEFAULT]/logdir
+#log_dir = <None>
+
+# Uses logging handler designed to watch file system. When log file is moved or
+# removed this handler will open a new log file with specified path
+# instantaneously. It makes sense only if log_file option is specified and
+# Linux platform is used. This option is ignored if log_config_append is set.
+# (boolean value)
+#watch_log_file = false
+
+# Use syslog for logging. Existing syslog format is DEPRECATED and will be
+# changed later to honor RFC5424. This option is ignored if log_config_append
+# is set. (boolean value)
+#use_syslog = false
+
+# Syslog facility to receive log lines. This option is ignored if
+# log_config_append is set. (string value)
+#syslog_log_facility = LOG_USER
+
+# Log output to standard error. This option is ignored if log_config_append is
+# set. (boolean value)
+#use_stderr = true
+
+# Format string to use for log messages with context. (string value)
+#logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
+
+# Format string to use for log messages when context is undefined. (string
+# value)
+#logging_default_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s
+
+# Additional data to append to log message when logging level for the message
+# is DEBUG. (string value)
+#logging_debug_format_suffix = %(funcName)s %(pathname)s:%(lineno)d
+
+# Prefix each line of exception output with this format. (string value)
+#logging_exception_prefix = %(asctime)s.%(msecs)03d %(process)d ERROR %(name)s %(instance)s
+
+# Defines the format string for %(user_identity)s that is used in
+# logging_context_format_string. (string value)
+#logging_user_identity_format = %(user)s %(tenant)s %(domain)s %(user_domain)s %(project_domain)s
+
+# List of package logging levels in logger=LEVEL pairs. This option is ignored
+# if log_config_append is set. (list value)
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
+
+# Enables or disables publication of error events. (boolean value)
+#publish_errors = false
+
+# The format for an instance that is passed with the log message. (string
+# value)
+#instance_format = "[instance: %(uuid)s] "
+
+# The format for an instance UUID that is passed with the log message. (string
+# value)
+#instance_uuid_format = "[instance: %(uuid)s] "
+
+# Enables or disables fatal status of deprecations. (boolean value)
+#fatal_deprecations = false
+
+
+[binding]
+
+driver = kuryr.lib.binding.drivers.vlan
+link_iface = {{ kuryr_cni_link_interface }}
+
+[kubernetes]
+
+#
+# From kuryr_kubernetes
+#
+
+# The root URL of the Kubernetes API (string value)
+api_root = {{ openshift_node_master_api_url }}
+
+# Absolute path to client cert to connect to HTTPS K8S_API (string value)
+ssl_client_crt_file = {{ openshift.common.config_base }}/node/system:node:{{ openshift.common.hostname }}.cert
+
+# Absolute path client key file to connect to HTTPS K8S_API (string value)
+ssl_client_key_file = {{ openshift.common.config_base }}/node/system:node:{{ openshift.common.hostname }}.key
+
+# Absolute path to ca cert file to connect to HTTPS K8S_API (string value)
+ssl_ca_crt_file = {{ openshift.common.config_base }}/node/ca.crt
+
+# HTTPS K8S_API server identity verification (boolean value)
+# TODO (apuimedo): Make configurable
+ssl_verify_server_crt = True

roles/openshift_common/tasks/main.yml

@@ -46,6 +46,7 @@
       use_calico: "{{openshift_use_calico | default(None) }}"
       use_nuage: "{{ openshift_use_nuage | default(None) }}"
       use_contiv: "{{ openshift_use_contiv | default(None) }}"
+      use_kuryr: "{{ openshift_use_kuryr | default(None) }}"
       use_manageiq: "{{ openshift_use_manageiq | default(None) }}"
       data_dir: "{{ openshift_data_dir | default(None) }}"
       use_dnsmasq: "{{ openshift_use_dnsmasq | default(None) }}"

roles/openshift_facts/library/openshift_facts.py

@@ -521,6 +521,24 @@ def set_contiv_facts_if_unset(facts):
     return facts
 
 
+def set_kuryr_facts_if_unset(facts):
+    """ Set kuryr facts if not already present in facts dict
+            dict: the facts dict updated with the kuryr facts if
+            missing
+        Args:
+            facts (dict): existing facts
+        Returns:
+            dict: the facts dict updated with the kuryr
+            facts if they were not already present
+
+    """
+    if 'common' in facts:
+        if 'use_kuryr' not in facts['common']:
+            use_kuryr = False
+            facts['common']['use_kuryr'] = use_kuryr
+    return facts
+
+
 def set_node_schedulability(facts):
     """ Set schedulable facts if not already present in facts dict
         Args:
@@ -1976,6 +1994,7 @@ def generate_facts(self,
         facts = set_calico_facts_if_unset(facts)
         facts = set_nuage_facts_if_unset(facts)
         facts = set_contiv_facts_if_unset(facts)
+        facts = set_kuryr_facts_if_unset(facts)
         facts = set_node_schedulability(facts)
         facts = set_selectors(facts)
         facts = set_identity_providers_if_unset(facts)

roles/openshift_node/templates/node.yaml.v1.j2

@@ -50,9 +50,11 @@ servingInfo:
 {% endfor %}
 {% endif %}
 volumeDirectory: {{ openshift.common.data_dir }}/openshift.local.volumes
+{% if not openshift.common.use_kuryr | bool %}
 proxyArguments:
   proxy-mode:
      - {{ openshift.node.proxy_mode }}
+{% endif %}
 volumeConfig:
   localQuota:
     perFSGroup: {{ openshift.node.local_quota_per_fsgroup }}