New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CentOS/RHEL7 support #410
CentOS/RHEL7 support #410
Conversation
@@ -52,8 +52,8 @@ if [ ! -e /etc/pharos/pki/config.json ]; then | |||
"${PEER_IP}" | |||
], | |||
"key": { | |||
"algo": "ecdsa", | |||
"size": 256 | |||
"algo": "rsa", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Had to switch to rsa
because curl/nss cannot handle ecdsa
.
env | ||
|
||
if [ ! -f /usr/local/bin/cfssl ]; then | ||
curl -s -L -o /usr/local/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-${ARCH} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably should mirror cfssl
binaries to pharos repo.
@jnummelin PTAL |
Upgrade path broken:
|
Upgrade path is fixed now in #362, ofc needs also changes here. |
|
||
module Pharos | ||
module Host | ||
class El7 < Configurer |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should also implement upgrade_kubeadm
, not upgrade path fails with:
/Users/jussi/code/pharos-cluster/lib/pharos/host/configurer.rb:119:in `abstract_method!': This is an abstract base method. Implement in your subclass. (NotImplementedError)
from /Users/jussi/code/pharos-cluster/lib/pharos/host/configurer.rb:43:in `upgrade_kubeadm'
from /Users/jussi/code/pharos-cluster/lib/pharos/phases/upgrade_master.rb:30:in `upgrade_kubeadm'
from /Users/jussi/code/pharos-cluster/lib/pharos/phases/upgrade_master.rb:22:in `call'
...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, currently trying to find a way to upgrade just kubeadm
with rpm...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
@jnummelin PTAL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd love to see the versionlock things generalized. The install_kubelet
"interface" is also bit weird, but not sure if it's something we'd wanna fix in this PR specifically as it's more general thing.
Upgrade path is pretty impossible to test as all previous kube versions on centos are pretty much broken with the cgroup bug.
examples/vagrant/centos7/Vagrantfile
Outdated
vb.cpus = 1 | ||
end | ||
|
||
host.vm.network "private_network", ip: "192.168.100.#{i + 100}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just thinking if we could/should change the IPs for Centos boxes. It would allow to test centos / ubuntu on vagrant side-by-side.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
linefromfile "^0:kubectl-" $versionlock | ||
linefromfile "^0:kubeadm-" $versionlock | ||
|
||
yum install -y kubelet-${KUBE_VERSION} kubectl-${KUBE_VERSION} kubeadm-${KUBEADM_VERSION} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The script name, and the configurer interface actually too, is slightly misleading as we install all kube components here and not just kubelet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you have any suggestions for the interface name?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
install_kube_packages
?
install_kube_components
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
fi | ||
|
||
versionlock="/etc/yum/pluginconf.d/versionlock.list" | ||
linefromfile "^0:kubeadm-" $versionlock |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could these versionlock things be put into something generically re-usable? Now we have these lines repeating all over the scripts. Maybe some helper func like yum_install <package> <version>
that handles all these things.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed.
I think the cgroup bug affects only subset of servers... at least for me it works in quite many environments (including Vagrant). And yes, I tested the upgrade path 😄 |
Requires #362
Fixes #198