CentOS/RHEL7 support #410
CentOS/RHEL7 support #410
Conversation
| @@ -52,8 +52,8 @@ if [ ! -e /etc/pharos/pki/config.json ]; then | |||
| "${PEER_IP}" | |||
| ], | |||
| "key": { | |||
| "algo": "ecdsa", | |||
| "size": 256 | |||
| "algo": "rsa", | |||
There was a problem hiding this comment.
Had to switch to rsa because curl/nss cannot handle ecdsa.
| env | ||
|
|
||
| if [ ! -f /usr/local/bin/cfssl ]; then | ||
| curl -s -L -o /usr/local/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-${ARCH} |
There was a problem hiding this comment.
Probably should mirror cfssl binaries to pharos repo.
|
@jnummelin PTAL |
|
Upgrade path broken: |
Upgrade path is fixed now in #362, ofc needs also changes here. |
|
|
||
| module Pharos | ||
| module Host | ||
| class El7 < Configurer |
There was a problem hiding this comment.
This should also implement upgrade_kubeadm, not upgrade path fails with:
/Users/jussi/code/pharos-cluster/lib/pharos/host/configurer.rb:119:in `abstract_method!': This is an abstract base method. Implement in your subclass. (NotImplementedError)
from /Users/jussi/code/pharos-cluster/lib/pharos/host/configurer.rb:43:in `upgrade_kubeadm'
from /Users/jussi/code/pharos-cluster/lib/pharos/phases/upgrade_master.rb:30:in `upgrade_kubeadm'
from /Users/jussi/code/pharos-cluster/lib/pharos/phases/upgrade_master.rb:22:in `call'
...
There was a problem hiding this comment.
Yes, currently trying to find a way to upgrade just kubeadm with rpm...
|
@jnummelin PTAL |
There was a problem hiding this comment.
I'd love to see the versionlock things generalized. The install_kubelet "interface" is also bit weird, but not sure if it's something we'd wanna fix in this PR specifically as it's more general thing.
Upgrade path is pretty impossible to test as all previous kube versions on centos are pretty much broken with the cgroup bug.
examples/vagrant/centos7/Vagrantfile
Outdated
| vb.cpus = 1 | ||
| end | ||
|
|
||
| host.vm.network "private_network", ip: "192.168.100.#{i + 100}" |
There was a problem hiding this comment.
Just thinking if we could/should change the IPs for Centos boxes. It would allow to test centos / ubuntu on vagrant side-by-side.
| linefromfile "^0:kubectl-" $versionlock | ||
| linefromfile "^0:kubeadm-" $versionlock | ||
|
|
||
| yum install -y kubelet-${KUBE_VERSION} kubectl-${KUBE_VERSION} kubeadm-${KUBEADM_VERSION} |
There was a problem hiding this comment.
The script name, and the configurer interface actually too, is slightly misleading as we install all kube components here and not just kubelet.
There was a problem hiding this comment.
Do you have any suggestions for the interface name?
There was a problem hiding this comment.
install_kube_packages?
install_kube_components?
| fi | ||
|
|
||
| versionlock="/etc/yum/pluginconf.d/versionlock.list" | ||
| linefromfile "^0:kubeadm-" $versionlock |
There was a problem hiding this comment.
Could these versionlock things be put into something generically re-usable? Now we have these lines repeating all over the scripts. Maybe some helper func like yum_install <package> <version> that handles all these things.
I think the cgroup bug affects only subset of servers... at least for me it works in quite many environments (including Vagrant). And yes, I tested the upgrade path 😄 |
Requires #362
Fixes #198