Prepare the node for dynamic bootstrapping

Remove any overlapping master implications from the node role for now.

The node now uses /usr/bin/openshift-node to generate the config into
kubelet flags and launch the kubelet.

roles/openshift_node/defaults/main.yml

@@ -119,20 +119,17 @@ l_is_openvswitch_system_container: "{{ (openshift_use_openvswitch_system_contain
 openshift_image_tag: ''
 
 default_r_openshift_node_image_prep_packages:
-- "{{ openshift_service_type }}-master"
 - "{{ openshift_service_type }}-node"
 - "{{ openshift_service_type }}-docker-excluder"
-- "{{ openshift_service_type }}-sdn-ovs"
 - ansible
-- openvswitch
+- bash-completion
 - docker
-- etcd
 - haproxy
 - dnsmasq
 - ntp
 - logrotate
 - httpd-tools
-- bind
+- bind-utils
 - firewalld
 - libselinux-python
 - conntrack-tools
@@ -142,27 +139,15 @@ default_r_openshift_node_image_prep_packages:
 - python-dbus
 - PyYAML
 - yum-utils
-# gluster
 - glusterfs-fuse
 - device-mapper-multipath
-# nfs
 - nfs-utils
-- flannel
-- bash-completion
-# cockpit
 - cockpit-ws
 - cockpit-system
 - cockpit-bridge
 - cockpit-docker
-# iscsi
 - iscsi-initiator-utils
-# ceph
 - ceph-common
-# systemcontainer
-# - runc
-# - container-selinux
-# - atomic
-#
 r_openshift_node_image_prep_packages: "{{ default_r_openshift_node_image_prep_packages | union(openshift_node_image_prep_packages | default([])) }}"
 
 openshift_node_bootstrap: False

roles/openshift_node/files/openshift-node

@@ -0,0 +1,18 @@
+#!/bin/sh
+
+# This launches the Kubelet by converting the node configuration into kube flags.
+
+set -euo pipefail
+
+if ! [[ -f /etc/origin/node/client-ca.crt ]]; then
+  if [[ -f /etc/origin/node/bootstrap.kubeconfig ]]; then
+    oc config --config=/etc/origin/node/bootstrap.kubeconfig view --raw --minify -o go-template='{{ index .clusters 0 "cluster" "certificate-authority-data" }}' | base64 -d - > /etc/origin/node/client-ca.crt
+  fi
+fi
+config=/etc/origin/node/bootstrap-node-config.yaml
+# TODO: remove when dynamic kubelet config is delivered
+if [[ -f /etc/origin/node/node-config.yaml ]]; then
+  config=/etc/origin/node/node-config.yaml
+fi
+flags=$( /usr/bin/openshift start node --write-flags "--config=${config}" --loglevel=${DEBUG_LOGLEVEL:-2} )
+exec /usr/bin/hyperkube kubelet --v=${DEBUG_LOGLEVEL:-2} ${flags}

roles/openshift_node/tasks/bootstrap.yml

@@ -26,26 +26,20 @@
   - line: "KUBECONFIG={{ openshift_node_config_dir }}/bootstrap.kubeconfig"
     regexp: "^KUBECONFIG=.*"
   # remove the config file.  This comes from openshift_facts
-  - line: "CONFIG_FILE={{ openshift_node_config_dir }}/node-config.yaml"
+  - line: "CONFIG_FILE={{ openshift_node_config_dir }}/bootstrap-node-config.yaml"
     regexp: "^CONFIG_FILE=.*"
 
 - name: include aws sysconfig credentials
   import_tasks: aws.yml
   when: not (openshift_node_use_instance_profiles | default(False))
 
-#- name: update the ExecStart to have bootstrap
-#  lineinfile:
-#    dest: "/usr/lib/systemd/system/{{ openshift_service_type }}-node.service"
-#    line: "{% raw %}ExecStart=/usr/bin/openshift start node --bootstrap --kubeconfig=${KUBECONFIG} $OPTIONS{% endraw %}"
-#    regexp: "^ExecStart=.*"
 
-- name: "disable {{ openshift_service_type }}-node"  # and {{ openshift_service_type }}-master services"
+- name: "disable {{ openshift_service_type }}-node service"
   systemd:
     name: "{{ item }}"
     enabled: no
   with_items:
   - "{{ openshift_service_type }}-node.service"
-#  - "{{ openshift_service_type }}-master.service"
 
 - name: Check for RPM generated config marker file .config_managed
   stat:
@@ -74,7 +68,12 @@
     state: link
     force: yes
   with_items:
-  - "{{ openshift_node_config_dir }}/node-client-ca.crt"
+  - "{{ openshift_node_config_dir }}/client-ca.crt"
+
+- name: Remove default node-config.yaml to allow bootstrapping config
+  file:
+    path: "/etc/origin/node/node-config.yaml"
+    state: absent
 
 - when: rpmgenerated_config.stat.exists
   block:

roles/openshift_node/tasks/config.yml

@@ -50,6 +50,12 @@
   notify:
     - restart node
 
+- name: Ensure the node static pod directory exists
+  file:
+    path: "{{ openshift.common.config_base }}/node/pods"
+    state: directory
+    mode: 0755
+
 - name: include aws provider credentials
   import_tasks: aws.yml
   when: not (openshift_node_use_instance_profiles | default(False))

roles/openshift_node/tasks/config/configure-node-settings.yml

@@ -7,7 +7,9 @@
     create: true
   with_items:
   - regex: '^OPTIONS='
-    line: "OPTIONS=--loglevel={{ openshift_node_debug_level }} {{ openshift_node_start_options | default('') }}"
+    line: "OPTIONS={{ openshift_node_start_options | default('') }}"
+  - regex: '^DEBUG_LOGLEVEL='
+    line: "DEBUG_LOGLEVEL={{ openshift_node_debug_level }}"
   - regex: '^CONFIG_FILE='
     line: "CONFIG_FILE={{ openshift.common.config_base }}/node/node-config.yaml"
   - regex: '^IMAGE_VERSION='

roles/openshift_node/tasks/install.yml

@@ -1,5 +1,5 @@
 ---
-- name: Install Node package, sdn-ovs, conntrack packages
+- name: Install node, clients, and conntrack packages
   package:
     name: "{{ item.name }}"
     state: present
@@ -7,8 +7,7 @@
   until: result is succeeded
   with_items:
   - name: "{{ openshift_service_type }}-node{{ (openshift_pkg_version | default('')) | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}"
-  - name: "{{ openshift_service_type }}-sdn-ovs{{ (openshift_pkg_version | default('')) | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}"
-    install: "{{ openshift_node_use_openshift_sdn | bool }}"
+  - name: "{{ openshift_service_type }}-clients{{ (openshift_pkg_version | default('')) | lib_utils_oo_image_tag_to_rpm_version(include_dash=True) }}"
   - name: "conntrack-tools"
   when:
   - not openshift_is_containerized | bool

roles/openshift_node/tasks/systemd_units.yml

@@ -1,4 +1,9 @@
 ---
+- name: Copy node script to the node
+  copy:
+    src: openshift-node
+    dest: /usr/local/bin/openshift-node
+    mode: 0500
 - name: Install Node service file
   template:
     dest: "/etc/systemd/system/{{ openshift_service_type }}-node.service"

roles/openshift_node/tasks/upgrade/containerized_upgrade_pull.yml

@@ -1,15 +0,0 @@
----
-- name: Pre-pull node image
-  command: >
-    docker pull {{ osn_image }}:{{ openshift_image_tag }}
-  register: pull_result
-  changed_when: "'Downloaded newer image' in pull_result.stdout"
-
-- name: Pre-pull openvswitch image
-  command: >
-    docker pull {{ osn_ovs_image }}:{{ openshift_image_tag }}
-  register: pull_result
-  changed_when: "'Downloaded newer image' in pull_result.stdout"
-  when: openshift_node_use_openshift_sdn | bool
-
-- include_tasks: ../container_images.yml

roles/openshift_node/tasks/upgrade/restart.yml

@@ -34,10 +34,6 @@
 - name: Start services
   service: name={{ item }} state=started
   with_items:
-    - etcd_container
-    - openvswitch
-    - "{{ openshift_service_type }}-master-api"
-    - "{{ openshift_service_type }}-master-controllers"
     - "{{ openshift_service_type }}-node"
   failed_when: false
 

roles/openshift_node/tasks/upgrade/rpm_upgrade.yml

@@ -13,12 +13,5 @@
   vars:
     openshift_node_upgrade_rpm_list:
       - "{{ openshift_service_type }}-node{{ openshift_pkg_version | default('') }}"
+      - "{{ openshift_service_type }}-clients{{ openshift_pkg_version | default('') }}"
       - "PyYAML"
-      - "dnsmasq"
-
-# Pre-pull the rpms for openvswitch, but don't install
-# openvswitch requires the latest version to be installed.
-- name: download openvswitch upgrade rpm
-  command: "{{ ansible_pkg_mgr }} update -y --downloadonly openvswitch"
-  register: result
-  until: result is succeeded

roles/openshift_node/tasks/upgrade/rpm_upgrade_install.yml

@@ -15,5 +15,5 @@
   vars:
     openshift_node_upgrade_rpm_list:
       - "{{ openshift_service_type }}-node{{ openshift_pkg_version | default('') }}"
+      - "{{ openshift_service_type }}-clients{{ openshift_pkg_version | default('') }}"
       - "PyYAML"
-      - "openvswitch"

roles/openshift_node/tasks/upgrade/stop_services.yml

@@ -4,22 +4,20 @@
     name: "{{ item }}"
     state: stopped
   with_items:
-  - "{{ openshift_service_type }}-node"
-  - openvswitch
-  failed_when: false
-
-- name: Ensure containerized services stopped before Docker restart
-  service:
-    name: "{{ item }}"
-    state: stopped
-  with_items:
   - etcd_container
   - openvswitch
   - "{{ openshift_service_type }}-master-api"
   - "{{ openshift_service_type }}-master-controllers"
   - "{{ openshift_service_type }}-node"
   failed_when: false
-  when: openshift_is_containerized | bool
+
+- name: Ensure static containerized services stopped before Docker restart
+  command: /usr/bin/master-restart "{{ item }}"
+  with_items:
+  - api
+  - controllers
+  - etcd
+  failed_when: false
 
 - service:
     name: docker

roles/openshift_node/templates/node.service.j2

@@ -15,12 +15,7 @@ After=dnsmasq.service
 [Service]
 Type=notify
 EnvironmentFile=/etc/sysconfig/{{ openshift_service_type }}-node
-Environment=GOTRACEBACK=crash
-ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
-ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/{{ openshift.common.dns_domain }}/127.0.0.1
-ExecStopPost=/usr/bin/rm /etc/dnsmasq.d/node-dnsmasq.conf
-ExecStopPost=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:
-ExecStart=/usr/bin/openshift start node {% if openshift_node_bootstrap %} --kubeconfig=${KUBECONFIG} --bootstrap-config-name=${BOOTSTRAP_CONFIG_NAME}{% endif %} --config=${CONFIG_FILE} $OPTIONS
+ExecStart=/usr/local/bin/openshift-node
 LimitNOFILE=65536
 LimitCORE=infinity
 WorkingDirectory=/var/lib/origin/

roles/openshift_node/templates/openshift.docker.node.service

@@ -26,7 +26,7 @@ ExecStartPre=/usr/bin/cp /etc/origin/node/node-dnsmasq.conf /etc/dnsmasq.d/
 ExecStartPre=/usr/bin/dbus-send --system --dest=uk.org.thekelleys.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers array:string:/in-addr.arpa/127.0.0.1,/{{ openshift.common.dns_domain }}/127.0.0.1
 ExecStart=/usr/bin/docker run --name {{ openshift_service_type }}-node \
   --rm --privileged --net=host --pid=host --env-file=/etc/sysconfig/{{ openshift_service_type }}-node \
-  -v /:/rootfs:ro,rslave -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} \
+  -v /:/rootfs:ro,rslave -e CONFIG_FILE=${CONFIG_FILE} -e OPTIONS=${OPTIONS} -e DEBUG_LOGLEVEL=${DEBUG_LOGLEVEL}\
   -e HOST=/rootfs -e HOST_ETC=/host-etc \
   -v {{ openshift_node_data_dir }}:{{ openshift_node_data_dir }}:rslave \
   -v {{ openshift.common.config_base }}/node:{{ openshift.common.config_base }}/node \