(fix) Make rackd stateful

- Use a statefulset and PVC to make rackd systemid assignment stateful between pod restarts. This is to alleviate instability in MAAS upgrades. Change-Id: Iea5c3d3897b561d4ba479203ee6aec5885282e1a
2018-06-22 16:48:19 -05:00 · 2018-06-22 16:48:19 -05:00 · b09fee26b8
commit b09fee26b8
parent 7af3ee9347
7 changed files with 71 additions and 10 deletions
--- a/charts/maas/templates/bin/_register-rack-controller.sh.tpl
+++ b/charts/maas/templates/bin/_register-rack-controller.sh.tpl
@ -2,6 +2,12 @@

 set -x

+if [[ -r ~maas/maas_id && -r ~maas/secret ]]
+then
+  echo "Found existing maas_id and secret, assuming already registered."
+  exit 0
+fi
+
 echo "register-rack-controller URL: ${MAAS_ENDPOINT}"

 # register forever
--- a/charts/maas/templates/bin/_start.sh.tpl
+++ b/charts/maas/templates/bin/_start.sh.tpl
@ -19,14 +19,19 @@ set -ex
 # show env
 env > /tmp/env

+# Ensure PVC volumes have correct ownership
+
+chown maas:maas ~maas/
+chown maas:maas /etc/maas
+
 # MAAS must be able to ssh to libvirt hypervisors
 # to control VMs

-if [[ -d ~maas/keys ]]
+if [[ -r ~maas/id_rsa ]]
 then
  mkdir -p ~maas/.ssh
-  cp ~maas/keys/* ~maas/.ssh/
-  chown -R maas:maas ~maas/.ssh
+  cp ~maas/id_rsa ~maas/.ssh/
+  chown -R maas:maas ~maas/.ssh/
  chmod 700 ~maas/.ssh
  chmod 600 ~maas/.ssh/*
 fi
--- a/charts/maas/templates/service-rack.yaml
+++ b/charts/maas/templates/service-rack.yaml
@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: maas-rack
+spec:
+  clusterIP: 'None'
--- a/charts/maas/templates/statefulset-rack.yaml
+++ b/charts/maas/templates/statefulset-rack.yaml
@ -28,11 +28,14 @@ limitations under the License.
 {{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
 apiVersion: apps/v1beta1
-kind: Deployment
+kind: StatefulSet
 metadata:
  name: maas-rack
 spec:
+  serviceName: maas-rack
  replicas: {{ .Values.pod.replicas.rack }}
+  updateStrategy:
+    type: 'RollingUpdate'
  template:
    metadata:
      labels:
@ -98,12 +101,18 @@ spec:
              mountPath: /lib/systemd/system/register-rack-controller.service
              subPath: register-rack-controller.service
              readOnly: true
+            - name: rackd-state
+              mountPath: /etc/maas
+              subPath: etc
+              readOnly: false
+            - name: rackd-state
+              mountPath: /var/lib/maas
+              subPath: home
+              readOnly: false
 {{- if .Values.manifests.secret_ssh_key }}
-            - name: maas-ssh
-              mountPath: /var/lib/maas/keys
            - name: priv-key
              subPath: PRIVATE_KEY
-              mountPath: /var/lib/maas/keys/id_rsa
+              mountPath: /var/lib/maas/id_rsa
 {{- end }}
 {{ if $mounts_maas_rack.volumeMounts }}{{ toYaml $mounts_maas_rack.volumeMounts | indent 12 }}{{ end }}
      volumes:
@ -117,8 +126,6 @@ spec:
        - name: pod-tmp
          emptyDir: {}
 {{- if .Values.manifests.secret_ssh_key }}
-        - name: maas-ssh
-          emptyDir: {}
        - name: priv-key
          secret:
            secretName: {{ .Release.Name}}-{{ .Values.secrets.ssh_key }}
@ -133,4 +140,14 @@ spec:
            name: maas-etc
            defaultMode: 0444
 {{ if $mounts_maas_rack.volumes }}{{ toYaml $mounts_maas_rack.volumes | indent 8 }}{{ end }}
+  volumeClaimTemplates:
+    - metadata:
+        name: rackd-state
+        annotations:
+          {{ .Values.storage.rackd.pvc.class_path }}: {{ .Values.storage.rackd.pvc.class_name }}
+      spec:
+        accessModes: [ "ReadWriteOnce" ]
+        resources:
+          requests:
+            storage: {{ .Values.storage.rackd.pvc.size }}
 {{- end }}
--- a/charts/maas/values.yaml
+++ b/charts/maas/values.yaml
@ -99,6 +99,7 @@ network:
  proxy:
    node_port:
      enabled: true
+      # Do not change the port, hardcoded in MAAS source
      port: 31800
  gui:
    node_port:
@ -113,6 +114,13 @@ network:
    db_service: 5432
    db_service_target: 5432

+storage:
+  rackd:
+    pvc:
+      class_path: volume.beta.kubernetes.io/storage-class
+      class_name: general
+      size: 5Gi
+
 conf:
  ssh:
    # A SSH private key strings to mount
--- a/images/maas-rack-controller/2.3_nic_filter.patch
+++ b/images/maas-rack-controller/2.3_nic_filter.patch
@ -0,0 +1,13 @@
+diff --git a/src/provisioningserver/utils/network.py b/src/provisioningserver/utils/network.py
+index 48eb8fd..41d13a0 100644
+--- a/src/provisioningserver/utils/network.py
+++ b/src/provisioningserver/utils/network.py
+@@ -1141,7 +1141,7 @@ def get_all_interfaces_definition(annotate_with_monitored: bool=True) -> dict:
+     interfaces = {}
+     dhclient_info = get_dhclient_info()
+     iproute_info = get_ip_route()
+-    exclude_types = ["loopback", "ipip"]
+    exclude_types = ["loopback", "ipip", "ethernet"]
+     if not running_in_container():
+         exclude_types.append("ethernet")
+     ipaddr_info = {
--- a/images/maas-rack-controller/Dockerfile
+++ b/images/maas-rack-controller/Dockerfile
@ -11,7 +11,8 @@ RUN apt-get -qq update && \
    sudo \
    software-properties-common \
    libvirt-bin \
-    systemd
+    systemd \
+    patch
 # Don't start any optional services except for the few we need.

 RUN find /etc/systemd/system \
@ -42,6 +43,10 @@ RUN systemctl enable register-rack-controller.service
 RUN mv /usr/sbin/tcpdump /usr/bin/tcpdump
 RUN ln -s /usr/bin/tcpdump /usr/sbin/tcpdump

+# Patch so that Calico interfaces are ignored
+COPY 2.3_nic_filter.patch /tmp/2.3_nic_filter.patch
+RUN cd /usr/lib/python3/dist-packages/provisioningserver/utils && patch network.py < /tmp/2.3_nic_filter.patch
+
 # echo journalctl logs to the container's stdout
 COPY scripts/journalctl-to-tty.service /etc/systemd/system/journalctl-to-tty.service
 RUN mkdir -p /etc/systemd/system/basic.target.wants ;\