Salt configuration for flanneld

cluster/gce/config-default.sh

@@ -120,3 +120,4 @@ OPENCONTRAIL_PUBLIC_SUBNET="${OPENCONTRAIL_PUBLIC_SUBNET:-10.1.0.0/16}"
 
 # Optional: if set to true, kube-up will configure the cluster to run e2e tests.
 E2E_STORAGE_TEST_ENVIRONMENT=${KUBE_E2E_STORAGE_TEST_ENVIRONMENT:-false}
+FIREWALL_ETCD="${FIREWALL_SSH:-${NETWORK}-allow-etcd}"

cluster/gce/config-test.sh

@@ -132,3 +132,6 @@ OPENCONTRAIL_PUBLIC_SUBNET="${OPENCONTRAIL_PUBLIC_SUBNET:-10.1.0.0/16}"
 
 # Optional: if set to true, kube-up will configure the cluster to run e2e tests.
 E2E_STORAGE_TEST_ENVIRONMENT=${KUBE_E2E_STORAGE_TEST_ENVIRONMENT:-false}
+# Overlay network settings
+OVERLAY_NETWORK=${OVERLAY_NETWORK:-true}
+FIREWALL_ETCD="${FIREWALL_SSH:-${NETWORK}-allow-etcd}"

cluster/gce/util.sh

@@ -304,7 +304,7 @@ function create-static-ip {
         echo -e "${color_red}Failed to create static ip $1 ${color_norm}" >&2
         exit 2
       fi
-      attempt=$(($attempt+1)) 
+      attempt=$(($attempt+1))
       echo -e "${color_yellow}Attempt $attempt failed to create static ip $1. Retrying.${color_norm}" >&2
       sleep $(($attempt * 5))
     else
@@ -603,13 +603,28 @@ function kube-up {
       --allow "tcp:22" &
   fi
 
-  echo "Starting master and configuring firewalls"
   gcloud compute firewall-rules create "${MASTER_NAME}-https" \
     --project "${PROJECT}" \
     --network "${NETWORK}" \
     --target-tags "${MASTER_TAG}" \
     --allow tcp:443 &
 
+  if [[ "${OVERLAY_NETWORK}" == "true" ]]; then
+    # TODO: Where to put this? Scope it to flannel setup.
+    if ! "${GCLOUD}" compute firewall-rules --project "${PROJECT}" describe "${FIREWALL_ETCD}" &>/dev/null; then
+      "${GCLOUD}" compute firewall-rules create "${FIREWALL_ETCD}" \
+        --network="${NETWORK}" \
+        --project="${PROJECT}" \
+        --source-ranges="10.0.0.0/8" \
+        --target-tags "${MINION_TAG}" \
+        --allow tcp:4001 &
+    else
+      echo "... Using etcd firewall-rule: ${FIREWALL_ETCD}" >&2
+    fi
+  else
+    echo "Not opening etcd up to the cluster: ${OVERLAY_NETWORK} ${FIREWALL_ETCD}"
+  fi
+
   # We have to make sure the disk is created before creating the master VM, so
   # run this in the foreground.
   gcloud compute disks create "${MASTER_NAME}-pd" \
@@ -672,7 +687,7 @@ function kube-up {
   write-node-env
 
   local template_name="${NODE_INSTANCE_PREFIX}-template"
-  
+
   create-node-instance-template $template_name
 
   gcloud compute instance-groups managed \

cluster/saltbase/salt/etcd/etcd.manifest

@@ -19,7 +19,7 @@
     "command": [
               "/bin/sh",
               "-c",
-              "/usr/local/bin/etcd --listen-peer-urls http://127.0.0.1:{{ server_port }} --addr 127.0.0.1:{{ port }} --bind-addr 127.0.0.1:{{ port }} --data-dir /var/etcd/data{{ suffix }} 1>>/var/log/etcd{{ suffix }}.log 2>&1"
+              "/usr/local/bin/etcd --listen-peer-urls http://0.0.0.0:{{ server_port }} --addr 0.0.0.0:{{ port }} --bind-addr 0.0.0.0:{{ port }} --data-dir /var/etcd/data{{ suffix }} 1>>/var/log/etcd{{ suffix }}.log 2>&1"
             ],
     "livenessProbe": {
       "httpGet": {
@@ -33,7 +33,7 @@
     "ports":[
       { "name": "serverport",
         "containerPort": {{ server_port }},
-        "hostPort": {{ server_port }} 
+        "hostPort": {{ server_port }}
       },{
        "name": "clientport",
         "containerPort": {{ port }},

cluster/saltbase/salt/flannel/init.sls

@@ -0,0 +1,41 @@
+flannel-tar:
+  archive:
+    - extracted
+    - user: root
+    - name: /usr/local/src
+    - makedirs: True
+    - source: https://github.com/coreos/flannel/releases/download/v0.5.3/flannel-0.5.3-linux-amd64.tar.gz
+    - tar_options: v
+    - source_hash: md5=2a82ed82a37d71c85586977f0e475b70
+    - archive_format: tar
+    - if_missing: /usr/local/src/flannel/flannel-0.5.3/
+
+flannel-symlink:
+  file.symlink:
+    - name: /usr/local/bin/flanneld
+    - target: /usr/local/src/flannel-0.5.3/flanneld
+    - force: true
+    - watch:
+        - archive: flannel-tar
+
+/etc/init.d/flannel:
+  file.managed:
+    - source: salt://flannel/initd
+    - user: root
+    - group: root
+    - mode: 755
+
+/var/run/flannel/network.json:
+  file.managed:
+    - source: salt://flannel/network.json
+    - makedirs: True
+    - user: root
+    - group: root
+    - mode: 755
+
+flannel:
+  service.running:
+    - enable: True
+    - watch:
+      - file: /usr/local/bin/flanneld
+      - file: /etc/init.d/flannel

cluster/saltbase/salt/flannel/initd

@@ -0,0 +1,126 @@
+#!/bin/bash
+#
+### BEGIN INIT INFO
+# Provides:   flanneld
+# Required-Start:    $local_fs $network $syslog
+# Required-Stop:
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Flannel daemon
+# Description:
+#   Flannel daemon.
+### END INIT INFO
+
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="Flannel overlay network daemon"
+NAME=flanneld
+DAEMON=/usr/local/bin/flanneld
+DAEMON_ARGS="-etcd-endpoints http://e2e-test-beeps-master:4001 -etcd-prefix /kubernetes.io/network"
+DAEMON_LOG_FILE=/var/log/$NAME.log
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+DAEMON_USER=root
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+        # Avoid a potential race at boot time when both monit and init.d start
+        # the same service
+        PIDS=$(pidof $DAEMON)
+        for PID in ${PIDS}; do
+            kill -9 $PID
+	done
+
+        # Return
+        #   0 if daemon has been started
+        #   1 if daemon was already running
+        #   2 if daemon could not be started
+        start-stop-daemon --start --quiet --background --no-close \
+                --make-pidfile --pidfile $PIDFILE \
+                --exec $DAEMON -c $DAEMON_USER --test > /dev/null \
+                || return 1
+        start-stop-daemon --start --quiet --background --no-close \
+                --make-pidfile --pidfile $PIDFILE \
+                --exec $DAEMON -c $DAEMON_USER -- \
+                $DAEMON_ARGS >> $DAEMON_LOG_FILE 2>&1 \
+                || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+        # Return
+        #   0 if daemon has been stopped
+        #   1 if daemon was already stopped
+        #   2 if daemon could not be stopped
+        #   other if a failure occurred
+        start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+        RETVAL="$?"
+        [ "$RETVAL" = 2 ] && return 2
+        # Many daemons don't delete their pidfiles when they exit.
+        rm -f $PIDFILE
+        return "$RETVAL"
+}
+
+
+case "$1" in
+  start)
+        log_daemon_msg "Starting $DESC" "$NAME"
+        do_start
+        case "$?" in
+                0|1) log_end_msg 0 || exit 0 ;;
+                2) log_end_msg 1 || exit 1 ;;
+        esac
+        ;;
+  stop)
+        log_daemon_msg "Stopping $DESC" "$NAME"
+        do_stop
+        case "$?" in
+                0|1) log_end_msg 0 ;;
+                2) exit 1 ;;
+        esac
+        ;;
+  status)
+        status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $?
+        ;;
+
+  restart|force-reload)
+        log_daemon_msg "Restarting $DESC" "$NAME"
+        do_stop
+        case "$?" in
+          0|1)
+                do_start
+                case "$?" in
+                        0) log_end_msg 0 ;;
+                        1) log_end_msg 1 ;; # Old process is still running
+                        *) log_end_msg 1 ;; # Failed to start
+                esac
+                ;;
+          *)
+                # Failed to stop
+                log_end_msg 1
+                ;;
+        esac
+        ;;
+  *)
+        echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+        exit 3
+        ;;
+esac

cluster/saltbase/salt/flannel/network.json

@@ -0,0 +1,8 @@
+{
+    "Network": "10.245.0.0/16",
+    "SubnetLen": 24,
+    "Backend": {
+        "Type": "vxlan",
+        "VNI": 1
+     }
+}

cluster/saltbase/salt/top.sls

@@ -13,6 +13,10 @@ base:
   'roles:kubernetes-pool':
     - match: grain
     - docker
+    - flannel
+{% if grains['cloud'] is defined and grains['cloud'] == 'azure' %}
+    - openvpn-client
+{% endif %}
     - helpers
     - cadvisor
     - kube-client-tools
@@ -40,6 +44,7 @@ base:
     - match: grain
     - generate-cert
     - etcd
+    - flannel
     - kube-apiserver
     - kube-controller-manager
     - kube-scheduler

cmd/kube-controller-manager/app/controllermanager.go

@@ -292,7 +292,8 @@ func (s *CMServer) Run(_ []string) error {
 	}
 
 	if s.AllocateNodeCIDRs {
-		if cloud == nil {
+		// TODO: Pipe this as a command line flag that corresponds to overlay==true
+		if cloud == nil || true {
 			glog.Warning("allocate-node-cidrs is set, but no cloud provider specified. Will not manage routes.")
 		} else if routes, ok := cloud.Routes(); !ok {
 			glog.Warning("allocate-node-cidrs is set, but cloud provider does not support routes. Will not manage routes.")