Merge pull request #310 from crawford/core

*: fix new install core

pkg/asset/cluster/tfvars.go

@@ -64,6 +64,12 @@ func (t *TerraformVariables) Generate(parents map[asset.Asset]*asset.State) (*as
 		return nil, err
 	}
 
+	if cluster.Platform == config.PlatformLibvirt {
+		if err := cluster.Libvirt.UseCachedImage(); err != nil {
+			return nil, err
+		}
+	}
+
 	data, err := cluster.TFVars()
 	if err != nil {
 		return nil, err

pkg/asset/ignition/bootstrap.go

@@ -137,7 +137,11 @@ func (a *bootstrap) Generate(dependencies map[asset.Asset]*asset.State) (*asset.
 		return nil, err
 	}
 
-	config := ignition.Config{}
+	config := ignition.Config{
+		Ignition: ignition.Ignition{
+			Version: ignition.MaxVersion.String(),
+		},
+	}
 
 	a.addBootstrapFiles(&config, dependencies)
 	a.addBootkubeFiles(&config, dependencies, templateData)
@@ -180,7 +184,7 @@ func (a *bootstrap) getTemplateData(installConfig *types.InstallConfig) (*bootst
 	if err != nil {
 		return nil, err
 	}
-	etcdEndpoints := make([]string, masterCount(installConfig))
+	etcdEndpoints := make([]string, installConfig.MasterCount())
 	for i := range etcdEndpoints {
 		etcdEndpoints[i] = fmt.Sprintf("https://%s-etcd-%d.%s:2379", installConfig.Name, i, installConfig.BaseDomain)
 	}
@@ -189,7 +193,7 @@ func (a *bootstrap) getTemplateData(installConfig *types.InstallConfig) (*bootst
 		CloudProvider:              getCloudProvider(installConfig),
 		CloudProviderConfig:        getCloudProviderConfig(installConfig),
 		DebugConfig:                "",
-		KubeCoreRenderImage:        "quay.io/coreos/kube-core-renderer-dev:436b1b4395ae54d866edc88864c9b01797cebac1",
+		KubeCoreRenderImage:        "quay.io/coreos/kube-core-renderer-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85",
 		MachineConfigOperatorImage: "docker.io/openshift/origin-machine-config-operator:v4.0.0",
 		EtcdCertSignerImage:        "quay.io/coreos/kube-etcd-signer-server:678cc8e6841e2121ebfdb6e2db568fce290b67d6",
 		EtcdctlImage:               "quay.io/coreos/etcd:v3.2.14",
@@ -203,7 +207,7 @@ func (a *bootstrap) addBootstrapFiles(config *ignition.Config, dependencies map[
 	config.Storage.Files = append(
 		config.Storage.Files,
 		fileFromBytes("/etc/kubernetes/kubeconfig", 0600, dependencies[a.kubeconfigKubelet].Contents[0].Data),
-		fileFromBytes("/var/lib/kubeconfig", 0600, dependencies[a.kubeconfigKubelet].Contents[0].Data),
+		fileFromBytes("/var/lib/kubelet/kubeconfig", 0600, dependencies[a.kubeconfigKubelet].Contents[0].Data),
 	)
 	config.Storage.Files = append(
 		config.Storage.Files,
@@ -256,6 +260,11 @@ func (a *bootstrap) addTLSCertFiles(config *ignition.Config, dependencies map[as
 	} {
 		config.Storage.Files = append(config.Storage.Files, filesFromContents(rootDir, 0600, dependencies[asset].Contents)...)
 	}
+
+	config.Storage.Files = append(
+		config.Storage.Files,
+		fileFromBytes("/etc/ssl/etcd/ca.crt", 0600, dependencies[a.etcdClientCertKey].Contents[tls.CertIndex].Data),
+	)
 }
 
 func getCloudProvider(installConfig *types.InstallConfig) string {

pkg/asset/ignition/content/kubelet.go

@@ -14,15 +14,17 @@ Wants=rpc-statd.service
 [Service]
 ExecStartPre=/bin/mkdir --parents /etc/kubernetes/manifests
 ExecStartPre=/usr/bin/bash -c "gawk '/certificate-authority-data/ {print $2}' /etc/kubernetes/kubeconfig | base64 --decode > /etc/kubernetes/ca.crt"
+Environment=KUBELET_RUNTIME_REQUEST_TIMEOUT=10m
+EnvironmentFile=-/etc/kubernetes/kubelet-env
 
 ExecStart=/usr/bin/hyperkube \
   kubelet \
     --bootstrap-kubeconfig=/etc/kubernetes/kubeconfig \
     --kubeconfig=/var/lib/kubelet/kubeconfig \
     --rotate-certificates \
-    --cni-conf-dir=/etc/kubernetes/cni/net.d \
-    --cni-bin-dir=/var/lib/cni/bin \
-    --network-plugin=cni \
+    --container-runtime=remote \
+    --container-runtime-endpoint=/var/run/crio/crio.sock \
+    --runtime-request-timeout=${KUBELET_RUNTIME_REQUEST_TIMEOUT} \
     --lock-file=/var/run/lock/kubelet.lock \
     --exit-on-lock-contention \
     --pod-manifest-path=/etc/kubernetes/manifests \
@@ -36,6 +38,7 @@ ExecStart=/usr/bin/hyperkube \
     --cloud-provider={{.CloudProvider}} \
     --anonymous-auth=false \
     --cgroup-driver=systemd \
+    --serialize-image-pulls=false \
     {{.CloudProviderConfig}} \
     {{.DebugConfig}} \
 

pkg/asset/ignition/content/tectonic.go

@@ -101,27 +101,16 @@ kubectl create --filename ingress/pull.json
 
 echo "Creating operators..."
 kubectl create --filename security/priviledged-scc-tectonic.yaml
-kubectl create --filename updater/tectonic-channel-operator-kind.yaml
 kubectl create --filename updater/app-version-kind.yaml
 kubectl create --filename updater/migration-status-kind.yaml
 
-kubectl --namespace=tectonic-system get customresourcedefinition channeloperatorconfigs.tco.coreos.com
-kubectl create --filename updater/tectonic-channel-operator-config.yaml
-
 kubectl create --filename updater/operators/kube-core-operator.yaml
-kubectl create --filename updater/operators/tectonic-channel-operator.yaml
 kubectl create --filename updater/operators/kube-addon-operator.yaml
-kubectl create --filename updater/operators/tectonic-alm-operator.yaml
-kubectl create --filename updater/operators/tectonic-utility-operator.yaml
-kubectl create --filename updater/operators/tectonic-ingress-controller-operator.yaml
 
 kubectl --namespace=tectonic-system get customresourcedefinition appversions.tco.coreos.com
 kubectl create --filename updater/app_versions/app-version-tectonic-cluster.yaml
 kubectl create --filename updater/app_versions/app-version-kube-core.yaml
 kubectl create --filename updater/app_versions/app-version-kube-addon.yaml
-kubectl create --filename updater/app_versions/app-version-tectonic-alm.yaml
-kubectl create --filename updater/app_versions/app-version-tectonic-utility.yaml
-kubectl create --filename updater/app_versions/app-version-tectonic-ingress.yaml
 
 # Wait for Tectonic pods
 wait_for_pods tectonic-system

pkg/asset/ignition/master.go

@@ -43,11 +43,11 @@ func (a *master) Generate(dependencies map[asset.Asset]*asset.State) (*asset.Sta
 	}
 
 	state := &asset.State{
-		Contents: make([]asset.Content, masterCount(installConfig)),
+		Contents: make([]asset.Content, installConfig.MasterCount()),
 	}
 	for i := range state.Contents {
 		state.Contents[i].Name = fmt.Sprintf("master-%d.ign", i)
-		state.Contents[i].Data = pointerIgnitionConfig(installConfig, dependencies[a.rootCA].Contents[0].Data, "master", fmt.Sprintf("etcd_index=%d", i))
+		state.Contents[i].Data = pointerIgnitionConfig(installConfig, dependencies[a.rootCA].Contents[tls.CertIndex].Data, "master", fmt.Sprintf("etcd_index=%d", i))
 	}
 
 	return state, nil

pkg/asset/ignition/node.go

@@ -51,22 +51,12 @@ func fileFromBytes(path string, mode int, contents []byte) ignition.File {
 	}
 }
 
-// masterCount determines the number of master nodes from the install config,
-// defaulting to one if it is unspecified.
-func masterCount(installConfig *types.InstallConfig) int {
-	for _, m := range installConfig.Machines {
-		if m.Name == "master" && m.Replicas != nil {
-			return int(*m.Replicas)
-		}
-	}
-	return 1
-}
-
 // pointerIgnitionConfig generates a config which references the remote config
 // served by the machine config server.
 func pointerIgnitionConfig(installConfig *types.InstallConfig, rootCA []byte, role string, query string) []byte {
 	data, err := json.Marshal(ignition.Config{
 		Ignition: ignition.Ignition{
+			Version: ignition.MaxVersion.String(),
 			Config: ignition.IgnitionConfig{
 				Append: []ignition.ConfigReference{{
 					Source: func() *url.URL {
@@ -87,6 +77,13 @@ func pointerIgnitionConfig(installConfig *types.InstallConfig, rootCA []byte, ro
 				},
 			},
 		},
+		// XXX: Remove this once MCO supports injecting SSH keys.
+		Passwd: ignition.Passwd{
+			Users: []ignition.PasswdUser{{
+				Name:              "core",
+				SSHAuthorizedKeys: []ignition.SSHAuthorizedKey{ignition.SSHAuthorizedKey(installConfig.Admin.SSHKey)},
+			}},
+		},
 	})
 	if err != nil {
 		panic(fmt.Sprintf("Failed to marshal pointer Ignition config: %v", err))

pkg/asset/ignition/worker.go

@@ -43,7 +43,7 @@ func (a *worker) Generate(dependencies map[asset.Asset]*asset.State) (*asset.Sta
 	return &asset.State{
 		Contents: []asset.Content{{
 			Name: "worker.ign",
-			Data: pointerIgnitionConfig(installConfig, dependencies[a.rootCA].Contents[0].Data, "worker", ""),
+			Data: pointerIgnitionConfig(installConfig, dependencies[a.rootCA].Contents[tls.CertIndex].Data, "worker", ""),
 		}},
 	}, nil
 }

pkg/asset/installconfig/installconfig.go

@@ -21,6 +21,7 @@ var (
 
 	defaultLibvirtNetworkIfName  = "tt0"
 	defaultLibvirtNetworkIPRange = "192.168.124.0/24"
+	defaultLibvirtImageURL       = "http://aos-ostree.rhev-ci-vms.eng.rdu2.redhat.com/rhcos/images/cloud/latest/rhcos-qemu.qcow2.gz"
 )
 
 // installConfig generates the install-config.yml file.
@@ -79,16 +80,6 @@ func (a *installConfig) Generate(dependencies map[asset.Asset]*asset.State) (*as
 			},
 		},
 		PullSecret: pullSecret,
-		Machines: []types.MachinePool{
-			{
-				Name:     "master",
-				Replicas: func(x int64) *int64 { return &x }(3),
-			},
-			{
-				Name:     "worker",
-				Replicas: func(x int64) *int64 { return &x }(3),
-			},
-		},
 	}
 
 	platformState := dependencies[a.assetStock.Platform()]
@@ -100,7 +91,6 @@ func (a *installConfig) Generate(dependencies map[asset.Asset]*asset.State) (*as
 			Region:       region,
 			VPCCIDRBlock: defaultVPCCIDR,
 		}
-		// Set the default master and worker nodes to 3 for AWS.
 		installConfig.Machines = []types.MachinePool{
 			{
 				Name:     "master",
@@ -113,7 +103,6 @@ func (a *installConfig) Generate(dependencies map[asset.Asset]*asset.State) (*as
 		}
 	case LibvirtPlatformType:
 		uri := string(platformState.Contents[1].Data)
-		image := string(platformState.Contents[2].Data)
 
 		installConfig.Libvirt = &types.LibvirtPlatform{
 			URI: uri,
@@ -123,10 +112,9 @@ func (a *installConfig) Generate(dependencies map[asset.Asset]*asset.State) (*as
 				IPRange: defaultLibvirtNetworkIPRange,
 			},
 			DefaultMachinePlatform: &types.LibvirtMachinePoolPlatform{
-				Image: image,
+				Image: defaultLibvirtImageURL,
 			},
 		}
-		// Set the default master and worker nodes to 1 for AWS.
 		installConfig.Machines = []types.MachinePool{
 			{
 				Name:     "master",

pkg/asset/installconfig/platform.go

@@ -102,23 +102,16 @@ func (a *Platform) awsPlatform() (*asset.State, error) {
 }
 
 func (a *Platform) libvirtPlatform() (*asset.State, error) {
-	var uri, image string
+	var uri string
 	survey.AskOne(&survey.Input{
 		Message: "URI",
 		Help:    "The libvirt connection URI to be used. This must be accessible from the running cluster.",
 		Default: "qemu+tcp://192.168.122.1/system",
 	}, &uri, nil)
 
-	survey.AskOne(&survey.Input{
-		Message: "Image",
-		Help:    "The URL to the OS image.",
-		Default: "",
-	}, &image, nil)
-
 	return assetStateForStringContents(
 		LibvirtPlatformType,
 		uri,
-		image,
 	), nil
 }
 

pkg/asset/kubeconfig/kubeconfig.go

@@ -47,12 +47,13 @@ func (k *Kubeconfig) Generate(parents map[asset.Asset]*asset.State) (*asset.Stat
 		return nil, err
 	}
 
-	var keyFilename, certFilename string
+	var keyFilename, certFilename, kubeconfigSuffix string
 	switch k.userName {
 	case KubeconfigUserNameAdmin:
 		keyFilename, certFilename = tls.AdminKeyName, tls.AdminCertName
 	case KubeconfigUserNameKubelet:
 		keyFilename, certFilename = tls.KubeletKeyName, tls.KubeletCertName
+		kubeconfigSuffix = fmt.Sprintf("-%s", KubeconfigUserNameKubelet)
 	}
 	clientKeyData, err := asset.GetDataByFilename(k.certKey, parents, keyFilename)
 	if err != nil {
@@ -107,7 +108,7 @@ func (k *Kubeconfig) Generate(parents map[asset.Asset]*asset.State) (*asset.Stat
 		Contents: []asset.Content{
 			{
 				// E.g. generated/auth/kubeconfig-admin.
-				Name: filepath.Join("auth", fmt.Sprintf("kubeconfig-%s", k.userName)),
+				Name: filepath.Join("auth", "kubeconfig"+kubeconfigSuffix),
 				Data: data,
 			},
 		},

pkg/asset/kubeconfig/kubeconfig_test.go

@@ -2,7 +2,6 @@ package kubeconfig
 
 import (
 	"fmt"
-	"path/filepath"
 	"testing"
 
 	"github.com/openshift/installer/pkg/asset"
@@ -210,8 +209,6 @@ users:
 				t.Errorf("expect error %v, saw nil", tt.errString)
 			}
 
-			filename := filepath.Join("auth", fmt.Sprintf("kubeconfig-%s", tt.userName))
-			assert.Equal(t, filename, st.Contents[0].Name, "unexpected filename")
 			assert.Equal(t, tt.expectedData, st.Contents[0].Data, "unexpected data in kubeconfig")
 		})
 	}

pkg/asset/manifests/content/bootkube/01-tectonic-namespace.go

@@ -10,5 +10,5 @@ metadata:
   labels: # network policy can only select by labels
     name: tectonic-system
     openshift.io/run-level: "1"
-    `
+`
 )

pkg/asset/manifests/content/bootkube/02-ingress-namespace.go

@@ -13,5 +13,5 @@ metadata:
     kubernetes.io/ingress.class: tectonic
     name: openshift-ingress
     openshift.io/run-level: "1"
-    `
+`
 )

pkg/asset/manifests/content/bootkube/03-openshift-web-console-namespace.go

@@ -11,5 +11,5 @@ metadata:
   name: openshift-web-console
   labels:
     name: openshift-web-console
-    `
+`
 )

pkg/asset/manifests/content/bootkube/04-openshift-machine-config-operator.go

@@ -10,5 +10,5 @@ metadata:
   labels:
     name: openshift-machine-config-operator
     openshift.io/run-level: "1"
-    `
+`
 )

pkg/asset/manifests/content/bootkube/05-openshift-cluster-api-namespace.go

@@ -11,5 +11,5 @@ metadata:
   labels:
     name: openshift-cluster-api
     openshift.io/run-level: "1"
-    `
+`
 )

pkg/asset/manifests/content/bootkube/app-version-kind.go

@@ -13,5 +13,5 @@ spec:
   names:
     plural: "appversions"
     kind: "AppVersion"
-    `
+`
 )

pkg/asset/manifests/content/bootkube/cluster-apiserver-certs.go

@@ -19,5 +19,5 @@ metadata:
 data:
   tls.crt: {{.ClusterapiCaCert}}
   tls.key: {{.ClusterapiCaKey}}
-  `))
+`))
 )

pkg/asset/manifests/content/bootkube/ign-config.go

@@ -15,5 +15,5 @@ metadata:
 type: Opaque
 data:
   userData: {{.WorkerIgnConfig}}
-  `))
+`))
 )

pkg/asset/manifests/content/bootkube/kube-apiserver-secret.go

@@ -31,5 +31,5 @@ data:
   service-serving-ca.crt: {{.ServiceServingCaCert}}
   service-serving-ca.key: {{.ServiceServingCaKey}}
   kubeconfig: {{.OpenshiftLoopbackKubeconfig}}
-  `))
+`))
 )

pkg/asset/manifests/content/bootkube/kube-cloud-config.go

@@ -15,5 +15,5 @@ metadata:
 type: Opaque
 data:
   config: ""
-  `))
+`))
 )

pkg/asset/manifests/content/bootkube/kube-controller-manager-secret.go

@@ -18,5 +18,5 @@ data:
   root-ca.crt: {{.RootCaCert}}
   kube-ca.crt: {{.KubeCaCert}}
   kube-ca.key: {{.KubeCaKey}}
-  `))
+`))
 )

pkg/asset/manifests/content/bootkube/machine-api-operator.go

@@ -56,6 +56,5 @@ spec:
           items:
           - key: mao-config
             path: config
-
-	    `
+`
 )

pkg/asset/manifests/content/bootkube/machine-config-operator-00-config-crd.go

@@ -27,5 +27,5 @@ spec:
     singular: mcoconfig
     # kind is normally the CamelCased singular type. Your resource manifests use this.
     kind: MCOConfig
-    `
+`
 )