forked from platform9/nodelet
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpf9-kube-after-install.sh
executable file
·76 lines (67 loc) · 3.24 KB
/
pf9-kube-after-install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
echo 'after pf9-kube installation'
mkdir -p /opt/pf9/home
groupadd pf9group || true
useradd -d /opt/pf9/home -G pf9group pf9 || true
chmod 0440 /etc/sudoers.d/pf9-kube
chmod 0440 /etc/logrotate.d/pf9-kube
chmod 0440 /etc/logrotate.d/pf9-kubelet
chmod 0440 /etc/logrotate.d/pf9-nodeletd
chmod 0770 /opt/pf9/hostagent/extensions/fetch_pf9_kube_status.py
chmod 0770 /opt/pf9/hostagent/extensions/fetch_pod_info.py
chmod 0644 /etc/cron.d/pf9-logrotate
chmod 0755 /etc/cron.pf9/logrotate
mkdir -p /var/log/pf9/kube
mkdir -p /etc/pf9/kube.d
mkdir -p /etc/cni/net.d
mkdir -p /var/log/pf9/kubelet
mkdir -p /var/opt/pf9/kube/apiserver-config
# Enable calling iptables for packets ingress/egress'ing bridges
# See IAAS-7747
sysctl net/bridge/bridge-nf-call-iptables > /etc/pf9/kube.d/bridge-nf-call-iptables.old
echo net.bridge.bridge-nf-call-iptables = 1 >> /etc/sysctl.conf
sysctl -p
chown -R pf9:pf9group /var/log/pf9
chown -R pf9:pf9group /var/log/pf9/kube
chown -R pf9:pf9group /opt/pf9/pf9-kube
chown -R pf9:pf9group /var/log/pf9/kubelet
chown -R pf9:pf9group /opt/pf9/hostagent/extensions/fetch_pf9_kube_status.py
chown -R pf9:pf9group /opt/pf9/hostagent/extensions/fetch_pod_info.py
chown -R pf9:pf9group /var/opt/pf9
chown -R pf9:pf9group /etc/pf9
# Clear any docker network configuration before installation of
# any network plugin.
# See: https://platform9.atlassian.net/browse/IAAS-7740
# If docker networking was configured even once from the beginning
# of history, it will persist in the local db present under
# the below directory. Remove it opportunistically
rm -rf /var/lib/docker/network || true
# 1.18.10-pmk.1513 was a DoA release which can lead to improper clean up during node upgrade.
# This prevents the pf9-kube "service" from start successfully post upgrade. Invoke a force stop
# to attempt a clean up prior to hostagent starting nodelet.
# Side-effects: Certificates will now always be rotated on a node upgrade. Prior to this commit if
# the certificates had not expired and were generated for the same cluster UUID and role then they
# would not have been re-generated.
# TODO: Remove this for the 5.2 equivalent pf9-kube releases.
/opt/pf9/nodelet/nodeletd phases stop --force || true
# PMKFT: Make it easier to run "kubectl" commands after adding a master
ln -sf /opt/pf9/pf9-kube/bin/kubectl /usr/local/bin/kubectl
# clean up existing rotated log files
rm -f /var/log/pf9/kubelet/*.gz
# Remove the older kube interface cache file
# When implementing interface selection from qbert/sunpike API these cache files can be removed.
if [ -f /var/opt/pf9/kube_interface ]; then
grep 'V4_INTERFACE' /var/opt/pf9/kube_interface > /var/opt/pf9/kube_interface_v4
grep 'V6_INTERFACE' /var/opt/pf9/kube_interface > /var/opt/pf9/kube_interface_v6
if [ -f /var/opt/pf9/kube_interface_v4] ; then
chown pf9:pf9group /var/opt/pf9/kube_interface_v4
fi
if [ -f /var/opt/pf9/kube_interface_v6] ; then
chown pf9:pf9group /var/opt/pf9/kube_interface_v6
fi
rm -f /var/opt/pf9/kube_interface || true
fi
# Make all pf9-kube files non-writable by pf9 user
# To prevent files from being written using vim + :wq! make the root user owner of all files
chown -R root:pf9group /opt/pf9/pf9-kube || true
# Remove write permissions
chmod -w -R /opt/pf9/pf9-kube || true