Skip to content

WIP: Use keepalived image from openshift #625

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
cybertron wants to merge 2 commits into from
Closed

WIP: Use keepalived image from openshift #625

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e854582
Extend Ironic conductor heartbeat timeout
cybertron Jun 14, 2019
4a07de3
Deploy using openshift keepalived-ipfailover image
cybertron Jun 17, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions 04_setup_ironic.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ sudo podman run -d --net host --privileged --name mariadb --pod ironic-pod \

sudo podman run -d --net host --privileged --name ironic --pod ironic-pod \
--env MARIADB_PASSWORD=$mariadb_password \
--env OS_CONDUCTOR__HEARTBEAT_TIMEOUT=120 \
Copy link
Contributor Author

@cybertron cybertron Jun 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is unrelated, but I need it for testing locally. Will remove before I push the final version of this change.

-v $IRONIC_DATA_DIR:/shared ${IRONIC_IMAGE}

# Start Ironic Inspector
Expand Down
2 changes: 1 addition & 1 deletion assets/files/etc/kubernetes/manifests/keepalived.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ spec:
- name: keepalived
securityContext:
privileged: true
image: quay.io/celebdor/keepalived:latest
image: registry.svc.ci.openshift.org/ocp/4.2@sha256:daa9f390c43563b67546cd5b4cf3d8e351c3530f8091f523a73061fa441e8818
Copy link
Contributor Author

@cybertron cybertron Jun 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Obviously I need to figure out how to reference this image properly.

Copy link
Member

@russellb russellb Jun 17, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You won't be able to do this "properly" in dev-scripts. I expect these manifests will move to MCO, right?

There's a bit of magic here you need to hook into. Assuming MCO is what has this manifest, then the image needs to be listed in this file as well: https://github.com/openshift/machine-config-operator/blob/master/install/image-references

By being listed in image-references for one of the cluster operators, the image will get included in the release payload. There's also magic in CVO to convert image references in CVO deployed manifests to use the right image for that release payload. It looks like MCO has this manifest that declares a config map of image references. I would expect keepalived to be added here as well, so you can get the right image from your MCO code: https://github.com/openshift/machine-config-operator/blob/master/install/0000_80_machine-config-operator_02_images.configmap.yaml

Copy link

@hardys hardys Jun 18, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah this will need to go into the MCO PR @bcrochet is working on, when that lands all this asset mangling will go away ref #623

#561 tracks the removal and the MCO PR is openshift/machine-config-operator#795

Copy link
Member

@russellb russellb Jun 18, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In dev scripts I suppose you could use an “oc adm release” command to inspect the release image and pull out the pullspec for an image in that release payload. That would just be a very short term hack though.

command:
- /usr/sbin/keepalived
args:
Expand Down
11 changes: 8 additions & 3 deletions assets/files/etc/kubernetes/static-pod-resources/keepalived/keepalived.conf.template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,22 @@
global_defs {
enable_script_security
script_user root
}

vrrp_script chk_ocp {
script "curl -o /dev/null -kLs https://0:6443/readyz"
script "/usr/bin/curl -o /dev/null -kLs https://0:6443/readyz"
interval 1
weight 50
}

vrrp_script chk_dns {
script "host -t SRV _etcd-server-ssl._tcp.${DOMAIN} localhost"
script "/usr/bin/host -t SRV _etcd-server-ssl._tcp.${DOMAIN} localhost"
Copy link
Collaborator

@celebdor celebdor Jun 18, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This reminds me that we need to drop DNS VIP.

interval 1
weight 50
}

vrrp_script chk_ingress {
script "curl -o /dev/null -kLs https://0:1936/healthz"
script "/usr/bin/curl -o /dev/null -kLs https://0:1936/healthz"
interval 1
weight 50
}
Expand Down