Allowing for upgrades

Author: davidjumani

plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java

@@ -1140,7 +1140,8 @@ public boolean startKubernetesCluster(long kubernetesClusterId, boolean onCreate
         }
         if (onCreate) {
             // Start for Kubernetes cluster in 'Created' state
-            String[] keys = getServiceUserKeys();
+            Account owner = accountService.getActiveAccountById(kubernetesCluster.getAccountId());
+            String[] keys = getServiceUserKeys(owner);
             KubernetesClusterStartWorker startWorker =
                 new KubernetesClusterStartWorker(kubernetesCluster, this, keys);
             startWorker = ComponentContext.inject(startWorker);
@@ -1276,14 +1277,16 @@ public KubernetesClusterConfigResponse getKubernetesClusterConfig(GetKubernetesC
         return response;
     }
 
-    private String[] getServiceUserKeys() {
-        Account caller = CallContext.current().getCallingAccount();
-        String username = caller.getAccountName() + "-" + KUBEADMIN_ACCOUNT_NAME;
-        UserAccount kubeadmin = accountService.getActiveUserAccount(username, caller.getDomainId());
+    private String[] getServiceUserKeys(Account owner) {
+        if (owner == null) {
+            owner = CallContext.current().getCallingAccount();
+        }
+        String username = owner.getAccountName() + "-" + KUBEADMIN_ACCOUNT_NAME;
+        UserAccount kubeadmin = accountService.getActiveUserAccount(username, owner.getDomainId());
         String[] keys = null;
         if (kubeadmin == null) {
-            User kube = userDao.persist(new UserVO(caller.getAccountId(), username, UUID.randomUUID().toString(), caller.getAccountName(), KUBEADMIN_ACCOUNT_NAME, "kubeadmin",
-                null, UUID.randomUUID().toString(), User.Source.UNKNOWN));
+            User kube = userDao.persist(new UserVO(owner.getAccountId(), username, UUID.randomUUID().toString(), owner.getAccountName(),
+                KUBEADMIN_ACCOUNT_NAME, "kubeadmin", null, UUID.randomUUID().toString(), User.Source.UNKNOWN));
             keys = accountService.createApiKeyAndSecretKey(kube.getId());
         } else {
             String apiKey = kubeadmin.getApiKey();
@@ -1323,9 +1326,12 @@ public boolean upgradeKubernetesCluster(UpgradeKubernetesClusterCmd cmd) throws
             logAndThrow(Level.ERROR, "Kubernetes Service plugin is disabled");
         }
         validateKubernetesClusterUpgradeParameters(cmd);
+        KubernetesClusterVO kubernetesCluster = kubernetesClusterDao.findById(cmd.getId());
+        Account owner = accountService.getActiveAccountById(kubernetesCluster.getAccountId());
+        String[] keys = getServiceUserKeys(owner);
         KubernetesClusterUpgradeWorker upgradeWorker =
-                new KubernetesClusterUpgradeWorker(kubernetesClusterDao.findById(cmd.getId()),
-                        kubernetesSupportedVersionDao.findById(cmd.getKubernetesVersionId()), this);
+            new KubernetesClusterUpgradeWorker(kubernetesClusterDao.findById(cmd.getId()),
+                kubernetesSupportedVersionDao.findById(cmd.getKubernetesVersionId()), this, keys);
         upgradeWorker = ComponentContext.inject(upgradeWorker);
         return upgradeWorker.upgradeCluster();
     }

plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterActionWorker.java

@@ -17,7 +17,9 @@
 
 package com.cloud.kubernetes.cluster.actionworkers;
 
+import java.io.BufferedWriter;
 import java.io.File;
+import java.io.FileWriter;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -28,6 +30,7 @@
 
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.ca.CAManager;
+import org.apache.cloudstack.config.ApiServiceConfiguration;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
 import org.apache.commons.collections.CollectionUtils;
@@ -70,6 +73,7 @@
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.utils.fsm.NoTransitionException;
 import com.cloud.utils.fsm.StateMachine2;
+import com.cloud.utils.ssh.SshHelper;
 import com.cloud.vm.UserVmService;
 import com.cloud.vm.dao.UserVmDao;
 import com.google.common.base.Strings;
@@ -127,6 +131,11 @@ public class KubernetesClusterActionWorker {
     protected String publicIpAddress;
     protected int sshPort;
 
+    protected final String autoscaleScriptFilename = "autoscale-kube-cluster";
+    protected final String deploySecretsScriptFilename = "deploy-cloudstack-secret";
+    protected File autoscaleScriptFile;
+    protected File deploySecretsScriptFile;
+
     protected KubernetesClusterActionWorker(final KubernetesCluster kubernetesCluster, final KubernetesClusterManagerImpl clusterManager) {
         this.kubernetesCluster = kubernetesCluster;
         this.kubernetesClusterDao = clusterManager.kubernetesClusterDao;
@@ -178,7 +187,7 @@ protected void logMessage(final Level logLevel, final String message, final Exce
     }
 
     protected void logTransitStateDetachIsoAndThrow(final Level logLevel, final String message, final KubernetesCluster kubernetesCluster,
-                                                    final List<UserVm> clusterVMs, final KubernetesCluster.Event event, final Exception e) throws CloudRuntimeException {
+        final List<UserVm> clusterVMs, final KubernetesCluster.Event event, final Exception e) throws CloudRuntimeException {
         logMessage(logLevel, message, e);
         stateTransitTo(kubernetesCluster.getId(), event);
         detachIsoKubernetesVMs(clusterVMs);
@@ -383,4 +392,65 @@ protected boolean stateTransitTo(long kubernetesClusterId, KubernetesCluster.Eve
             return false;
         }
     }
+
+    protected boolean createCloudStackSecret(String[] keys) {
+        File pkFile = getManagementServerSshPublicKeyFile();
+        Pair<String, Integer> publicIpSshPort = getKubernetesClusterServerIpSshPort(null);
+        publicIpAddress = publicIpSshPort.first();
+        sshPort = publicIpSshPort.second();
+
+        List<KubernetesClusterVmMapVO> clusterVMs = getKubernetesClusterVMMaps();
+        if (CollectionUtils.isEmpty(clusterVMs)) {
+            return false;
+        }
+
+        final UserVm userVm = userVmDao.findById(clusterVMs.get(0).getVmId());
+
+        String hostName = userVm.getHostName();
+        if (!Strings.isNullOrEmpty(hostName)) {
+            hostName = hostName.toLowerCase();
+        }
+
+        try {
+            Pair<Boolean, String> result = SshHelper.sshExecute(publicIpAddress, sshPort, CLUSTER_NODE_VM_USER,
+                pkFile, null, String.format("sudo /opt/bin/deploy-cloudstack-secret -u '%s' -k '%s' -s '%s'",
+                    ApiServiceConfiguration.ApiServletPath.value(), keys[0], keys[1]),
+                    10000, 10000, 60000);
+            return result.first();
+        } catch (Exception e) {
+            String msg = String.format("Failed to add cloudstack-secret to Kubernetes cluster: %s", kubernetesCluster.getName());
+            LOGGER.warn(msg, e);
+        }
+        return true;
+    }
+
+    protected File retrieveScriptFile(String filename) {
+        File file = null;
+        try {
+            String data = readResourceFile("/script/" + filename);
+            file = File.createTempFile(filename, ".sh");
+            BufferedWriter writer = new BufferedWriter(new FileWriter(file));
+            writer.write(data);
+            writer.close();
+        } catch (IOException e) {
+            logAndThrow(Level.ERROR, String.format("Failed to upgrade Kubernetes cluster ID: %s, unable to prepare upgrade script %s", kubernetesCluster.getUuid(), filename), e);
+        }
+        return file;
+    }
+
+    protected void copyAutoscalerScripts(final UserVm vm, final int index) throws Exception {
+        // TODO: This might be a bad way to do it. Better to fetch the pf rules and try
+        int nodeSshPort = sshPort == 22 ? sshPort : sshPort + index;
+        String nodeAddress = (index > 0 && sshPort == 22) ? vm.getPrivateIpAddress() : publicIpAddress;
+        SshHelper.scpTo(nodeAddress, nodeSshPort, CLUSTER_NODE_VM_USER, sshKeyFile, null,
+                "~/", autoscaleScriptFile.getAbsolutePath(), "0755");
+        SshHelper.scpTo(nodeAddress, nodeSshPort, CLUSTER_NODE_VM_USER, sshKeyFile, null,
+                "~/", deploySecretsScriptFile.getAbsolutePath(), "0755");
+        String cmdStr = String.format("sudo mv ~/%s /opt/bin/%s", autoscaleScriptFile.getName(), autoscaleScriptFilename);
+        SshHelper.sshExecute(publicIpAddress, nodeSshPort, CLUSTER_NODE_VM_USER, sshKeyFile, null,
+            cmdStr, 10000, 10000, 10 * 60 * 1000);
+        cmdStr = String.format("sudo mv ~/%s /opt/bin/%s", deploySecretsScriptFile.getName(), deploySecretsScriptFilename);
+        SshHelper.sshExecute(publicIpAddress, nodeSshPort, CLUSTER_NODE_VM_USER, sshKeyFile, null,
+            cmdStr, 10000, 10000, 10 * 60 * 1000);
+    }
 }

plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterResourceModifierActionWorker.java

@@ -32,7 +32,6 @@
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.api.command.user.firewall.CreateFirewallRuleCmd;
 import org.apache.cloudstack.api.command.user.vm.StartVMCmd;
-import org.apache.cloudstack.config.ApiServiceConfiguration;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.log4j.Level;
@@ -520,37 +519,6 @@ protected String getKubernetesClusterNodeNamePrefix() {
         return prefix;
     }
 
-    protected boolean createSecret(String[] keys) {
-        File pkFile = getManagementServerSshPublicKeyFile();
-        Pair<String, Integer> publicIpSshPort = getKubernetesClusterServerIpSshPort(null);
-        publicIpAddress = publicIpSshPort.first();
-        sshPort = publicIpSshPort.second();
-
-        List<KubernetesClusterVmMapVO> clusterVMs = getKubernetesClusterVMMaps();
-        if (CollectionUtils.isEmpty(clusterVMs)) {
-            return false;
-        }
-
-        final UserVm userVm = userVmDao.findById(clusterVMs.get(0).getVmId());
-
-        String hostName = userVm.getHostName();
-        if (!Strings.isNullOrEmpty(hostName)) {
-            hostName = hostName.toLowerCase();
-        }
-
-        try {
-            Pair<Boolean, String> result = SshHelper.sshExecute(publicIpAddress, sshPort, CLUSTER_NODE_VM_USER,
-                pkFile, null, String.format("sudo /opt/bin/deploy-cloudstack-secret -u '%s' -k '%s' -s '%s'",
-                    ApiServiceConfiguration.ApiServletPath.value(), keys[0], keys[1]),
-                    10000, 10000, 60000);
-            return result.first();
-        } catch (Exception e) {
-            String msg = String.format("Failed to add cloudstack-secret to Kubernetes cluster: %s", kubernetesCluster.getName());
-            LOGGER.warn(msg, e);
-        }
-        return true;
-    }
-
     protected KubernetesClusterVO updateKubernetesClusterEntry(final Long cores, final Long memory,
         final Long size, final Long serviceOfferingId, final Boolean autoscaleEnabled, final Long minSize, final Long maxSize) {
         return Transaction.execute(new TransactionCallback<KubernetesClusterVO>() {
@@ -612,19 +580,20 @@ protected boolean autoscaleCluster(boolean enable, Long minSize, Long maxSize) {
 
         try {
             if (enable) {
+                String data = readResourceFile("/script/try-autoscaling");
                 Pair<Boolean, String> result = SshHelper.sshExecute(publicIpAddress, sshPort, CLUSTER_NODE_VM_USER,
-                    pkFile, null, String.format("sudo /opt/bin/autoscale-kube-cluster -i %s -e -M %d -m %d", kubernetesCluster.getUuid(), maxSize, minSize),
+                    pkFile, null, String.format(data, kubernetesCluster.getUuid(), maxSize, minSize),
                         10000, 10000, 60000);
                 if (!result.first()) {
-                    return false;
+                    throw new CloudRuntimeException(result.second());
                 }
                 updateKubernetesClusterEntry(true, minSize, maxSize);
             } else {
                 Pair<Boolean, String> result = SshHelper.sshExecute(publicIpAddress, sshPort, CLUSTER_NODE_VM_USER,
                     pkFile, null, String.format("sudo /opt/bin/autoscale-kube-cluster -d"),
                         10000, 10000, 60000);
                 if (!result.first()) {
-                    return false;
+                    throw new CloudRuntimeException(result.second());
                 }
                 updateKubernetesClusterEntry(false, null, null);
             }

plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterScaleWorker.java

@@ -134,13 +134,15 @@ private void scaleKubernetesClusterNetworkRules(final List<Long> clusterVMIds, f
             throw new ManagementServerException(String.format("No source NAT IP addresses found for network ID: %s, Kubernetes cluster ID: %s", network.getUuid(), kubernetesCluster.getUuid()));
         }
 
+        // TODO : Remove indiv rules per vm
         // Remove existing SSH firewall rules
         FirewallRule firewallRule = removeSshFirewallRule(publicIp);
         if (firewallRule == null) {
             throw new ManagementServerException("Firewall rule for node SSH access can't be provisioned");
         }
         int existingFirewallRuleSourcePortEnd = firewallRule.getSourcePortEnd();
         final int scaledTotalNodeCount = clusterSize == null ? (int)kubernetesCluster.getTotalNodeCount() : (int)(clusterSize + kubernetesCluster.getMasterNodeCount());
+        // TODO : Provision indiv rules per vm
         // Provision new SSH firewall rules
         try {
             provisionFirewallRules(publicIp, owner, CLUSTER_NODES_DEFAULT_START_SSH_PORT, CLUSTER_NODES_DEFAULT_START_SSH_PORT + scaledTotalNodeCount - 1);
@@ -159,6 +161,7 @@ private void scaleKubernetesClusterNetworkRules(final List<Long> clusterVMIds, f
         }
 
         try {
+            // TODO : Provision indiv rules per vm
             provisionSshPortForwardingRules(publicIp, network, owner, clusterVMIds, existingFirewallRuleSourcePortEnd + 1);
         } catch (ResourceUnavailableException | NetworkRuleConflictException e) {
             throw new ManagementServerException(String.format("Failed to activate SSH port forwarding rules for the Kubernetes cluster ID: %s", kubernetesCluster.getUuid()), e);

plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterStartWorker.java

@@ -394,6 +394,7 @@ private void setupKubernetesClusterNetworkRules(Network network, List<UserVm> cl
         }
 
         try {
+            // TODO : Create indiv fw rules for each vm
             int endPort = CLUSTER_NODES_DEFAULT_START_SSH_PORT + clusterVMs.size() - 1;
             provisionFirewallRules(publicIp, owner, CLUSTER_NODES_DEFAULT_START_SSH_PORT, endPort);
             if (LOGGER.isInfoEnabled()) {
@@ -569,13 +570,27 @@ public boolean startKubernetesClusterOnCreate() {
         if (!isKubernetesClusterDashboardServiceRunning(true, startTimeoutTime)) {
             logTransitStateAndThrow(Level.ERROR, String.format("Failed to setup Kubernetes cluster ID: %s in usable state as unable to get Dashboard service running for the cluster", kubernetesCluster.getUuid()), kubernetesCluster.getId(),KubernetesCluster.Event.OperationFailed);
         }
-        if (!createSecret(keys)) {
+        retrieveScriptFiles();
+        for (int i = 0; i < clusterVMs.size(); ++i) {
+            UserVm vm = clusterVMs.get(i);
+            try {
+				copyAutoscalerScripts(vm, i);
+			} catch (Exception e) {
+                throw new CloudRuntimeException(e);
+			}
+        }
+        if (!createCloudStackSecret(keys)) {
             logTransitStateAndThrow(Level.ERROR, String.format("Failed to setup keys for Kubernetes cluster ID: %s", kubernetesCluster.getUuid()), kubernetesCluster.getId(),KubernetesCluster.Event.OperationFailed);
         }
         stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.OperationSucceeded);
         return true;
     }
 
+    private void retrieveScriptFiles() {
+        autoscaleScriptFile = retrieveScriptFile(autoscaleScriptFilename);
+        deploySecretsScriptFile = retrieveScriptFile(deploySecretsScriptFilename);
+    }
+
     public boolean startStoppedKubernetesCluster() throws CloudRuntimeException {
         init();
         if (LOGGER.isInfoEnabled()) {

plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/actionworkers/KubernetesClusterUpgradeWorker.java

@@ -17,10 +17,7 @@
 
 package com.cloud.kubernetes.cluster.actionworkers;
 
-import java.io.BufferedWriter;
 import java.io.File;
-import java.io.FileWriter;
-import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -45,26 +42,24 @@ public class KubernetesClusterUpgradeWorker extends KubernetesClusterActionWorke
 
     private List<UserVm> clusterVMs = new ArrayList<>();
     private KubernetesSupportedVersion upgradeVersion;
+    private final String upgradeScriptFilename = "upgrade-kubernetes.sh";
     private File upgradeScriptFile;
     private long upgradeTimeoutTime;
+    private String[] keys;
 
     public KubernetesClusterUpgradeWorker(final KubernetesCluster kubernetesCluster,
                                           final KubernetesSupportedVersion upgradeVersion,
-                                          final KubernetesClusterManagerImpl clusterManager) {
+                                          final KubernetesClusterManagerImpl clusterManager,
+                                          final String[] keys) {
         super(kubernetesCluster, clusterManager);
         this.upgradeVersion = upgradeVersion;
+        this.keys = keys;
     }
 
-    private void retrieveUpgradeScriptFile() {
-        try {
-            String upgradeScriptData = readResourceFile("/script/upgrade-kubernetes.sh");
-            upgradeScriptFile = File.createTempFile("upgrade-kuberntes", ".sh");
-            BufferedWriter upgradeScriptFileWriter = new BufferedWriter(new FileWriter(upgradeScriptFile));
-            upgradeScriptFileWriter.write(upgradeScriptData);
-            upgradeScriptFileWriter.close();
-        } catch (IOException e) {
-            logAndThrow(Level.ERROR, String.format("Failed to upgrade Kubernetes cluster ID: %s, unable to prepare upgrade script", kubernetesCluster.getUuid()), e);
-        }
+    private void retrieveScriptFiles() {
+        upgradeScriptFile = retrieveScriptFile(upgradeScriptFilename);
+        autoscaleScriptFile = retrieveScriptFile(autoscaleScriptFilename);
+        deploySecretsScriptFile = retrieveScriptFile(deploySecretsScriptFilename);
     }
 
     private Pair<Boolean, String> runInstallScriptOnVM(final UserVm vm, final int index) throws Exception {
@@ -110,6 +105,8 @@ private void upgradeKubernetesClusterNodes() {
                 logTransitStateDetachIsoAndThrow(Level.ERROR, String.format("Failed to upgrade Kubernetes cluster ID: %s, upgrade action timed out", kubernetesCluster.getUuid()), kubernetesCluster, clusterVMs, KubernetesCluster.Event.OperationFailed, null);
             }
             try {
+                copyAutoscalerScripts(vm, i);
+                createCloudStackSecret(keys);
                 result = runInstallScriptOnVM(vm, i);
             } catch (Exception e) {
                 logTransitStateDetachIsoAndThrow(Level.ERROR, String.format("Failed to upgrade Kubernetes cluster ID: %s, unable to upgrade Kubernetes node on VM ID: %s", kubernetesCluster.getUuid(), vm.getUuid()), kubernetesCluster, clusterVMs, KubernetesCluster.Event.OperationFailed, e);
@@ -151,7 +148,7 @@ public boolean upgradeCluster() throws CloudRuntimeException {
         if (CollectionUtils.isEmpty(clusterVMs)) {
             logAndThrow(Level.ERROR, String.format("Upgrade failed for Kubernetes cluster ID: %s, unable to retrieve VMs for cluster", kubernetesCluster.getUuid()));
         }
-        retrieveUpgradeScriptFile();
+        retrieveScriptFiles();
         stateTransitTo(kubernetesCluster.getId(), KubernetesCluster.Event.UpgradeRequested);
         attachIsoKubernetesVMs(clusterVMs, upgradeVersion);
         upgradeKubernetesClusterNodes();