Giuseppe Lavagetto has uploaded a new change for review.
https://gerrit.wikimedia.org/r/323816
Change subject: calico: add module/profile to use as kubernetes networking
......................................................................
calico: add module/profile to use as kubernetes networking
Change-Id: If5824a3c1014435aec2f44c1c245bdeb64a048ff
---
A modules/calico/manifest/cni.pp
A modules/calico/manifest/init.pp
A modules/calico/templates/cni.conf.erb
A modules/calico/templates/initscripts/calico-node.systemd.erb
A modules/profile/manifests/calico/kubernetes.pp
5 files changed, 137 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/16/323816/1
diff --git a/modules/calico/manifest/cni.pp b/modules/calico/manifest/cni.pp
new file mode 100644
index 0000000..a973595
--- /dev/null
+++ b/modules/calico/manifest/cni.pp
@@ -0,0 +1,30 @@
+# == Class calico::cni
+#
+# Installs and configure the cni plugins for calico.
+
+class calico::cni {
+ require ::calico
+
+ package { 'cni':
+ ensure => $::calico::cni_version,
+ }
+
+ package { 'calico-cni':
+ ensure => $::calico::calico_cni_version,
+ }
+
+ $etcd_endpoints = $::calico::etcd::endpoints
+
+ file { ['/etc/cni', '/etc/cni/net.d']:
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ }
+
+ file { '/etc/cni/net.d/10-calico.conf':
+ content => template('calico/cni.conf.erb'),
+ owner => 'root',
+ group => 'root',
+ before => Package['calico-cni'],
+ }
+}
diff --git a/modules/calico/manifest/init.pp b/modules/calico/manifest/init.pp
new file mode 100644
index 0000000..08baaf2
--- /dev/null
+++ b/modules/calico/manifest/init.pp
@@ -0,0 +1,52 @@
+# == Class calico
+#
+# Installs and runs calico-node and calicoctl
+class calico($calico_version, $etcd_endpoints, $registry) {
+ requires_os('debian >= jessie')
+
+ file { '/etc/calico':
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ }
+
+ base::expose_puppet_certs { '/etc/calico':
+ ensure => present,
+ provide_private => false,
+ require => File['/etc/calico'],
+ }
+
+ # Needed for calicoctl
+ apt::pin { 'go':
+ package => 'golang-go-linux-amd64 golang-src',
+ pin => 'release a=jessie-backports',
+ priority => '1001',
+ before => Package['calicoctl'],
+ }
+
+
+ case $calico_version {
+ '2.0': {
+ $calicoctl_version = '1.0.0-betarc5-1~wmf1'
+ $calico_node_version = '1.0.0-beta-rc5'
+ $calico_cni_version = '1.5.0-1~wmf1'
+ $cni_version = '0.3.0-1~wmf1'
+ }
+ default: { fail('Unsupported calico version') }
+ }
+
+ package { 'calicoctl':
+ ensure => $calicoctl_version,
+ }
+
+ package { "${registry}/calico/node":
+ ensure => $calico_node_version,
+ provider => 'docker',
+ }
+
+ base::service_unit { 'calico-node':
+ ensure => present,
+ systemd => true,
+ require => Package['calico-node']
+ }
+}
diff --git a/modules/calico/templates/cni.conf.erb
b/modules/calico/templates/cni.conf.erb
new file mode 100644
index 0000000..da75240
--- /dev/null
+++ b/modules/calico/templates/cni.conf.erb
@@ -0,0 +1,18 @@
+{
+ "name": "calico-k8s-network",
+ "type": "calico",
+ "etcd_endpoints": "<%= @etcd_endpoints.join(',') %>",
+ "etcd_ca_cert_file": "/etc/ssl/certs/Puppet_Internal_CA.pem",
+ "etcd_key_file": "/etc/calico/ssl/server.key",
+ "etcd_cert_file": "/etc/calico/ssl/cert.pem",
+ "log_level": "info",
+ "ipam": {
+ "type": "calico-ipam"
+ },
+ "policy": {
+ "type": "k8s"
+ },
+ "kubernetes": {
+ "kubeconfig": "/etc/kubernetes/kubeconfig"
+ }
+}
diff --git a/modules/calico/templates/initscripts/calico-node.systemd.erb
b/modules/calico/templates/initscripts/calico-node.systemd.erb
new file mode 100644
index 0000000..cec315f
--- /dev/null
+++ b/modules/calico/templates/initscripts/calico-node.systemd.erb
@@ -0,0 +1,18 @@
+[Unit]
+Description=calico node
+After=docker.service
+Requires=docker.service
+
+[Service]
+User=root
+Environment="ETCD_ENDPOINTS=<%= @etcd_endpoints.join(',') %>"
+Environment="ETCD_CA=/etc/ssl/certs/Puppet_Internal_CA.pem"
+Environment="ETCD_KEY=/etc/calico/ssl/server.key"
+Environment="ETCD_CERT=/etc/calico/ssl/cert.pem"
+PermissionsStartOnly=true
+ExecStart=/usr/bin/docker run --net=host --privileged --name=calico-node -e
ETCD_ENDPOINTS= -e HOSTNAME=${HOSTNAME} -e IP= -e NO_DEFAULT_POOLS= -e AS= -e
ETCD_CA= -e ETCD_KEY= -e ETCD_CERT= -e ETCD_SCHEME=https -e
CALICO_LIBNETWORK_ENABLED=true -e IP6= -e CALICO_NETWORKING_BACKEND=bird -v
/var/run/calico:/var/run/calico -v /lib/modules:/lib/modules -v
/run/docker/plugins:/run/docker/plugins -v
/var/run/docker.sock:/var/run/docker.sock -v /var/log/calico:/var/log/calico
calico/node:v1.0.0-beta
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
diff --git a/modules/profile/manifests/calico/kubernetes.pp
b/modules/profile/manifests/calico/kubernetes.pp
new file mode 100644
index 0000000..1964be3
--- /dev/null
+++ b/modules/profile/manifests/calico/kubernetes.pp
@@ -0,0 +1,19 @@
+# == Class profile::calico::kubernetes
+#
+# Installs calico for use in a kubernetes cluster.
+# This follows
http://docs.projectcalico.org/v2.0/getting-started/kubernetes/installation/#manual-installation
+
+class profile::calico::kubernetes {
+ $etcd_endpoints = hiera('profile::calico::kubernetes::etcd_endpoints')
+ $calico_version = hiera('profile::calico::kubernetes::calico_version')
+ $registry = hiera('docker::registry')
+
+ class { 'calico':
+ etcd_endpoints => $etcd_endpoints,
+ calico_version => $calico_version,
+ registry => $registry,
+ }
+
+ class { 'calico-cni':
+ }
+}
--
To view, visit https://gerrit.wikimedia.org/r/323816
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If5824a3c1014435aec2f44c1c245bdeb64a048ff
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Giuseppe Lavagetto <glavage...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
