// Start launches a master. It will error if possible, but some background processes may still // be running and the process should exit after it finishes. func (m *Master) Start() error { // Allow privileged containers // TODO: make this configurable and not the default https://github.com/openshift/origin/issues/662 capabilities.Initialize(capabilities.Capabilities{ AllowPrivileged: true, PrivilegedSources: capabilities.PrivilegedSources{ HostNetworkSources: []string{kubelettypes.ApiserverSource, kubelettypes.FileSource}, HostPIDSources: []string{kubelettypes.ApiserverSource, kubelettypes.FileSource}, HostIPCSources: []string{kubelettypes.ApiserverSource, kubelettypes.FileSource}, }, }) openshiftConfig, err := origin.BuildMasterConfig(*m.config) if err != nil { return err } kubeMasterConfig, err := BuildKubernetesMasterConfig(openshiftConfig) if err != nil { return err } switch { case m.api: glog.Infof("Starting master on %s (%s)", m.config.ServingInfo.BindAddress, version.Get().String()) glog.Infof("Public master address is %s", m.config.AssetConfig.MasterPublicURL) if len(m.config.DisabledFeatures) > 0 { glog.V(4).Infof("Disabled features: %s", strings.Join(m.config.DisabledFeatures, ", ")) } glog.Infof("Using images from %q", openshiftConfig.ImageFor("<component>")) if err := StartAPI(openshiftConfig, kubeMasterConfig); err != nil { return err } case m.controllers: glog.Infof("Starting controllers on %s (%s)", m.config.ServingInfo.BindAddress, version.Get().String()) if len(m.config.DisabledFeatures) > 0 { glog.V(4).Infof("Disabled features: %s", strings.Join(m.config.DisabledFeatures, ", ")) } glog.Infof("Using images from %q", openshiftConfig.ImageFor("<component>")) if err := startHealth(openshiftConfig); err != nil { return err } } if m.controllers { // run controllers asynchronously (not required to be "ready") go func() { if err := startControllers(openshiftConfig, kubeMasterConfig); err != nil { glog.Fatal(err) } openshiftConfig.Informers.Start(utilwait.NeverStop) }() } return nil }
func setupBuildControllerTest(counts controllerCount, t *testing.T) (*client.Client, *kclientset.Clientset) { testutil.RequireEtcd(t) master, clusterAdminKubeConfig, err := testserver.StartTestMaster() if err != nil { t.Fatal(err) } clusterAdminClient, err := testutil.GetClusterAdminClient(clusterAdminKubeConfig) if err != nil { t.Fatal(err) } clusterAdminKubeClientset, err := testutil.GetClusterAdminKubeClient(clusterAdminKubeConfig) if err != nil { t.Fatal(err) } _, err = clusterAdminKubeClientset.Core().Namespaces().Create(&kapi.Namespace{ ObjectMeta: kapi.ObjectMeta{Name: testutil.Namespace()}, }) if err != nil { t.Fatal(err) } if err := testserver.WaitForServiceAccounts(clusterAdminKubeClientset, testutil.Namespace(), []string{bootstrappolicy.BuilderServiceAccountName, bootstrappolicy.DefaultServiceAccountName}); err != nil { t.Fatalf("unexpected error: %v", err) } openshiftConfig, err := origin.BuildMasterConfig(*master) if err != nil { t.Fatal(err) } // Get the build controller clients, since those rely on service account tokens // We don't want to proceed with the rest of the test until those are available openshiftConfig.BuildControllerClients() for i := 0; i < counts.BuildControllers; i++ { openshiftConfig.RunBuildController(openshiftConfig.Informers) } for i := 0; i < counts.BuildPodControllers; i++ { openshiftConfig.RunBuildPodController() } for i := 0; i < counts.ImageChangeControllers; i++ { openshiftConfig.RunBuildImageChangeTriggerController() } for i := 0; i < counts.ConfigChangeControllers; i++ { openshiftConfig.RunBuildConfigChangeController() } return clusterAdminClient, clusterAdminKubeClientset }
func (o *DebugAPIServerOptions) StartAPIServer(masterConfig configapi.MasterConfig) error { openshiftConfig, err := origin.BuildMasterConfig(masterConfig) if err != nil { return err } kubeMasterConfig, err := start.BuildKubernetesMasterConfig(openshiftConfig) if err != nil { return err } fmt.Printf("Starting master on %s\n", masterConfig.ServingInfo.BindAddress) fmt.Printf("Public master address is %s\n", masterConfig.AssetConfig.MasterPublicURL) return start.StartAPI(openshiftConfig, kubeMasterConfig) }
func setupBuildControllerTest(additionalBuildControllers, additionalBuildPodControllers, additionalImageChangeControllers int, t *testing.T) (*client.Client, *kclient.Client) { master, clusterAdminKubeConfig, err := testutil.StartTestMaster() checkErr(t, err) clusterAdminClient, err := testutil.GetClusterAdminClient(clusterAdminKubeConfig) checkErr(t, err) clusterAdminKubeClient, err := testutil.GetClusterAdminKubeClient(clusterAdminKubeConfig) checkErr(t, err) _, err = clusterAdminKubeClient.Namespaces().Create(&kapi.Namespace{ ObjectMeta: kapi.ObjectMeta{Name: testutil.Namespace()}, }) checkErr(t, err) if err := testutil.WaitForServiceAccounts(clusterAdminKubeClient, testutil.Namespace(), []string{bootstrappolicy.BuilderServiceAccountName, bootstrappolicy.DefaultServiceAccountName}); err != nil { t.Errorf("unexpected error: %v", err) } openshiftConfig, err := origin.BuildMasterConfig(*master) checkErr(t, err) // Get the build controller clients, since those rely on service account tokens // We don't want to proceed with the rest of the test until those are available openshiftConfig.BuildControllerClients() for i := 0; i < additionalBuildControllers; i++ { openshiftConfig.RunBuildController() } for i := 0; i < additionalBuildPodControllers; i++ { openshiftConfig.RunBuildPodController() } for i := 0; i < additionalImageChangeControllers; i++ { openshiftConfig.RunBuildImageChangeTriggerController() } return clusterAdminClient, clusterAdminKubeClient }
func StartMaster(openshiftMasterConfig *configapi.MasterConfig) error { glog.Infof("Starting an OpenShift master, reachable at %s (etcd: %v)", openshiftMasterConfig.ServingInfo.BindAddress, openshiftMasterConfig.EtcdClientInfo.URLs) glog.Infof("OpenShift master public address is %s", openshiftMasterConfig.AssetConfig.MasterPublicURL) if openshiftMasterConfig.EtcdConfig != nil { etcd.RunEtcd(openshiftMasterConfig.EtcdConfig) } // Allow privileged containers // TODO: make this configurable and not the default https://github.com/openshift/origin/issues/662 capabilities.Initialize(capabilities.Capabilities{ AllowPrivileged: true, HostNetworkSources: []string{kubelet.ApiserverSource, kubelet.FileSource}, }) openshiftConfig, err := origin.BuildMasterConfig(*openshiftMasterConfig) if err != nil { return err } go func() { openshiftConfig.ControllerPlug.WaitForStop() glog.Fatalf("Master shutdown requested") }() // Must start policy caching immediately openshiftConfig.RunPolicyCache() openshiftConfig.RunProjectCache() unprotectedInstallers := []origin.APIInstaller{} if openshiftMasterConfig.OAuthConfig != nil { authConfig, err := origin.BuildAuthConfig(*openshiftMasterConfig) if err != nil { return err } unprotectedInstallers = append(unprotectedInstallers, authConfig) } var standaloneAssetConfig *origin.AssetConfig if openshiftMasterConfig.AssetConfig != nil { config, err := origin.BuildAssetConfig(*openshiftMasterConfig.AssetConfig) if err != nil { return err } if openshiftMasterConfig.AssetConfig.ServingInfo.BindAddress == openshiftMasterConfig.ServingInfo.BindAddress { unprotectedInstallers = append(unprotectedInstallers, config) } else { standaloneAssetConfig = config } } var kubeConfig *kubernetes.MasterConfig if openshiftMasterConfig.KubernetesMasterConfig != nil { kubeConfig, err = kubernetes.BuildKubernetesMasterConfig(*openshiftMasterConfig, openshiftConfig.RequestContextMapper, openshiftConfig.KubeClient()) if err != nil { return err } openshiftConfig.Run([]origin.APIInstaller{kubeConfig}, unprotectedInstallers) } else { _, kubeConfig, err := configapi.GetKubeClient(openshiftMasterConfig.MasterClients.ExternalKubernetesKubeConfig) if err != nil { return err } proxy := &kubernetes.ProxyConfig{ ClientConfig: kubeConfig, } openshiftConfig.Run([]origin.APIInstaller{proxy}, unprotectedInstallers) } glog.Infof("Using images from %q", openshiftConfig.ImageFor("<component>")) if standaloneAssetConfig != nil { standaloneAssetConfig.Run() } if openshiftMasterConfig.DNSConfig != nil { openshiftConfig.RunDNSServer() } openshiftConfig.RunProjectAuthorizationCache() if openshiftMasterConfig.Controllers != configapi.ControllersDisabled { go func() { openshiftConfig.ControllerPlug.WaitForStart() glog.Infof("Master controllers starting (%s)", openshiftMasterConfig.Controllers) // Start these first, because they provide credentials for other controllers' clients openshiftConfig.RunServiceAccountsController() openshiftConfig.RunServiceAccountTokensController() // used by admission controllers openshiftConfig.RunServiceAccountPullSecretsControllers() openshiftConfig.RunSecurityAllocationController() if kubeConfig != nil { _, rcClient, err := openshiftConfig.GetServiceAccountClients(openshiftConfig.ReplicationControllerServiceAccount) if err != nil { glog.Fatalf("Could not get client for replication controller: %v", err) } // called by admission control kubeConfig.RunResourceQuotaManager() // no special order kubeConfig.RunNodeController() kubeConfig.RunScheduler() kubeConfig.RunReplicationController(rcClient) kubeConfig.RunEndpointController() kubeConfig.RunNamespaceController() kubeConfig.RunPersistentVolumeClaimBinder() kubeConfig.RunPersistentVolumeClaimRecycler(openshiftConfig.ImageFor("deployer")) } // no special order openshiftConfig.RunBuildController() openshiftConfig.RunBuildPodController() openshiftConfig.RunBuildImageChangeTriggerController() openshiftConfig.RunDeploymentController() openshiftConfig.RunDeployerPodController() openshiftConfig.RunDeploymentConfigController() openshiftConfig.RunDeploymentConfigChangeController() openshiftConfig.RunDeploymentImageChangeTriggerController() openshiftConfig.RunImageImportController() openshiftConfig.RunOriginNamespaceController() openshiftConfig.RunSDNController() }() } return nil }
func StartMaster(openshiftMasterConfig *configapi.MasterConfig) error { glog.Infof("Starting master on %s (%s)", openshiftMasterConfig.ServingInfo.BindAddress, version.Get().String()) glog.Infof("Public master address is %s", openshiftMasterConfig.AssetConfig.MasterPublicURL) if len(openshiftMasterConfig.DisabledFeatures) > 0 { glog.V(4).Infof("Disabled features: %s", strings.Join(openshiftMasterConfig.DisabledFeatures, ", ")) } if openshiftMasterConfig.EtcdConfig != nil { etcd.RunEtcd(openshiftMasterConfig.EtcdConfig) } // Allow privileged containers // TODO: make this configurable and not the default https://github.com/openshift/origin/issues/662 capabilities.Initialize(capabilities.Capabilities{ AllowPrivileged: true, HostNetworkSources: []string{kubelet.ApiserverSource, kubelet.FileSource}, }) openshiftConfig, err := origin.BuildMasterConfig(*openshiftMasterConfig) if err != nil { return err } // verify we can connect to etcd with the provided config if err := etcd.TestEtcdClient(openshiftConfig.EtcdClient); err != nil { return err } // Must start policy caching immediately openshiftConfig.RunGroupCache() openshiftConfig.RunPolicyCache() openshiftConfig.RunProjectCache() unprotectedInstallers := []origin.APIInstaller{} if openshiftMasterConfig.OAuthConfig != nil { authConfig, err := origin.BuildAuthConfig(*openshiftMasterConfig) if err != nil { return err } unprotectedInstallers = append(unprotectedInstallers, authConfig) } var standaloneAssetConfig *origin.AssetConfig if openshiftConfig.WebConsoleEnabled() { config, err := origin.BuildAssetConfig(*openshiftMasterConfig.AssetConfig) if err != nil { return err } if openshiftMasterConfig.AssetConfig.ServingInfo.BindAddress == openshiftMasterConfig.ServingInfo.BindAddress { unprotectedInstallers = append(unprotectedInstallers, config) } else { standaloneAssetConfig = config } } startKubeMaster, kubeMasterConfig, err := buildKubernetesMasterConfig(openshiftConfig) if err != nil { return err } if startKubeMaster { openshiftConfig.Run([]origin.APIInstaller{kubeMasterConfig}, unprotectedInstallers) } else { _, kubeMasterConfig, err := configapi.GetKubeClient(openshiftConfig.Options.MasterClients.ExternalKubernetesKubeConfig) if err != nil { return err } proxy := &kubernetes.ProxyConfig{ ClientConfig: kubeMasterConfig, } openshiftConfig.Run([]origin.APIInstaller{proxy}, unprotectedInstallers) } glog.Infof("Using images from %q", openshiftConfig.ImageFor("<component>")) if standaloneAssetConfig != nil { standaloneAssetConfig.Run() } if openshiftMasterConfig.DNSConfig != nil { openshiftConfig.RunDNSServer() } openshiftConfig.RunProjectAuthorizationCache() // controllers don't block startup go func() { if err := StartControllers(openshiftConfig, kubeMasterConfig); err != nil { glog.Fatal(err) } }() return nil }
// RunMaster takes the options and: // 1. Creates certs if needed // 2. Reads fully specified master config OR builds a fully specified master config from the args // 3. Writes the fully specified master config and exits if needed // 4. Starts the master based on the fully specified config func (o MasterOptions) RunMaster() error { startUsingConfigFile := !o.IsWriteConfigOnly() && o.IsRunFromConfig() if !startUsingConfigFile && o.CreateCertificates { glog.V(2).Infof("Generating master configuration") if err := o.CreateCerts(); err != nil { return err } if err := o.CreateBootstrapPolicy(); err != nil { return err } } var masterConfig *configapi.MasterConfig var err error if startUsingConfigFile { masterConfig, err = configapilatest.ReadAndResolveMasterConfig(o.ConfigFile) } else { masterConfig, err = o.MasterArgs.BuildSerializeableMasterConfig() } if err != nil { return err } if o.IsWriteConfigOnly() { // Resolve relative to CWD cwd, err := os.Getwd() if err != nil { return err } if err := configapi.ResolveMasterConfigPaths(masterConfig, cwd); err != nil { return err } // Relativize to config file dir base, err := cmdutil.MakeAbs(filepath.Dir(o.MasterArgs.GetConfigFileToWrite()), cwd) if err != nil { return err } if err := configapi.RelativizeMasterConfigPaths(masterConfig, base); err != nil { return err } content, err := configapilatest.WriteYAML(masterConfig) if err != nil { return err } if err := os.MkdirAll(path.Dir(o.MasterArgs.GetConfigFileToWrite()), os.FileMode(0755)); err != nil { return err } if err := ioutil.WriteFile(o.MasterArgs.GetConfigFileToWrite(), content, 0644); err != nil { return err } fmt.Fprintf(o.Output, "Wrote master config to: %s\n", o.MasterArgs.GetConfigFileToWrite()) return nil } // Inject disabled feature flags based on distribution being used and // regardless of configuration. They aren't written to config file to // prevent upgrade path issues. masterConfig.DisabledFeatures.Add(o.DisabledFeatures...) validationResults := validation.ValidateMasterConfig(masterConfig) if len(validationResults.Warnings) != 0 { for _, warning := range validationResults.Warnings { glog.Warningf("%v", warning) } } if len(validationResults.Errors) != 0 { return kerrors.NewInvalid("MasterConfig", o.ConfigFile, validationResults.Errors) } if !o.MasterArgs.StartControllers { masterConfig.Controllers = configapi.ControllersDisabled } if !o.MasterArgs.StartAPI { openshiftConfig, err := origin.BuildMasterConfig(*masterConfig) if err != nil { return err } _, kubeMasterConfig, err := buildKubernetesMasterConfig(openshiftConfig) if err != nil { return err } return StartControllers(openshiftConfig, kubeMasterConfig) } return StartMaster(masterConfig) }