kontena-cli 0.13.4 → 0.14.0

data/lib/kontena/machine/packet/node_restarter.rb

@@ -0,0 +1,41 @@
+require 'shell-spinner'
+
+module Kontena
+  module Machine
+    module Packet
+      class NodeRestarter
+        include RandomName
+        include PacketCommon
+
+        attr_reader :client
+
+        # @param [String] token Packet api token
+        def initialize(token)
+          @client = login(token)
+        end
+
+        # @param [String] project_id Packet project id
+        # @param [String] token Node hostname
+        def run!(project_id, name)
+          device = client.list_devices(project_id).find{|d| d.hostname == name}
+          abort("Device #{name.colorize(:cyan)} not found in Packet") unless device
+          abort("Your version of 'packethost' gem does not support rebooting servers") unless client.respond_to?(:reboot_device)
+
+          ShellSpinner "Restarting Packet device #{device.hostname.colorize(:cyan)} " do
+            begin
+              response = client.reboot_device(device)
+              raise unless response.success?
+            rescue
+              abort "Cannot delete device #{name.colorize(:cyan)} in Packet"
+            end
+            sleep 5
+            until device && device.state == :active
+              device = find_device(project.id, device.hostname) rescue nil
+              sleep 5
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/kontena/machine/packet/packet_common.rb

@@ -0,0 +1,89 @@
+require 'erb'
+
+module Kontena
+  module Machine
+    module Packet
+      module PacketCommon
+        # @param [String] token Packet token
+        def login(token)
+          ::Packet::Client.new(token)
+        end
+
+        def create_ssh_key(ssh_key)
+          client.create_ssh_key(ssh_key_label(ssh_key))
+        end
+
+        def ssh_key_exist?(ssh_key)
+          client.list_ssh_keys.any?{|key| key.key == ssh_key}
+        end
+
+        def ssh_key_label(ssh_key)
+          label = ssh_key[/^ssh.+?\s+\S+\s+(.*)$/, 1].to_s.strip
+          label.empty? ? "kontena-ssh-key-#{rand(1..9)}" : label
+        end
+
+        # @param [String] keyfile_path Path to ssh keyfile
+        def check_or_create_ssh_key(keyfile_path)
+          abort('Ssh key file not found') unless File.exist?(keyfile_path)
+          abort('Ssh key file not readable') unless File.readable?(keyfile_path)
+          ssh_key = File.read(keyfile_path).strip
+          create_ssh_key(ssh_key) unless ssh_key_exist?(ssh_key)
+        end
+
+        def find_project(project_id)
+          client.list_projects.find{|project| project.id == project_id}
+        end
+
+        def find_device(project_id, device_hostname)
+          client.list_devices(project_id).find{|device| device.hostname == device_hostname}
+        end
+
+        def find_facility(facility_code)
+          client.list_facilities.find{|f| f.code == facility_code}
+        end
+
+        def find_os(os_code)
+          client.list_operating_systems.find{|os| os.slug == os_code}
+        end
+
+        def find_plan(plan_code)
+          client.list_plans.find{|plan| plan.slug == plan_code}
+        end
+
+        def device_public_ip(device)
+          api_retry "Packet API did not find a public ip address for the device" do
+            device.ip_addresses.find{|ip| ip['public'] && ip['address_family'] == 4}
+          end
+        end
+
+        # Retry API requests to recover from random tls errors
+        # @param [String] message Message to output when giving up
+        # @param [Fixnum] times Default: 5
+        def api_retry(message, times=5, &block)
+          attempt = 1
+          begin
+            yield
+          rescue => error
+            ENV['DEBUG'] && puts("Packet API error: #{error}: #{error.message} - attempt #{attempt}")
+            attempt += 1
+            if attempt < times
+              sleep 5 and retry
+            else
+              abort(message)
+            end
+          end
+        end
+
+        def user_data(vars, template_filename)
+          cloudinit_template = File.join(__dir__ , template_filename)
+          erb(File.read(cloudinit_template), vars)
+        end
+
+        def erb(template, vars)
+          ERB.new(template, nil, '%<>-').result(OpenStruct.new(vars).instance_eval { binding })
+        end
+      end
+    end
+  end
+end
+

data/lib/kontena/machine/upcloud.rb

@@ -0,0 +1,9 @@
+require 'excon'
+
+require_relative 'random_name'
+require_relative 'cert_helper'
+require_relative 'upcloud/upcloud_common'
+require_relative 'upcloud/node_provisioner'
+require_relative 'upcloud/node_destroyer'
+require_relative 'upcloud/node_restarter'
+require_relative 'upcloud/master_provisioner'

data/lib/kontena/machine/upcloud/cloudinit.yml

@@ -0,0 +1,64 @@
+#cloud-config
+write_files:
+  - path: /etc/kontena-agent.env
+    permissions: 0600
+    owner: root
+    content: |
+      KONTENA_URI="<%= master_uri %>"
+      KONTENA_TOKEN="<%= grid_token %>"
+      KONTENA_PEER_INTERFACE=eth1
+      KONTENA_VERSION=<%= version %>
+  - path: /etc/systemd/system/docker.service.d/50-kontena.conf
+    content: |
+        [Service]
+        Environment='DOCKER_OPTS=--insecure-registry="10.81.0.0/19" --bip="172.17.43.1/16"'
+  - path: /etc/sysctl.d/99-inotify.conf
+    owner: root
+    permissions: 0644
+    content: |
+      fs.inotify.max_user_instances = 8192
+  - path: /etc/resolv.conf
+    permissions: 0644
+    owner: root
+    content: |
+      nameserver 172.17.43.1
+      nameserver 8.8.8.8
+      nameserver 8.8.4.4
+coreos:
+  units:
+    - name: 10-weave.network
+      runtime: false
+      content: |
+        [Match]
+        Type=bridge
+        Name=weave*
+
+        [Network]
+    - name: kontena-agent.service
+      command: start
+      enable: true
+      content: |
+        [Unit]
+        Description=kontena-agent
+        After=network-online.target
+        After=docker.service
+        Description=Kontena Agent
+        Documentation=http://www.kontena.io/
+        Requires=network-online.target
+        Requires=docker.service
+
+        [Service]
+        Restart=always
+        RestartSec=5
+        EnvironmentFile=/etc/kontena-agent.env
+        ExecStartPre=-/usr/bin/docker stop kontena-agent
+        ExecStartPre=-/usr/bin/docker rm kontena-agent
+        ExecStartPre=/usr/bin/docker pull kontena/agent:${KONTENA_VERSION}
+        ExecStart=/usr/bin/docker run --name kontena-agent \
+            -e KONTENA_URI=${KONTENA_URI} \
+            -e KONTENA_TOKEN=${KONTENA_TOKEN} \
+            -e KONTENA_PEER_INTERFACE=${KONTENA_PEER_INTERFACE} \
+            -v=/var/run/docker.sock:/var/run/docker.sock \
+            -v=/etc/kontena-agent.env:/etc/kontena.env \
+            --net=host \
+            kontena/agent:${KONTENA_VERSION}

data/lib/kontena/machine/upcloud/cloudinit_master.yml

@@ -0,0 +1,118 @@
+#cloud-config
+write_files:
+  - path: /etc/kontena-server.env
+    permissions: 0600
+    owner: root
+    content: |
+      KONTENA_VERSION=<%= version %>
+      KONTENA_VAULT_KEY=<%= vault_secret %>
+      KONTENA_VAULT_IV=<%= vault_iv %>
+      <% if ssl_cert %>SSL_CERT="/etc/kontena-server.pem"
+
+  - path: /etc/kontena-server.pem
+    permissions: 0600
+    owner: root
+    content: | <% ssl_cert.split(/\n/).each do |row| %>
+      <%= row %><% end %><% end %>
+  - path: /opt/bin/kontena-haproxy.sh
+    permissions: 0755
+    owner: root
+    content: |
+      #!/bin/sh
+      if [ -n "$SSL_CERT" ]; then
+        SSL_CERT=$(awk 1 ORS='\\n' $SSL_CERT)
+      else
+        SSL_CERT="**None**"
+      fi
+      /usr/bin/docker run --name=kontena-server-haproxy \
+        --link kontena-server-api:kontena-server-api \
+        -e SSL_CERT="$SSL_CERT" \
+        -p 80:80 -p 443:443 kontena/haproxy:latest
+coreos:
+  units:
+<% unless mongodb_uri -%>
+    - name: kontena-server-mongo.service
+      command: start
+      enable: true
+      content: |
+        [Unit]
+        Description=kontena-server-mongo
+        After=network-online.target
+        After=docker.service
+        Description=Kontena Server MongoDB
+        Documentation=http://www.mongodb.org/
+        Requires=network-online.target
+        Requires=docker.service
+
+        [Service]
+        Restart=always
+        RestartSec=5
+        ExecStartPre=/usr/bin/docker pull mongo:3.0
+        ExecStartPre=-/usr/bin/docker create --name=kontena-server-mongo-data mongo:3.0
+        ExecStartPre=-/usr/bin/docker stop kontena-server-mongo
+        ExecStartPre=-/usr/bin/docker rm kontena-server-mongo
+        ExecStart=/usr/bin/docker run --name=kontena-server-mongo \
+            --volumes-from=kontena-server-mongo-data \
+            mongo:3.0 mongod --smallfiles
+<% end -%>
+    - name: kontena-server-api.service
+      command: start
+      enable: true
+      content: |
+        [Unit]
+        Description=kontena-server-api
+        After=network-online.target
+        After=docker.service
+        After=kontena-server-mongo.service
+        Description=Kontena Master
+        Documentation=http://www.kontena.io/
+        Before=kontena-server-haproxy.service
+        Wants=kontena-server-haproxy.service
+        Requires=network-online.target
+        Requires=docker.service
+<% unless mongodb_uri -%>
+        Requires=kontena-server-mongo.service
+<% end %>
+
+        [Service]
+        Restart=always
+        RestartSec=5
+        EnvironmentFile=/etc/kontena-server.env
+        ExecStartPre=-/usr/bin/docker stop kontena-server-api
+        ExecStartPre=-/usr/bin/docker rm kontena-server-api
+        ExecStartPre=/usr/bin/docker pull kontena/server:${KONTENA_VERSION}
+        ExecStart=/usr/bin/docker run --name kontena-server-api \
+<% if mongodb_uri -%>
+            -e MONGODB_URI=<%= mongodb_uri %> \
+<% else -%>
+            --link kontena-server-mongo:mongodb \
+            -e MONGODB_URI=mongodb://mongodb:27017/kontena_server \
+<% end -%>
+<% if auth_server %>
+            -e AUTH_API_URL=<%= auth_server %> \
+<% end -%>
+            -e VAULT_KEY=${KONTENA_VAULT_KEY} -e VAULT_IV=${KONTENA_VAULT_IV} \
+            kontena/server:${KONTENA_VERSION}
+
+    - name: kontena-server-haproxy.service
+      command: start
+      enable: true
+      content: |
+        [Unit]
+        Description=kontena-server-haproxy
+        After=network-online.target
+        After=docker.service
+        Description=Kontena Server HAProxy
+        Documentation=http://www.kontena.io/
+        Requires=network-online.target
+        Requires=docker.service
+        Requires=kontena-server-api.service
+
+        [Service]
+        Restart=always
+        RestartSec=5
+        EnvironmentFile=/etc/kontena-server.env
+        ExecStartPre=-/usr/bin/docker stop kontena-server-haproxy
+        ExecStartPre=-/usr/bin/docker rm kontena-server-haproxy
+        ExecStartPre=/usr/bin/docker pull kontena/haproxy:latest
+        ExecStart=/opt/bin/kontena-haproxy.sh

data/lib/kontena/machine/upcloud/master_provisioner.rb

@@ -0,0 +1,136 @@
+require 'fileutils'
+require 'erb'
+require 'open3'
+require 'shell-spinner'
+
+module Kontena
+  module Machine
+    module Upcloud
+      class MasterProvisioner
+        include RandomName
+        include Machine::CertHelper
+        include UpcloudCommon
+
+        attr_reader :http_client, :username, :password
+
+        # @param [String] token Upcloud token
+        def initialize(upcloud_username, upcloud_password)
+          @username = upcloud_username
+          @password = upcloud_password
+        end
+
+        def run!(opts)
+          if File.readable?(File.expand_path(opts[:ssh_key]))
+            ssh_key = File.read(File.expand_path(opts[:ssh_key])).strip
+          end
+
+          abort('Invalid ssh key') unless ssh_key && ssh_key.start_with?('ssh-')
+
+          if opts[:ssl_cert]
+            abort('Invalid ssl cert') unless File.exists?(File.expand_path(opts[:ssl_cert]))
+            ssl_cert = File.read(File.expand_path(opts[:ssl_cert]))
+          else
+            ShellSpinner "Generating self-signed SSL certificate" do
+              ssl_cert = generate_self_signed_cert
+            end
+          end
+
+          abort('CoreOS template not found on Upcloud') unless coreos_template = find_template('CoreOS Stable')
+          abort('Server plan not found on Upcloud') unless plan = find_plan(opts[:plan])
+          abort('Zone not found on Upcloud') unless zone_exist?(opts[:zone])
+
+          hostname = generate_name
+
+          userdata_vars = {
+              ssl_cert: ssl_cert,
+              auth_server: opts[:auth_server],
+              version: opts[:version],
+              vault_secret: opts[:vault_secret],
+              vault_iv: opts[:vault_iv],
+              mongodb_uri: opts[:mongodb_uri]
+          }
+
+          device_data = {
+            server: {
+              zone: opts[:zone],
+              title: "Kontena Master #{hostname}",
+              hostname: hostname,
+              plan: plan[:name],
+              vnc: 'off',
+              timezone: 'UTC',
+              user_data: user_data(userdata_vars),
+              firewall: 'off',
+              storage_devices: {
+                storage_device: [
+                  {
+                    action: 'clone',
+                    storage: coreos_template[:uuid],
+                    title: "From template #{coreos_template[:title]}",
+                    size: plan[:storage_size],
+                    tier: 'maxiops'
+                  }
+                ]
+              },
+              login_user: {
+                create_password: 'no',
+                username: 'root',
+                ssh_keys: {
+                  ssh_key: [ssh_key]
+                }
+              }
+            }
+          }.to_json
+
+          ShellSpinner "Creating Upcloud master #{hostname.colorize(:cyan)} " do
+            response = post('server', body: device_data)
+            if response.has_key?(:error)
+              abort("\nUpcloud server creation failed (#{response[:error].fetch(:error_message, '')})")
+            end
+            device_data = response[:server]
+
+            until device_data && device_data.fetch(:state, nil).to_s == 'maintenance'
+              device_data = get("server/#{device[:uuid]}").fetch(:server, {}) rescue nil
+              sleep 5
+            end
+          end
+
+          device_public_ip = device_data[:ip_addresses][:ip_address].find do |ip|
+            ip[:access].eql?('public') && ip[:family].eql?('IPv4')
+          end
+
+          abort('Server public ip not found, destroy manually.') unless device_public_ip
+
+          master_url = "https://#{device_public_ip[:address]}"
+          Excon.defaults[:ssl_verify_peer] = false
+          @http_client = Excon.new("#{master_url}", :connect_timeout => 10)
+
+          ShellSpinner "Waiting for #{hostname.colorize(:cyan)} to start" do
+            sleep 5 until master_running?
+          end
+
+          puts "Kontena Master is now running at #{master_url}"
+          puts "Use #{"kontena login --name=#{hostname.sub('kontena-master-', '')} #{master_url}".colorize(:light_black)} to complete Kontena Master setup"
+        end
+
+        def user_data(vars)
+          cloudinit_template = File.join(__dir__ , '/cloudinit_master.yml')
+          erb(File.read(cloudinit_template), vars)
+        end
+
+        def generate_name
+          "kontena-master-#{super}-#{rand(1..9)}"
+        end
+
+        def master_running?
+          http_client.get(path: '/').status == 200
+        rescue
+          false
+        end
+
+        def erb(template, vars)
+          ERB.new(template, nil, '%<>-').result(OpenStruct.new(vars).instance_eval { binding })
+        end
+      end
+    end
+  end
+end