From 4cdcbb1b8bf42fc35f4a4ca6abe27efb4cc4a196 Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Tue, 5 Apr 2016 18:09:18 -0700 Subject: [PATCH] *: Change default FileStore data location to /var/lib/bootcfg * Change assets download location to examples/assets * FileStore should default to /var/lib/bootcfg/{profiles,groups, ignition,cloud} * Assets location should default to /var/lib/bootcfg/assets * Fix -rpcAddress flag to be -rpc-address --- CHANGES.md | 16 +++++++++----- Documentation/config.md | 41 +++++++++++++++++++++++------------- Documentation/dev/develop.md | 6 +++--- cmd/bootcfg/main.go | 6 +++--- examples/README.md | 12 +++++------ scripts/get-coreos | 2 +- scripts/pixiecore | 7 ------ scripts/tls/k8s-certgen | 4 ++-- 8 files changed, 52 insertions(+), 42 deletions(-) delete mode 100755 scripts/pixiecore diff --git a/CHANGES.md b/CHANGES.md index bbf54332..1f472e2e 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,25 +4,31 @@ * Add initial gRPC client and server packages * Add initial Grub net boot support and an example +* Add initial command line client tool * Add detached OpenPGP signature endpoints (`.sig`) #### Changes * Profiles + - Move Profiles to JSON files under `/var/lib/bootcfg/profiles` - Rename `Spec` to `Profile` - - Move Profiles to JSON files under `/etc/bootcfg/profiles` * Groups - - Move Groups to JSON files under `/etc/bootcfg/groups` + - Move Groups to JSON files under `/var/lib/bootcfg/groups` - Require Group metadata to be valid JSON - Rename groups field `spec` to `profile` -* Discontinue reading groups from the `-config` file. Remove the flag. -* Change default `-data-path` to `/etc/bootcfg` -* Change default `-assets-path` to `/var/bootcfg` +* Stop parsing Groups from the `-config` YAML file. Remove the flag. +* Change default `-data-path` to `/var/lib/bootcfg` +* Change default `-assets-path` to `/var/lib/bootcfg/assets` +* Change the default assets download location to `examples/assets` * Remove HTTP `/spec/id` JSON endpoint #### New Examples * Examples which PXE boot with or without a root partition +* Example Kubernetes cluster installed to disk +* Example etcd cluster installed to disk +* Setup fleet in multi-node example clusters +* Convert all Cloud-Configs to Ignition ## v0.2.0 (2016-02-09) diff --git a/Documentation/config.md b/Documentation/config.md index 846397fc..95a41918 100644 --- a/Documentation/config.md +++ b/Documentation/config.md @@ -5,10 +5,10 @@ Configuration arguments can be provided as flags or as environment variables. | flag | variable | example | |------|----------|---------| -| -address | BOOTCFG_ADDRESS | 127.0.0.1:8080 | -| -config | BOOTCFG_CONFIG | /etc/bootcfg.conf | -| -data-path | BOOTCFG_DATA_PATH | /etc/bootcfg | -| -assets-path | BOOTCFG_ASSETS_PATH | /var/bootcfg | +| -address | BOOTCFG_ADDRESS | 0.0.0.0:8080 | +| -rpc-address | BOOTCFG_RPC_ADDRESS | 127.0.0.1:8081 +| -data-path | BOOTCFG_DATA_PATH | /var/lib/bootcfg | +| -assets-path | BOOTCFG_ASSETS_PATH | /var/lib/bootcfg/assets | | -key-ring-path | BOOTCFG_KEY_RING_PATH | ~/.secrets/vault/bootcfg/secring.gpg | | Disallowed | BOOTCFG_PASSPHRASE | secret passphrase | | -log-level | BOOTCFG_LOG_LEVEL | critical, error, warning, notice, info, debug | @@ -17,9 +17,8 @@ Configuration arguments can be provided as flags or as environment variables. | Contents | Default Location | |-----------|-------------------| -| conf file | /etc/bootcfg.conf | -| configs | /etc/bootcfg/{profiles,ignition,cloud} | -| assets | /var/bootcfg/ | +| data | /var/lib/bootcfg/{profiles,groups,ignition,cloud} | +| assets | /var/lib/bootcfg/assets | ## Check Version @@ -27,31 +26,43 @@ Configuration arguments can be provided as flags or as environment variables. sudo rkt --insecure-options=image run quay.io/coreos/bootcfg:latest -- -version sudo docker run quay.io/coreos/bootcfg:latest -version +## Minimal + +Start the latest ACI with rkt. + + sudo rkt --insecure-options=image run --net=metal0:IP=172.15.0.2 --mount volume=assets,target=/var/lib/bootcfg/assets --volume data,kind=host,source=$PWD/examples/assets quay.io/coreos/bootcfg:latest -- -address=0.0.0.0:8080 -log-level=debug + +Start the latest Docker image. + + sudo docker run -p 8080:8080 --rm -v $PWD/examples/assets:/var/lib/bootcfg/assets:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug + +To start containers with the example machine Groups and Profiles, see the commands below. + ## Examples Run the binary. - ./bin/bootcfg -address=0.0.0.0:8080 -log-level=debug -data-path examples/ -config examples/etcd-rkt.yaml + ./bin/bootcfg -address=0.0.0.0:8080 -log-level=debug -data-path=examples -assets-path=examples/assets -Run the latest ACI with rkt. +Run the latest ACI with rkt. Mounts are used to add the provided examples. - sudo rkt --insecure-options=image run --net=metal0:IP=172.15.0.2 --mount volume=assets,target=/var/bootcfg --volume assets,kind=host,source=$PWD/assets --mount volume=data,target=/etc/bootcfg --volume data,kind=host,source=$PWD/examples quay.io/coreos/bootcfg:latest -- -address=0.0.0.0:8080 -log-level=debug -config /etc/bootcfg/etcd-rkt.yaml + sudo rkt --insecure-options=image run --net=metal0:IP=172.15.0.2 --mount volume=data,target=/var/lib/bootcfg --volume data,kind=host,source=$PWD/examples --mount volume=groups,target=/var/lib/bootcfg/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd quay.io/coreos/bootcfg:latest -- -address=0.0.0.0:8080 -log-level=debug -Run the latest Docker image. +Run the latest Docker image. Mounts are used to add the provided examples. - sudo docker run -p 8080:8080 --rm -v $PWD/examples:/etc/bootcfg:Z -v $PWD/assets:/var/bootcfg:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug -config /etc/bootcfg/etcd-docker.yaml + sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/bootcfg:Z -v $PWD/examples/groups/etcd:/var/lib/bootcfg/groups:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug #### With [OpenPGP Signing](openpgp.md) Run with the binary with a test key. export BOOTCFG_PASSPHRASE=test - ./bin/bootcfg -address=0.0.0.0:8080 -key-ring-path bootcfg/sign/fixtures/secring.gpg -data-path examples/ -config examples/etcd-rkt.yaml + ./bin/bootcfg -address=0.0.0.0:8080 -key-ring-path bootcfg/sign/fixtures/secring.gpg -data-path=examples -assets-path=examples/assets Run the ACI with a test key. - sudo rkt --insecure-options=image run --net=metal0:IP=172.15.0.2 --set-env=BOOTCFG_PASSPHRASE=test --mount volume=secrets,target=/secrets --volume secrets,kind=host,source=$PWD/bootcfg/sign/fixtures --mount volume=assets,target=/var/bootcfg --volume assets,kind=host,source=$PWD/assets --mount volume=data,target=/etc/bootcfg --volume data,kind=host,source=$PWD/examples quay.io/coreos/bootcfg:latest -- -address=0.0.0.0:8080 -config /etc/bootcfg/etcd-rkt.yaml -key-ring-path secrets/secring.gpg + sudo rkt --insecure-options=image run --net=metal0:IP=172.15.0.2 --set-env=BOOTCFG_PASSPHRASE=test --mount volume=secrets,target=/secrets --volume secrets,kind=host,source=$PWD/bootcfg/sign/fixtures --mount volume=data,target=/var/lib/bootcfg --volume data,kind=host,source=$PWD/examples --mount volume=groups,target=/var/lib/bootcfg/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd quay.io/coreos/bootcfg:latest -- -address=0.0.0.0:8080 -key-ring-path secrets/secring.gpg Run the Docker image with a test key. - sudo docker run -p 8080:8080 --rm --env BOOTCFG_PASSPHRASE=test -v $PWD/examples:/etc/bootcfg:Z -v $PWD/assets:/var/bootcfg:Z -v $PWD/bootcfg/sign/fixtures:/secrets:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug -config /etc/bootcfg/etcd-docker.yaml -key-ring-path secrets/secring.gpg + sudo docker run -p 8080:8080 --rm --env BOOTCFG_PASSPHRASE=test -v $PWD/examples:/var/lib/bootcfg:Z -v $PWD/examples/groups/etcd:/var/lib/bootcfg/groups:Z -v $PWD/bootcfg/sign/fixtures:/secrets:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug -key-ring-path secrets/secring.gpg diff --git a/Documentation/dev/develop.md b/Documentation/dev/develop.md index e2004c6a..832af464 100644 --- a/Documentation/dev/develop.md +++ b/Documentation/dev/develop.md @@ -33,12 +33,12 @@ Alternately, build a Docker image `coreos/bootcfg:latest`. Run the binary. - ./bin/bootcfg -address=0.0.0.0:8080 -log-level=debug -data-path examples -assets-path assets + ./bin/bootcfg -address=0.0.0.0:8080 -log-level=debug -data-path examples -assets-path examples/assets Run the ACI with rkt on `metal0`. - sudo rkt --insecure-options=image run --net=metal0:IP=172.15.0.2 --mount volume=assets,target=/var/bootcfg --volume assets,kind=host,source=$PWD/assets --mount volume=data,target=/etc/bootcfg --volume data,kind=host,source=$PWD/examples --mount volume=groups,target=/etc/bootcfg/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd bootcfg.aci -- -address=0.0.0.0:8080 -log-level=debug + sudo rkt --insecure-options=image run --net=metal0:IP=172.15.0.2 --mount volume=data,target=/var/lib/bootcfg --volume data,kind=host,source=$PWD/examples --mount volume=groups,target=/var/lib/bootcfg/groups --volume groups,kind=host,source=$PWD/examples/groups/etcd bootcfg.aci -- -address=0.0.0.0:8080 -log-level=debug Alternately, run the Docker image on `docker0`. - sudo docker run -p 8080:8080 --rm -v $PWD/examples:/etc/bootcfg:Z -v $PWD/assets:/var/bootcfg:Z -v $PWD/examples/groups/etcd:/etc/bootcfg/groups:Z coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug \ No newline at end of file + sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/bootcfg:Z -v $PWD/examples/groups/etcd:/var/lib/bootcfg/groups:Z coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug \ No newline at end of file diff --git a/cmd/bootcfg/main.go b/cmd/bootcfg/main.go index f7feaf6a..c312a73d 100644 --- a/cmd/bootcfg/main.go +++ b/cmd/bootcfg/main.go @@ -37,9 +37,9 @@ func main() { help bool }{} flag.StringVar(&flags.address, "address", "127.0.0.1:8080", "HTTP listen address") - flag.StringVar(&flags.rpcAddress, "rpcAddress", "", "RPC listen address") - flag.StringVar(&flags.dataPath, "data-path", "/etc/bootcfg", "Path to data directory") - flag.StringVar(&flags.assetsPath, "assets-path", "/var/bootcfg", "Path to static assets") + flag.StringVar(&flags.rpcAddress, "rpc-address", "", "RPC listen address") + flag.StringVar(&flags.dataPath, "data-path", "/var/lib/bootcfg", "Path to data directory") + flag.StringVar(&flags.assetsPath, "assets-path", "/var/lib/bootcfg/assets", "Path to static assets") flag.StringVar(&flags.keyRingPath, "key-ring-path", "", "Path to a private keyring file") // available log levels https://godoc.org/github.com/coreos/pkg/capnslog#LogLevel flag.StringVar(&flags.logLevel, "log-level", "info", "Set the logging level") diff --git a/examples/README.md b/examples/README.md index 3db16319..06091d49 100644 --- a/examples/README.md +++ b/examples/README.md @@ -43,7 +43,7 @@ The Kubernetes examples create Kubernetes clusters with CoreOS hosts and TLS aut ### Assets -Download the CoreOS PXE image assets to `assets/coreos`. These images are served to network boot machines by `bootcfg`. +Download the CoreOS PXE image assets to `examples/assets/coreos`. These images are served to network boot machines by `bootcfg`. ./scripts/get-coreos alpha 983.0.0 @@ -51,11 +51,11 @@ Download the CoreOS PXE image assets to `assets/coreos`. These images are served Generate a root CA and Kubernetes TLS assets for components (`admin`, `apiserver`, `worker`). - rm -rf assets/tls + rm -rf examples/assets/tls # for Kubernetes on CNI metal0, i.e. rkt - ./scripts/tls/k8s-certgen -d assets/tls -s 172.15.0.21 -m IP.1=10.3.0.1,IP.2=172.15.0.21 -w IP.1=172.15.0.22,IP.2=172.15.0.23 + ./scripts/tls/k8s-certgen -d examples/assets/tls -s 172.15.0.21 -m IP.1=10.3.0.1,IP.2=172.15.0.21 -w IP.1=172.15.0.22,IP.2=172.15.0.23 # for Kubernetes on docker0 - ./scripts/tls/k8s-certgen -d assets/tls -s 172.17.0.21 -m IP.1=10.3.0.1,IP.2=172.17.0.21 -w IP.1=172.17.0.22,IP.2=172.17.0.23 + ./scripts/tls/k8s-certgen -d examples/assets/tls -s 172.17.0.21 -m IP.1=10.3.0.1,IP.2=172.17.0.21 -w IP.1=172.17.0.22,IP.2=172.17.0.23 See the [Cluster TLS OpenSSL Generation](https://coreos.com/kubernetes/docs/latest/openssl.html) document or [Kubernetes Step by Step](https://coreos.com/kubernetes/docs/latest/getting-started.html) for more details. @@ -64,11 +64,11 @@ See the [Cluster TLS OpenSSL Generation](https://coreos.com/kubernetes/docs/late Install the `kubectl` CLI on your host. Use the provided kubeconfig's to access the Kubernetes cluster created on rkt `metal0` or `docker0`. cd /path/to/coreos-baremetal - kubectl --kubeconfig=assets/tls/kubeconfig get nodes + kubectl --kubeconfig=examples/assets/tls/kubeconfig get nodes Get all pods. - kubectl --kubeconfig=assets/tls/kubeconfig get pods --all-namespaces + kubectl --kubeconfig=examples/assets/tls/kubeconfig get pods --all-namespaces On my laptop, VMs download and network boot CoreOS in the first 45 seconds, the Kubernetes API becomes available after about 150 seconds, and add-on pods are scheduled by 180 seconds. On physical hosts and networks, OS and container image download times are a bit longer. diff --git a/scripts/get-coreos b/scripts/get-coreos index 6e4767e1..43b5ba49 100755 --- a/scripts/get-coreos +++ b/scripts/get-coreos @@ -4,7 +4,7 @@ CHANNEL=${1:-"alpha"} VERSION=${2:-"983.0.0"} -DEST=${PWD}/assets/coreos/$VERSION +DEST=${PWD}/examples/assets/coreos/$VERSION BASE_URL=http://$CHANNEL.release.core-os.net/amd64-usr/$VERSION # check channel/version exist based on the header response diff --git a/scripts/pixiecore b/scripts/pixiecore deleted file mode 100755 index f74f2ec0..00000000 --- a/scripts/pixiecore +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -e - -CONFIG_SERVICE=bootcfg -CONFIG_SERVICE_IP=$(docker inspect --format {{.NetworkSettings.IPAddress}} ${CONFIG_SERVICE}) -CONFIG_SERVICE_PORT=$(docker inspect --format '{{ (index (index .NetworkSettings.Ports "8080/tcp") 0).HostPort }}' ${CONFIG_SERVICE}) - -docker run -v $PWD/assets:/assets:Z danderson/pixiecore -api http://$CONFIG_SERVICE_IP:$CONFIG_SERVICE_PORT/pixiecore diff --git a/scripts/tls/k8s-certgen b/scripts/tls/k8s-certgen index 0de8e2d9..49ea15f2 100755 --- a/scripts/tls/k8s-certgen +++ b/scripts/tls/k8s-certgen @@ -2,14 +2,14 @@ USAGE="Usage: $(basename $0) Options: - -d DEST Destination for generated files (default: ./assets/tls) + -d DEST Destination for generated files (default: .examples/assets/tls) -s SERVER Reachable Server IP for kubeconfig (e.g. 172.15.0.21) -m MASTERS Master Node Names/Addresses in SAN format (e.g. IP.1=10.3.0.1,IP.2=172.15.0.21). -w WORKERS Worker Node Names/Addresses in SAN format (e.g. IP.1=172.15.0.22,IP.2=172.15.0.23) -h Show help. " -DEST="./assets/tls" +DEST="./examples/assets/tls" SERVER="172.15.0.21" MASTERS="IP.1=10.3.0.1,IP.2=172.15.0.21" WORKERS="IP.1=172.15.0.22,IP.2=172.15.0.23"