From ed0f54da27cc4299d1d7809bc03d8416181e8d4a Mon Sep 17 00:00:00 2001 From: Dalton Hubble Date: Fri, 22 Jul 2016 13:57:32 -0700 Subject: [PATCH] examples/etcd: Use DNS names in etcd clusters, no IPs * Use DNS names to refer to nodes in etcd examples to mirror production * Add dnsmasq.conf files for metal0 (rkt) and docker0 examples which include static MAC->IP and Name->IP mappings * Remove the etcd-docker example cluster, no longer needed --- Documentation/getting-started-docker.md | 7 ++++--- Documentation/getting-started-rkt.md | 2 +- contrib/dnsmasq/docker0.conf | 22 ++++++++++++++++++++++ contrib/dnsmasq/metal0.conf | 23 +++++++++++++++++++++++ examples/README.md | 2 +- examples/groups/etcd-docker/default.json | 9 --------- examples/groups/etcd-docker/node1.json | 17 ----------------- examples/groups/etcd-docker/node2.json | 17 ----------------- examples/groups/etcd-docker/node3.json | 17 ----------------- examples/groups/etcd-install/node1.json | 8 ++------ examples/groups/etcd-install/node2.json | 8 ++------ examples/groups/etcd-install/node3.json | 8 ++------ examples/groups/etcd/default.json | 3 +-- examples/groups/etcd/node1.json | 8 ++------ examples/groups/etcd/node2.json | 8 ++------ examples/groups/etcd/node3.json | 8 ++------ examples/ignition/etcd-proxy.yaml | 7 ------- examples/ignition/etcd.yaml | 24 +++--------------------- examples/ignition/k8s-master.yaml | 2 +- 19 files changed, 68 insertions(+), 132 deletions(-) create mode 100644 contrib/dnsmasq/docker0.conf create mode 100644 contrib/dnsmasq/metal0.conf delete mode 100644 examples/groups/etcd-docker/default.json delete mode 100644 examples/groups/etcd-docker/node1.json delete mode 100644 examples/groups/etcd-docker/node2.json delete mode 100644 examples/groups/etcd-docker/node3.json diff --git a/Documentation/getting-started-docker.md b/Documentation/getting-started-docker.md index ca55f500..d17428d4 100644 --- a/Documentation/getting-started-docker.md +++ b/Documentation/getting-started-docker.md @@ -31,11 +31,11 @@ Download CoreOS image assets referenced by the `etcd-docker` [example](../exampl Run the latest `bootcfg` Docker image from `quay.io/coreos/bootcfg` with the `etcd-docker` example. The container should receive the IP address 172.17.0.2 on the `docker0` bridge. sudo docker pull quay.io/coreos/bootcfg:latest - sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/bootcfg:Z -v $PWD/examples/groups/etcd-docker:/var/lib/bootcfg/groups:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug + sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/bootcfg:Z -v $PWD/examples/groups/etcd:/var/lib/bootcfg/groups:Z quay.io/coreos/bootcfg:latest -address=0.0.0.0:8080 -log-level=debug or run the latest tagged release. - sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/bootcfg:Z -v $PWD/examples/groups/etcd-docker:/var/lib/bootcfg/groups:Z quay.io/coreos/bootcfg:v0.4.0 -address=0.0.0.0:8080 -log-level=debug + sudo docker run -p 8080:8080 --rm -v $PWD/examples:/var/lib/bootcfg:Z -v $PWD/examples/groups/etcd:/var/lib/bootcfg/groups:Z quay.io/coreos/bootcfg:v0.4.0 -address=0.0.0.0:8080 -log-level=debug Take a look at the [etcd groups](../examples/groups/etcd-docker) to get an idea of how machines are mapped to Profiles. Explore some endpoints port mapped to localhost:8080. @@ -47,7 +47,7 @@ Take a look at the [etcd groups](../examples/groups/etcd-docker) to get an idea Since the virtual network has no network boot services, use the `dnsmasq` image to create an iPXE network boot environment which runs DHCP, DNS, and TFTP. - sudo docker run --rm --cap-add=NET_ADMIN quay.io/coreos/dnsmasq -d -q --dhcp-range=172.17.0.43,172.17.0.99 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:#ipxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://bootcfg.foo:8080/boot.ipxe --log-queries --log-dhcp --dhcp-option=3,172.17.0.1 --address=/bootcfg.foo/172.17.0.2 + sudo docker run --name dnsmasq --cap-add=NET_ADMIN -v $PWD/contrib/dnsmasq/docker0.conf:/etc/dnsmasq.conf:Z quay.io/coreos/dnsmasq -d In this case, dnsmasq runs a DHCP server allocating IPs to VMs between 172.17.0.43 and 172.17.0.99, resolves `bootcfg.foo` to 172.17.0.2 (the IP where `bootcfg` runs), and points iPXE clients to `http://bootcfg.foo:8080/boot.ipxe`. @@ -76,6 +76,7 @@ The example profile added autologin so you can verify that etcd works between no Clean up the VM machines. + sudo docker rm -f dnsmasq sudo ./scripts/libvirt poweroff sudo ./scripts/libvirt destroy diff --git a/Documentation/getting-started-rkt.md b/Documentation/getting-started-rkt.md index 278d5036..693d1d5a 100644 --- a/Documentation/getting-started-rkt.md +++ b/Documentation/getting-started-rkt.md @@ -83,7 +83,7 @@ Trust the [CoreOS App Signing Key](https://coreos.com/security/app-signing-key/) Run the `coreos.com/dnsmasq` ACI with rkt. - sudo rkt run coreos.com/dnsmasq:v0.3.0 --net=metal0:IP=172.15.0.3 -- -d -q --dhcp-range=172.15.0.50,172.15.0.99 --enable-tftp --tftp-root=/var/lib/tftpboot --dhcp-userclass=set:ipxe,iPXE --dhcp-boot=tag:#ipxe,undionly.kpxe --dhcp-boot=tag:ipxe,http://bootcfg.foo:8080/boot.ipxe --log-queries --log-dhcp --dhcp-option=3,172.15.0.1 --address=/bootcfg.foo/172.15.0.2 + sudo rkt run coreos.com/dnsmasq:v0.3.0 --net=metal0:IP=172.15.0.3 --mount volume=config,target=/etc/dnsmasq.conf --volume config,kind=host,source=$PWD/contrib/dnsmasq/metal0.conf In this case, dnsmasq runs a DHCP server allocating IPs to VMs between 172.15.0.50 and 172.15.0.99, resolves `bootcfg.foo` to 172.15.0.2 (the IP where `bootcfg` runs), and points iPXE clients to `http://bootcfg.foo:8080/boot.ipxe`. diff --git a/contrib/dnsmasq/docker0.conf b/contrib/dnsmasq/docker0.conf new file mode 100644 index 00000000..5cdec6fc --- /dev/null +++ b/contrib/dnsmasq/docker0.conf @@ -0,0 +1,22 @@ +# dnsmasq.conf + +dhcp-range=172.17.0.50,172.17.0.99 +dhcp-option=3,172.17.0.1 +dhcp-host=52:54:00:a1:9c:ae,172.17.0.21,1h +dhcp-host=52:54:00:b2:2f:86,172.17.0.22,1h +dhcp-host=52:54:00:c3:61:77,172.17.0.23,1h + +enable-tftp +tftp-root=/var/lib/tftpboot + +dhcp-userclass=set:ipxe,iPXE +dhcp-boot=tag:#ipxe,undionly.kpxe +dhcp-boot=tag:ipxe,http://bootcfg.foo:8080/boot.ipxe + +log-queries +log-dhcp + +address=/bootcfg.foo/172.17.0.2 +address=/node1.example.com/172.17.0.21 +address=/node2.example.com/172.17.0.22 +address=/node3.example.com/172.17.0.23 \ No newline at end of file diff --git a/contrib/dnsmasq/metal0.conf b/contrib/dnsmasq/metal0.conf new file mode 100644 index 00000000..6658992f --- /dev/null +++ b/contrib/dnsmasq/metal0.conf @@ -0,0 +1,23 @@ +# dnsmasq.conf + +no-daemon +dhcp-range=172.15.0.50,172.15.0.99 +dhcp-option=3,172.15.0.1 +dhcp-host=52:54:00:a1:9c:ae,172.15.0.21,1h +dhcp-host=52:54:00:b2:2f:86,172.15.0.22,1h +dhcp-host=52:54:00:c3:61:77,172.15.0.23,1h + +enable-tftp +tftp-root=/var/lib/tftpboot + +dhcp-userclass=set:ipxe,iPXE +dhcp-boot=tag:#ipxe,undionly.kpxe +dhcp-boot=tag:ipxe,http://bootcfg.foo:8080/boot.ipxe + +log-queries +log-dhcp + +address=/bootcfg.foo/172.15.0.2 +address=/node1.example.com/172.15.0.21 +address=/node2.example.com/172.15.0.22 +address=/node3.example.com/172.15.0.23 \ No newline at end of file diff --git a/examples/README.md b/examples/README.md index 29cf8378..6a627388 100644 --- a/examples/README.md +++ b/examples/README.md @@ -8,7 +8,7 @@ These examples network boot and provision machines into CoreOS clusters using `b | pxe | CoreOS via iPXE | alpha/1109.1.0 | RAM | [reference](https://coreos.com/os/docs/latest/booting-with-ipxe.html) | | grub | CoreOS via GRUB2 Netboot | alpha/1109.1.0 | RAM | NA | | pxe-disk | CoreOS via iPXE, with a root filesystem | alpha/1109.1.0 | Disk | [reference](https://coreos.com/os/docs/latest/booting-with-ipxe.html) | -| etcd, etcd-docker | iPXE boot a 3 node etcd cluster and proxy | alpha/1109.1.0 | RAM | [reference](https://coreos.com/os/docs/latest/cluster-architectures.html) | +| etcd | iPXE boot a 3 node etcd cluster and proxy | alpha/1109.1.0 | RAM | [reference](https://coreos.com/os/docs/latest/cluster-architectures.html) | | etcd-install | Install a 3-node etcd cluster to disk | alpha/1109.1.0 | Disk | [reference](https://coreos.com/os/docs/latest/installing-to-disk.html) | | k8s, k8s-docker | Kubernetes cluster with 1 master, 2 workers, and TLS-authentication | alpha/1109.1.0 | Disk | [tutorial](../Documentation/kubernetes.md) | | k8s-install | Install a Kubernetes cluster to disk | alpha/1109.1.0 | Disk | [tutorial](../Documentation/kubernetes.md) | diff --git a/examples/groups/etcd-docker/default.json b/examples/groups/etcd-docker/default.json deleted file mode 100644 index a9b2f455..00000000 --- a/examples/groups/etcd-docker/default.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "id": "default", - "name": "default", - "profile": "etcd-proxy", - "metadata": { - "etcd_initial_cluster": "node1=http://172.17.0.21:2380,node2=http://172.17.0.22:2380,node3=http://172.17.0.23:2380", - "fleet_metadata": "role=etcd-proxy" - } -} diff --git a/examples/groups/etcd-docker/node1.json b/examples/groups/etcd-docker/node1.json deleted file mode 100644 index c52d6298..00000000 --- a/examples/groups/etcd-docker/node1.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "id": "node1", - "name": "etcd Node 1", - "profile": "etcd", - "selector": { - "mac": "52:54:00:a1:9c:ae" - }, - "metadata": { - "etcd_initial_cluster": "node1=http://172.17.0.21:2380,node2=http://172.17.0.22:2380,node3=http://172.17.0.23:2380", - "etcd_name": "node1", - "fleet_metadata": "role=etcd,name=node1", - "ipv4_address": "172.17.0.21", - "networkd_address": "172.17.0.21/16", - "networkd_dns": "172.17.0.3", - "networkd_gateway": "172.17.0.1" - } -} diff --git a/examples/groups/etcd-docker/node2.json b/examples/groups/etcd-docker/node2.json deleted file mode 100644 index da572980..00000000 --- a/examples/groups/etcd-docker/node2.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "id": "node2", - "name": "etcd Node 2", - "profile": "etcd", - "selector": { - "mac": "52:54:00:b2:2f:86" - }, - "metadata": { - "etcd_initial_cluster": "node1=http://172.17.0.21:2380,node2=http://172.17.0.22:2380,node3=http://172.17.0.23:2380", - "etcd_name": "node2", - "fleet_metadata": "role=etcd,name=node2", - "ipv4_address": "172.17.0.22", - "networkd_address": "172.17.0.22/16", - "networkd_dns": "172.17.0.3", - "networkd_gateway": "172.17.0.1" - } -} diff --git a/examples/groups/etcd-docker/node3.json b/examples/groups/etcd-docker/node3.json deleted file mode 100644 index 6262ea01..00000000 --- a/examples/groups/etcd-docker/node3.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "id": "node3", - "name": "etcd Node 3", - "profile": "etcd", - "selector": { - "mac": "52:54:00:c3:61:77" - }, - "metadata": { - "etcd_initial_cluster": "node1=http://172.17.0.21:2380,node2=http://172.17.0.22:2380,node3=http://172.17.0.23:2380", - "etcd_name": "node3", - "fleet_metadata": "role=etcd,name=node3", - "ipv4_address": "172.17.0.23", - "networkd_address": "172.17.0.23/16", - "networkd_dns": "172.17.0.3", - "networkd_gateway": "172.17.0.1" - } -} diff --git a/examples/groups/etcd-install/node1.json b/examples/groups/etcd-install/node1.json index 44ca9dd1..358c6a52 100644 --- a/examples/groups/etcd-install/node1.json +++ b/examples/groups/etcd-install/node1.json @@ -7,12 +7,8 @@ "os": "installed" }, "metadata": { - "ipv4_address": "172.15.0.21", - "networkd_gateway": "172.15.0.1", - "networkd_dns": "172.15.0.3", - "networkd_address": "172.15.0.21/16", - "fleet_metadata": "role=etcd,name=node1", + "domain_name": "node1.example.com", "etcd_name": "node1", - "etcd_initial_cluster": "node1=http://172.15.0.21:2380,node2=http://172.15.0.22:2380,node3=http://172.15.0.23:2380" + "etcd_initial_cluster": "node1=http://node1.example.com:2380,node2=http://node2.example.com:2380,node3=http://node3.example.com:2380" } } diff --git a/examples/groups/etcd-install/node2.json b/examples/groups/etcd-install/node2.json index 78574a01..6639a486 100644 --- a/examples/groups/etcd-install/node2.json +++ b/examples/groups/etcd-install/node2.json @@ -7,12 +7,8 @@ "os": "installed" }, "metadata": { - "ipv4_address": "172.15.0.22", - "networkd_gateway": "172.15.0.1", - "networkd_dns": "172.15.0.3", - "networkd_address": "172.15.0.22/16", - "fleet_metadata": "role=etcd,name=node2", + "domain_name": "node2.example.com", "etcd_name": "node2", - "etcd_initial_cluster": "node1=http://172.15.0.21:2380,node2=http://172.15.0.22:2380,node3=http://172.15.0.23:2380" + "etcd_initial_cluster": "node1=http://node1.example.com:2380,node2=http://node2.example.com:2380,node3=http://node3.example.com:2380" } } diff --git a/examples/groups/etcd-install/node3.json b/examples/groups/etcd-install/node3.json index f1bbf9ab..5a7bb99b 100644 --- a/examples/groups/etcd-install/node3.json +++ b/examples/groups/etcd-install/node3.json @@ -7,12 +7,8 @@ "os": "installed" }, "metadata": { - "ipv4_address": "172.15.0.23", - "networkd_gateway": "172.15.0.1", - "networkd_dns": "172.15.0.3", - "networkd_address": "172.15.0.23/16", - "fleet_metadata": "role=etcd,name=node3", + "domain_name": "node3.example.com", "etcd_name": "node3", - "etcd_initial_cluster": "node1=http://172.15.0.21:2380,node2=http://172.15.0.22:2380,node3=http://172.15.0.23:2380" + "etcd_initial_cluster": "node1=http://node1.example.com:2380,node2=http://node2.example.com:2380,node3=http://node3.example.com:2380" } } diff --git a/examples/groups/etcd/default.json b/examples/groups/etcd/default.json index 4279d050..11199040 100644 --- a/examples/groups/etcd/default.json +++ b/examples/groups/etcd/default.json @@ -3,7 +3,6 @@ "name": "default", "profile": "etcd-proxy", "metadata": { - "fleet_metadata": "role=etcd-proxy", - "etcd_initial_cluster": "node1=http://172.15.0.21:2380,node2=http://172.15.0.22:2380,node3=http://172.15.0.23:2380" + "etcd_initial_cluster": "node1=http://node1.example.com:2380,node2=http://node2.example.com:2380,node3=http://node3.example.com:2380" } } diff --git a/examples/groups/etcd/node1.json b/examples/groups/etcd/node1.json index 935f5219..7c5cb595 100644 --- a/examples/groups/etcd/node1.json +++ b/examples/groups/etcd/node1.json @@ -6,12 +6,8 @@ "mac": "52:54:00:a1:9c:ae" }, "metadata": { - "ipv4_address": "172.15.0.21", - "networkd_gateway": "172.15.0.1", - "networkd_dns": "172.15.0.3", - "networkd_address": "172.15.0.21/16", - "fleet_metadata": "role=etcd,name=node1", + "domain_name": "node1.example.com", "etcd_name": "node1", - "etcd_initial_cluster": "node1=http://172.15.0.21:2380,node2=http://172.15.0.22:2380,node3=http://172.15.0.23:2380" + "etcd_initial_cluster": "node1=http://node1.example.com:2380,node2=http://node2.example.com:2380,node3=http://node3.example.com:2380" } } diff --git a/examples/groups/etcd/node2.json b/examples/groups/etcd/node2.json index 9b25a7f5..4d8f5b09 100644 --- a/examples/groups/etcd/node2.json +++ b/examples/groups/etcd/node2.json @@ -6,12 +6,8 @@ "mac": "52:54:00:b2:2f:86" }, "metadata": { - "ipv4_address": "172.15.0.22", - "networkd_gateway": "172.15.0.1", - "networkd_dns": "172.15.0.3", - "networkd_address": "172.15.0.22/16", - "fleet_metadata": "role=etcd,name=node2", + "domain_name": "node2.example.com", "etcd_name": "node2", - "etcd_initial_cluster": "node1=http://172.15.0.21:2380,node2=http://172.15.0.22:2380,node3=http://172.15.0.23:2380" + "etcd_initial_cluster": "node1=http://node1.example.com:2380,node2=http://node2.example.com:2380,node3=http://node3.example.com:2380" } } diff --git a/examples/groups/etcd/node3.json b/examples/groups/etcd/node3.json index 947338a1..15e5eeb5 100644 --- a/examples/groups/etcd/node3.json +++ b/examples/groups/etcd/node3.json @@ -6,12 +6,8 @@ "mac": "52:54:00:c3:61:77" }, "metadata": { - "ipv4_address": "172.15.0.23", - "networkd_gateway": "172.15.0.1", - "networkd_dns": "172.15.0.3", - "networkd_address": "172.15.0.23/16", - "fleet_metadata": "role=etcd,name=node3", + "domain_name": "node3.example.com", "etcd_name": "node3", - "etcd_initial_cluster": "node1=http://172.15.0.21:2380,node2=http://172.15.0.22:2380,node3=http://172.15.0.23:2380" + "etcd_initial_cluster": "node1=http://node1.example.com:2380,node2=http://node2.example.com:2380,node3=http://node3.example.com:2380" } } diff --git a/examples/ignition/etcd-proxy.yaml b/examples/ignition/etcd-proxy.yaml index ac8029c3..29fbc3cc 100644 --- a/examples/ignition/etcd-proxy.yaml +++ b/examples/ignition/etcd-proxy.yaml @@ -10,13 +10,6 @@ systemd: Environment="ETCD_PROXY=on" Environment="ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379" Environment="ETCD_INITIAL_CLUSTER={{.etcd_initial_cluster}}" - - name: fleet.service - enable: true - dropins: - - name: fleet-metadata.conf - contents: | - [Service] - Environment="FLEET_METADATA={{.fleet_metadata}}" {{ if index . "ssh_authorized_keys" }} passwd: diff --git a/examples/ignition/etcd.yaml b/examples/ignition/etcd.yaml index e83a6916..eb4bc56c 100644 --- a/examples/ignition/etcd.yaml +++ b/examples/ignition/etcd.yaml @@ -8,30 +8,12 @@ systemd: contents: | [Service] Environment="ETCD_NAME={{.etcd_name}}" - Environment="ETCD_ADVERTISE_CLIENT_URLS=http://{{.ipv4_address}}:2379" - Environment="ETCD_INITIAL_ADVERTISE_PEER_URLS=http://{{.ipv4_address}}:2380" + Environment="ETCD_ADVERTISE_CLIENT_URLS=http://{{.domain_name}}:2379" + Environment="ETCD_INITIAL_ADVERTISE_PEER_URLS=http://{{.domain_name}}:2380" Environment="ETCD_LISTEN_CLIENT_URLS=http://0.0.0.0:2379" - Environment="ETCD_LISTEN_PEER_URLS=http://{{.ipv4_address}}:2380" + Environment="ETCD_LISTEN_PEER_URLS=http://{{.domain_name}}:2380" Environment="ETCD_INITIAL_CLUSTER={{.etcd_initial_cluster}}" Environment="ETCD_STRICT_RECONFIG_CHECK=true" - - name: fleet.service - enable: true - dropins: - - name: fleet-metadata.conf - contents: | - [Service] - Environment="FLEET_METADATA={{.fleet_metadata}}" - -networkd: - units: - - name: 10-static.network - contents: | - [Match] - MACAddress={{.mac}} - [Network] - Gateway={{.networkd_gateway}} - DNS={{.networkd_dns}} - Address={{.networkd_address}} {{ if index . "ssh_authorized_keys" }} passwd: diff --git a/examples/ignition/k8s-master.yaml b/examples/ignition/k8s-master.yaml index 32a1d69a..7e37c221 100644 --- a/examples/ignition/k8s-master.yaml +++ b/examples/ignition/k8s-master.yaml @@ -711,7 +711,7 @@ storage: {{ if not (index . "skip_networkd") }} networkd: units: - - name: 1-static.network + - name: 10-static.network contents: | [Match] MACAddress={{.mac}}