Page MenuHomePhabricator
Paste P4947

k8s-master-first-run
ActivePublic
Actions

Authored by chasemp on Feb 17 2017, 10:18 PM.
Tags
None
Referenced Files
F5677936: k8s-master-first-run
Feb 17 2017, 10:18 PM
Subscribers
None
root@k8s-master-01:~# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Caching catalog for k8s-master-01.chasetestproject.eqiad.wmflabs
Info: Applying configuration version '1487368930'
Notice: /Stage[main]/Packages::Kubernetes_master/Package[kubernetes-master]/ensure: ensure changed 'purged' to 'present'
Error: /Stage[main]/Toollabs::Infrastructure/Motd::Script[infrastructure-banner]/File[/etc/update-motd.d/50-infrastructure-banner]: Could not evaluate: Could not retrieve information from environment production source(s) puppet:///modules/toollabs/40-chasetestproject-infrastructure-banner.sh
Notice: /Stage[main]/Ferm/File[/etc/modprobe.d/nf_conntrack.conf]/ensure: defined content as '{md5}401f0bc2c4f44a223e309be434d2c3b4'
Notice: /Stage[main]/Ferm/Package[ferm]/ensure: ensure changed 'purged' to 'present'
Notice: /Stage[main]/Ferm/File[/etc/ferm/conf.d]/ensure: created
Info: /Stage[main]/Ferm/File[/etc/ferm/conf.d]: Scheduling refresh of Service[ferm]
Notice: /Stage[main]/Ferm/File[/etc/default/ferm]/content:
--- /etc/default/ferm 2017-02-17 22:17:33.423471395 +0000
+++ /tmp/puppet-file20170217-16384-hm5ckn 2017-02-17 22:17:34.871494799 +0000
@@ -4,10 +4,11 @@
FAST=yes
# cache the output of ferm --lines in /var/cache/ferm?
-CACHE=yes
+CACHE=no
-# additional paramaters for ferm (like --def '=bar')
+# additional paramaters for ferm (like --def '$foo=bar')
OPTIONS=
-# Enable the ferm init script? (i.e. run on bootup)
-ENABLED="yes"
+# Enable ferm on bootup?
+ENABLED=yes
+
Info: Computing checksum on file /etc/default/ferm
Info: /Stage[main]/Ferm/File[/etc/default/ferm]: Filebucketed /etc/default/ferm to puppet with sum a4daba7939f6be9a87f26f1a89324806
Notice: /Stage[main]/Ferm/File[/etc/default/ferm]/content: content changed '{md5}a4daba7939f6be9a87f26f1a89324806' to '{md5}3e9b11c20066c1658ab353e597ea8e5e'
Notice: /Stage[main]/Ferm/File[/etc/default/ferm]/mode: mode changed '0644' to '0400'
Info: /Stage[main]/Ferm/File[/etc/default/ferm]: Scheduling refresh of Service[ferm]
Info: /Stage[main]/Ferm/File[/etc/default/ferm]: Scheduling refresh of Service[ferm]
Notice: /Stage[main]/Ferm/File[/etc/ferm/ferm.conf]/content:
--- /etc/ferm/ferm.conf 2014-10-25 21:52:35.000000000 +0000
+++ /tmp/puppet-file20170217-16384-1rhgbzn 2017-02-17 22:17:34.955496157 +0000
@@ -1,52 +1,3 @@
-# -*- shell-script -*-
-#
-# Configuration file for ferm(1).
-#
+@include 'functions.conf';
-table filter {
- chain INPUT {
- policy DROP;
-
- # connection tracking
- mod state state INVALID DROP;
- mod state state (ESTABLISHED RELATED) ACCEPT;
-
- # allow local packet
- interface lo ACCEPT;
-
- # respond to ping
- proto icmp ACCEPT;
-
- # allow IPsec
- proto udp dport 500 ACCEPT;
- proto (esp ah) ACCEPT;
-
- # allow SSH connections
- proto tcp dport ssh ACCEPT;
- }
- chain OUTPUT {
- policy ACCEPT;
-
- # connection tracking
- #mod state state INVALID DROP;
- mod state state (ESTABLISHED RELATED) ACCEPT;
- }
- chain FORWARD {
- policy DROP;
-
- # connection tracking
- mod state state INVALID DROP;
- mod state state (ESTABLISHED RELATED) ACCEPT;
- }
-}
-
-# IPv6:
-#domain ip6 {
-# table filter {
-# chain INPUT {
-# policy ACCEPT;
-# # ...
-# }
-# # ...
-# }
-#}
+@include 'conf.d/';
Info: Computing checksum on file /etc/ferm/ferm.conf
Info: /Stage[main]/Ferm/File[/etc/ferm/ferm.conf]: Filebucketed /etc/ferm/ferm.conf to puppet with sum 91410f27613e600a8892d2a7076d1bcf
Notice: /Stage[main]/Ferm/File[/etc/ferm/ferm.conf]/content: content changed '{md5}91410f27613e600a8892d2a7076d1bcf' to '{md5}4bea2934a124683725db912836697b1a'
Notice: /Stage[main]/Ferm/File[/etc/ferm/ferm.conf]/group: group changed 'adm' to 'root'
Notice: /Stage[main]/Ferm/File[/etc/ferm/ferm.conf]/mode: mode changed '0644' to '0400'
Info: /Stage[main]/Ferm/File[/etc/ferm/ferm.conf]: Scheduling refresh of Service[ferm]
Info: /Stage[main]/Ferm/File[/etc/ferm/ferm.conf]: Scheduling refresh of Service[ferm]
Info: /Stage[main]/Ferm/File[/etc/ferm/ferm.conf]: Scheduling refresh of Service[ferm]
Notice: /Stage[main]/Role::Prometheus::Node_exporter/Ferm::Service[prometheus-node-exporter]/File[/etc/ferm/conf.d/10_prometheus-node-exporter]/ensure: created
Info: /Stage[main]/Role::Prometheus::Node_exporter/Ferm::Service[prometheus-node-exporter]/File[/etc/ferm/conf.d/10_prometheus-node-exporter]: Scheduling refresh of Service[ferm]
Notice: /Stage[main]/Ferm/File[/etc/ferm/functions.conf]/ensure: defined content as '{md5}9694f1fcd9af2c2de77e58200e2ad253'
Info: /Stage[main]/Ferm/File[/etc/ferm/functions.conf]: Scheduling refresh of Service[ferm]
Notice: /Stage[main]/Packages::Kubernetes_client/Package[kubernetes-client]/ensure: ensure changed 'purged' to 'present'
Notice: /Stage[main]/Role::Toollabs::K8s::Master/Ferm::Service[apiserver-https]/File[/etc/ferm/conf.d/10_apiserver-https]/ensure: created
Info: /Stage[main]/Role::Toollabs::K8s::Master/Ferm::Service[apiserver-https]/File[/etc/ferm/conf.d/10_apiserver-https]: Scheduling refresh of Service[ferm]
Notice: /Stage[main]/Toollabs::Maintain_kubeusers/File[/usr/local/bin/maintain-kubeusers]/ensure: defined content as '{md5}5062be2314e5e3e913af07d99f7fea96'
Notice: /Stage[main]/Toollabs::Maintain_kubeusers/Base::Service_unit[maintain-kubeusers]/File[/lib/systemd/system/maintain-kubeusers.service]/ensure: created
Info: /Stage[main]/Toollabs::Maintain_kubeusers/Base::Service_unit[maintain-kubeusers]/File[/lib/systemd/system/maintain-kubeusers.service]: Scheduling refresh of Service[maintain-kubeusers]
Info: /Stage[main]/Toollabs::Maintain_kubeusers/Base::Service_unit[maintain-kubeusers]/File[/lib/systemd/system/maintain-kubeusers.service]: Scheduling refresh of Exec[systemd reload for maintain-kubeusers]
Notice: /Stage[main]/Toollabs::Maintain_kubeusers/Base::Service_unit[maintain-kubeusers]/Exec[systemd reload for maintain-kubeusers]: Triggered 'refresh' from 1 events
Notice: /Stage[main]/Toollabs::Maintain_kubeusers/Base::Service_unit[maintain-kubeusers]/Service[maintain-kubeusers]/ensure: ensure changed 'stopped' to 'running'
Info: /Stage[main]/Toollabs::Maintain_kubeusers/Base::Service_unit[maintain-kubeusers]/Service[maintain-kubeusers]: Unscheduling refresh on Service[maintain-kubeusers]
Notice: /Stage[main]/K8s::Apiserver/Base::Service_unit[kube-apiserver]/File[/lib/systemd/system/kube-apiserver.service]/content:
--- /lib/systemd/system/kube-apiserver.service 2016-11-24 11:17:39.000000000 +0000
+++ /tmp/puppet-file20170217-16384-1doobtm 2017-02-17 22:17:40.163580555 +0000
@@ -3,13 +3,12 @@
Documentation=https://github.com/kubernetes/kubernetes
Documentation=man:kube-apiserver
After=network.target
-After=etcd.service
-Wants=etcd.service
[Service]
EnvironmentFile=-/etc/kubernetes/config
EnvironmentFile=-/etc/default/%p
-User=kube
+User=kubernetes
+Group=kubernetes
ExecStart=/usr/bin/kube-apiserver \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
@@ -21,9 +20,15 @@
$KUBE_SERVICE_ADDRESSES \
$KUBE_ADMISSION_CONTROL \
$DAEMON_ARGS
+
+# Reevaluate Restart=always
Restart=on-failure
+# Really large limit - defaults to 1024 otherwise for some reason?
+# That runs out pretty quickly, so we do 1024 * 1024
+LimitNOFILE=1048576
+# Allow apiserver to opportunistically notify systemd of startup.
+# See https://github.com/kubernetes/kubernetes/issues/8311
Type=notify
-LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
Info: Computing checksum on file /lib/systemd/system/kube-apiserver.service
Info: /Stage[main]/K8s::Apiserver/Base::Service_unit[kube-apiserver]/File[/lib/systemd/system/kube-apiserver.service]: Filebucketed /lib/systemd/system/kube-apiserver.service to puppet with sum 80314a404284cb34071c071122492f83
Notice: /Stage[main]/K8s::Apiserver/Base::Service_unit[kube-apiserver]/File[/lib/systemd/system/kube-apiserver.service]/content: content changed '{md5}80314a404284cb34071c071122492f83' to '{md5}c136608d798e3fad12e57e3f7ffd9c7a'
Notice: /Stage[main]/K8s::Apiserver/Base::Service_unit[kube-apiserver]/File[/lib/systemd/system/kube-apiserver.service]/mode: mode changed '0644' to '0444'
Info: /Stage[main]/K8s::Apiserver/Base::Service_unit[kube-apiserver]/File[/lib/systemd/system/kube-apiserver.service]: Scheduling refresh of Service[kube-apiserver]
Info: /Stage[main]/K8s::Apiserver/Base::Service_unit[kube-apiserver]/File[/lib/systemd/system/kube-apiserver.service]: Scheduling refresh of Exec[systemd reload for kube-apiserver]
Info: /Stage[main]/K8s::Apiserver/Base::Service_unit[kube-apiserver]/File[/lib/systemd/system/kube-apiserver.service]: Scheduling refresh of Service[kube-apiserver]
Info: /Stage[main]/K8s::Apiserver/Base::Service_unit[kube-apiserver]/File[/lib/systemd/system/kube-apiserver.service]: Scheduling refresh of Exec[systemd reload for kube-apiserver]
Notice: /Stage[main]/K8s::Apiserver/Base::Service_unit[kube-apiserver]/Exec[systemd reload for kube-apiserver]: Triggered 'refresh' from 2 events
Notice: /Stage[main]/K8s::Scheduler/File[/etc/default/kube-scheduler]/content:
--- /etc/default/kube-scheduler 2016-11-24 11:17:39.000000000 +0000
+++ /tmp/puppet-file20170217-16384-soluf4 2017-02-17 22:17:40.275582373 +0000
@@ -1,6 +1,6 @@
###
-# kubernetes scheduler config
-
-# default config should be adequate
-
-#DAEMON_ARGS=""
+## kubernetes scheduler config
+#
+# Should be the default in 1.4 at least, but specify to ensure backwards compatibility
+DAEMON_ARGS="--leader-elect=true"
+#
Info: Computing checksum on file /etc/default/kube-scheduler
Info: /Stage[main]/K8s::Scheduler/File[/etc/default/kube-scheduler]: Filebucketed /etc/default/kube-scheduler to puppet with sum 6a3218c38c73bca939aeb9a93252f951
Notice: /Stage[main]/K8s::Scheduler/File[/etc/default/kube-scheduler]/content: content changed '{md5}6a3218c38c73bca939aeb9a93252f951' to '{md5}15719115adee054106df1811397a2eef'
Notice: /Stage[main]/K8s::Scheduler/File[/etc/default/kube-scheduler]/mode: mode changed '0644' to '0444'
Notice: /Stage[main]/Ferm/Package[conntrack]/ensure: ensure changed 'purged' to 'present'
Notice: /Stage[main]/Ferm/Package[libnet-dns-perl]/ensure: ensure changed 'purged' to 'present'
Notice: /Stage[main]/K8s::Users/User[kubernetes]/ensure: created
Notice: /Stage[main]/K8s::Apiserver/File[/etc/kubernetes]/owner: owner changed 'root' to 'kubernetes'
Notice: /Stage[main]/K8s::Apiserver/File[/etc/kubernetes]/group: group changed 'root' to 'kubernetes'
Notice: /Stage[main]/K8s::Apiserver/File[/etc/kubernetes]/mode: mode changed '0755' to '0700'
Notice: /Stage[main]/K8s::Apiserver/File[/etc/kubernetes/infrastructure-users]/ensure: defined content as '{md5}9c92698b5979634a97183b0a5babb7d4'
Notice: /Stage[main]/Base::Firewall/File[/usr/lib/nagios/plugins/check_ferm]/ensure: defined content as '{md5}f584c405e02f63bc7321239204993c75'
Notice: /Stage[main]/Base::Firewall/Ferm::Conf[main]/File[/etc/ferm/conf.d/00_main]/ensure: defined content as '{md5}31835a68d4305c91a1acf38e37eb827d'
Info: /Stage[main]/Base::Firewall/Ferm::Conf[main]/File[/etc/ferm/conf.d/00_main]: Scheduling refresh of Service[ferm]
Notice: /Stage[main]/Base::Firewall/File[/usr/lib/nagios/plugins/check_conntrack]/ensure: defined content as '{md5}90f357e00fb5e58dcabf3d83f101fdcd'
Notice: /Stage[main]/Base::Firewall/Ferm::Conf[defs]/File[/etc/ferm/conf.d/00_defs]/ensure: created
Info: /Stage[main]/Base::Firewall/Ferm::Conf[defs]/File[/etc/ferm/conf.d/00_defs]: Scheduling refresh of Service[ferm]
Notice: /Stage[main]/Base::Firewall/Ferm::Rule[bastion-ssh]/File[/etc/ferm/conf.d/10_bastion-ssh]/ensure: created
Info: /Stage[main]/Base::Firewall/Ferm::Rule[bastion-ssh]/File[/etc/ferm/conf.d/10_bastion-ssh]: Scheduling refresh of Service[ferm]
Notice: /Stage[main]/K8s::Apiserver/File[/etc/default/kube-apiserver]/content:
--- /etc/default/kube-apiserver 2016-11-24 11:17:39.000000000 +0000
+++ /tmp/puppet-file20170217-16384-1f7hm0 2017-02-17 22:17:45.227662932 +0000
@@ -1,28 +1,29 @@
###
-# kubernetes system config
+## kubernetes system config
+##
+## The following values are used to configure the kube-apiserver
+##
#
-# The following values are used to configure the kube-apiserver
#
+#
+## Comma separated list of nodes in the etcd cluster
+KUBE_ETCD_SERVERS="--etcd-servers=https://k8s-etcd-01.chasetestproject.eqiad.wmflabs:2379"
+#
+## Address range to use for services
-# The address on the local server to listen to.
-KUBE_API_ADDRESS="--insecure-bind-address=127.0.0.1"
-
-# The port on the local server to listen on.
-# KUBE_API_PORT="--port=8080"
-
-# Port minions listen on
-# KUBELET_PORT="--kubelet-port=10250"
-
-# Comma separated list of nodes in the etcd cluster
-KUBE_ETCD_SERVERS="--etcd-servers=http://127.0.0.1:4001,http://127.0.0.1:2379"
-
-# Address range to use for services
-KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
+KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=192.168.0.0/24"
+#
-# default admission control policies
-KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
+KUBE_ADMISSION_CONTROL="--admission-control=NamespaceLifecycle,ResourceQuota,LimitRanger,UidEnforcer,RegistryEnforcer,HostAutomounter,HostPathEnforcer"
-# Other options:
-# --cloud-provider={aws|gce|mesos|openshift|ovirt|rackspace|vagrant}
-# --cluster-name="clustername"
-#DAEMON_ARGS=""
+DAEMON_ARGS=" \
+--token-auth-file=/etc/kubernetes/tokenauth \
+--authorization-mode=ABAC \
+--authorization-policy-file=/etc/kubernetes/abac \
+--runtime-config=batch/v2alpha1 \
+--tls-cert-file=/etc/kubernetes/ssl/cert.pem \
+--tls-private-key-file=/etc/kubernetes/ssl/server.key \
+--enforced-docker-registry=docker-registry.tools.wmflabs.org \
+--host-automounts=/var/run/nslcd/socket \
+--host-paths-allowed=/var/run/nslcd/socket \
+--host-path-prefixes-allowed=/data/project/,/data/scratch/,/public/dumps/"
Info: Computing checksum on file /etc/default/kube-apiserver
Info: /Stage[main]/K8s::Apiserver/File[/etc/default/kube-apiserver]: Filebucketed /etc/default/kube-apiserver to puppet with sum 2c8d1451bc9517248e77f0bd087659e3
Notice: /Stage[main]/K8s::Apiserver/File[/etc/default/kube-apiserver]/content: content changed '{md5}2c8d1451bc9517248e77f0bd087659e3' to '{md5}7b00fc103e9fedc12d5baef73e4ec467'
Notice: /Stage[main]/K8s::Apiserver/File[/etc/default/kube-apiserver]/mode: mode changed '0644' to '0444'
Info: /Stage[main]/K8s::Apiserver/File[/etc/default/kube-apiserver]: Scheduling refresh of Service[kube-apiserver]
Info: /Stage[main]/K8s::Apiserver/File[/etc/default/kube-apiserver]: Scheduling refresh of Service[kube-apiserver]
Error: Could not start Service[kube-apiserver]: Execution of '/bin/systemctl start kube-apiserver' returned 1: Job for kube-apiserver.service failed. See 'systemctl status kube-apiserver.service' and 'journalctl -xn' for details.
Wrapped exception:
Execution of '/bin/systemctl start kube-apiserver' returned 1: Job for kube-apiserver.service failed. See 'systemctl status kube-apiserver.service' and 'journalctl -xn' for details.
Error: /Stage[main]/K8s::Apiserver/Base::Service_unit[kube-apiserver]/Service[kube-apiserver]/ensure: change from stopped to running failed: Could not start Service[kube-apiserver]: Execution of '/bin/systemctl start kube-apiserver' returned 1: Job for kube-apiserver.service failed. See 'systemctl status kube-apiserver.service' and 'journalctl -xn' for details.
Notice: /Stage[main]/K8s::Apiserver/Base::Service_unit[kube-apiserver]/Service[kube-apiserver]: Triggered 'refresh' from 4 events
Notice: /Stage[main]/K8s::Controller/File[/etc/default/kube-controller-manager]/content:
--- /etc/default/kube-controller-manager 2016-11-24 11:17:39.000000000 +0000
+++ /tmp/puppet-file20170217-16384-wtda4e 2017-02-17 22:17:45.727671082 +0000
@@ -1,6 +1,7 @@
###
-# The following values are used to configure the kubernetes controller-manager
-
-# defaults from config and apiserver should be adequate
-
-#DAEMON_ARGS=""
+## The following values are used to configure the kubernetes controller-manager
+#
+## defaults from config and apiserver should be adequate
+# This is the default anyway in 1.4 at least, but specify to ensure backwards compatibility
+DAEMON_ARGS="--cluster-cidr=192.168.0.0/24 --leader-elect=true"
+#
Info: Computing checksum on file /etc/default/kube-controller-manager
Info: /Stage[main]/K8s::Controller/File[/etc/default/kube-controller-manager]: Filebucketed /etc/default/kube-controller-manager to puppet with sum c253c7f4882b5f71f345f3c8656cdf63
Notice: /Stage[main]/K8s::Controller/File[/etc/default/kube-controller-manager]/content: content changed '{md5}c253c7f4882b5f71f345f3c8656cdf63' to '{md5}2ee837580281dc01c5f79ac8e27f220f'
Notice: /Stage[main]/K8s::Controller/File[/etc/default/kube-controller-manager]/mode: mode changed '0644' to '0444'
Notice: /Stage[main]/Role::Toollabs::K8s::Master/Base::Expose_puppet_certs[/etc/kubernetes]/File[/etc/kubernetes/ssl]/ensure: created
Notice: /Stage[main]/Role::Toollabs::K8s::Master/Base::Expose_puppet_certs[/etc/kubernetes]/File[/etc/kubernetes/ssl/cert.pem]/ensure: defined content as '{md5}bc066d4b06c29df4d428d1e717dbe115'
Notice: /Stage[main]/Role::Toollabs::K8s::Master/Base::Expose_puppet_certs[/etc/kubernetes]/File[/etc/kubernetes/ssl/server.key]/ensure: defined content as '{md5}01096765ec364b04ed198ed759b097d9'
Notice: /Stage[main]/Base::Firewall/Ferm::Rule[monitoring-all]/File[/etc/ferm/conf.d/10_monitoring-all]/ensure: created
Info: /Stage[main]/Base::Firewall/Ferm::Rule[monitoring-all]/File[/etc/ferm/conf.d/10_monitoring-all]: Scheduling refresh of Service[ferm]
Notice: /Stage[main]/Ferm/Service[ferm]: Triggered 'refresh' from 13 events
Notice: /Stage[main]/Base::Firewall/Sysctl::Parameters[ferm_conntrack]/Sysctl::Conffile[ferm_conntrack]/File[/etc/sysctl.d/70-ferm_conntrack.conf]/ensure: created
Info: /Stage[main]/Base::Firewall/Sysctl::Parameters[ferm_conntrack]/Sysctl::Conffile[ferm_conntrack]/File[/etc/sysctl.d/70-ferm_conntrack.conf]: Scheduling refresh of Exec[update_sysctl]
Notice: /Stage[main]/Role::Toollabs::K8s::Master/Diamond::Collector[Kubernetes]/File[/usr/share/diamond/collectors/Kubernetes]/ensure: created
Notice: /Stage[main]/Role::Toollabs::K8s::Master/Diamond::Collector[Kubernetes]/File[/usr/share/diamond/collectors/Kubernetes/Kubernetes.py]/ensure: defined content as '{md5}ffe71d530d896c2c379ddfe5ea46db94'
Info: /Stage[main]/Role::Toollabs::K8s::Master/Diamond::Collector[Kubernetes]/File[/usr/share/diamond/collectors/Kubernetes/Kubernetes.py]: Scheduling refresh of Service[diamond]
Notice: /Stage[main]/Role::Toollabs::K8s::Master/Diamond::Collector[Kubernetes]/File[/etc/diamond/collectors/KubernetesCollector.conf]/ensure: created
Info: /Stage[main]/Role::Toollabs::K8s::Master/Diamond::Collector[Kubernetes]/File[/etc/diamond/collectors/KubernetesCollector.conf]: Scheduling refresh of Service[diamond]
Notice: /Stage[main]/K8s::Controller/Base::Service_unit[kube-controller-manager]/File[/lib/systemd/system/kube-controller-manager.service]/content:
--- /lib/systemd/system/kube-controller-manager.service 2016-11-24 11:17:39.000000000 +0000
+++ /tmp/puppet-file20170217-16384-ciezeq 2017-02-17 22:17:47.211695290 +0000
@@ -1,19 +1,24 @@
[Unit]
-Description=Kubernetes Controller Manager
+Description=Kubernetes Controller manager
Documentation=https://github.com/kubernetes/kubernetes
Documentation=man:kube-controller-manager
After=network.target
[Service]
+# Setting a sane default
Environment=KUBE_MASTER=--master=127.0.0.1:8080
+# The shared kubernetes configurations file
EnvironmentFile=-/etc/kubernetes/config
+# kube-controller-manager specific configuration
EnvironmentFile=-/etc/default/%p
-User=kube
+User=kubernetes
+Group=kubernetes
ExecStart=/usr/bin/kube-controller-manager \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBE_MASTER \
$DAEMON_ARGS
+# Reevaluate Restart=always
Restart=on-failure
LimitNOFILE=65536
Info: Computing checksum on file /lib/systemd/system/kube-controller-manager.service
Info: /Stage[main]/K8s::Controller/Base::Service_unit[kube-controller-manager]/File[/lib/systemd/system/kube-controller-manager.service]: Filebucketed /lib/systemd/system/kube-controller-manager.service to puppet with sum 7292b64ef521ec031806f683112d6081
Notice: /Stage[main]/K8s::Controller/Base::Service_unit[kube-controller-manager]/File[/lib/systemd/system/kube-controller-manager.service]/content: content changed '{md5}7292b64ef521ec031806f683112d6081' to '{md5}899101d93f35ceafbe85c55b7b1e490c'
Notice: /Stage[main]/K8s::Controller/Base::Service_unit[kube-controller-manager]/File[/lib/systemd/system/kube-controller-manager.service]/mode: mode changed '0644' to '0444'
Info: /Stage[main]/K8s::Controller/Base::Service_unit[kube-controller-manager]/File[/lib/systemd/system/kube-controller-manager.service]: Scheduling refresh of Service[kube-controller-manager]
Info: /Stage[main]/K8s::Controller/Base::Service_unit[kube-controller-manager]/File[/lib/systemd/system/kube-controller-manager.service]: Scheduling refresh of Exec[systemd reload for kube-controller-manager]
Info: /Stage[main]/K8s::Controller/Base::Service_unit[kube-controller-manager]/File[/lib/systemd/system/kube-controller-manager.service]: Scheduling refresh of Service[kube-controller-manager]
Info: /Stage[main]/K8s::Controller/Base::Service_unit[kube-controller-manager]/File[/lib/systemd/system/kube-controller-manager.service]: Scheduling refresh of Exec[systemd reload for kube-controller-manager]
Notice: /Stage[main]/K8s::Controller/Base::Service_unit[kube-controller-manager]/Exec[systemd reload for kube-controller-manager]: Triggered 'refresh' from 2 events
Notice: /Stage[main]/K8s::Controller/Base::Service_unit[kube-controller-manager]/Service[kube-controller-manager]/enable: enable changed 'false' to 'true'
Notice: /Stage[main]/K8s::Controller/Base::Service_unit[kube-controller-manager]/Service[kube-controller-manager]: Triggered 'refresh' from 2 events
Notice: /Stage[main]/Toollabs::Maintain_kubeusers/Apt::Pin[python3-ldap3]/File[/etc/apt/preferences.d/python3-ldap3.pref]/ensure: created
Info: /Stage[main]/Toollabs::Maintain_kubeusers/Apt::Pin[python3-ldap3]/File[/etc/apt/preferences.d/python3-ldap3.pref]: Scheduling refresh of Exec[apt-get update]
Notice: /Stage[main]/Toollabs::Infrastructure/Security::Access::Config[labs-admin-only]/File[/etc/security/access.conf.d/50-labs-admin-only]/ensure: created
Info: /Stage[main]/Toollabs::Infrastructure/Security::Access::Config[labs-admin-only]/File[/etc/security/access.conf.d/50-labs-admin-only]: Scheduling refresh of Exec[merge-access-conf]
Notice: /Stage[main]/Security::Access/Exec[merge-access-conf]: Triggered 'refresh' from 1 events
Notice: /Stage[main]/Toollabs::Maintain_kubeusers/Apt::Pin[python3-pyasn1]/File[/etc/apt/preferences.d/python3-pyasn1.pref]/ensure: created
Info: /Stage[main]/Toollabs::Maintain_kubeusers/Apt::Pin[python3-pyasn1]/File[/etc/apt/preferences.d/python3-pyasn1.pref]: Scheduling refresh of Exec[apt-get update]
Notice: /Stage[main]/Toollabs::Maintain_kubeusers/Package[python3-ldap3]/ensure: ensure changed 'purged' to 'present'
Notice: /Stage[main]/K8s::Scheduler/Base::Service_unit[kube-scheduler]/File[/lib/systemd/system/kube-scheduler.service]/content:
--- /lib/systemd/system/kube-scheduler.service 2016-11-24 11:17:39.000000000 +0000
+++ /tmp/puppet-file20170217-16384-cr6cz9 2017-02-17 22:17:54.491814426 +0000
@@ -5,15 +5,20 @@
After=network.target
[Service]
+# Setting a sane default
Environment=KUBE_MASTER=--master=127.0.0.1:8080
+# The shared kubernetes configurations file
EnvironmentFile=-/etc/kubernetes/config
+# kube-scheduler specific configuration
EnvironmentFile=-/etc/default/%p
-User=kube
+User=kubernetes
+Group=kubernetes
ExecStart=/usr/bin/kube-scheduler \
$KUBE_LOGTOSTDERR \
$KUBE_LOG_LEVEL \
$KUBE_MASTER \
$DAEMON_ARGS
+# Reevaluate using Restart=always. Keep for now for backwards compatibility
Restart=on-failure
LimitNOFILE=65536
Info: Computing checksum on file /lib/systemd/system/kube-scheduler.service
Info: /Stage[main]/K8s::Scheduler/Base::Service_unit[kube-scheduler]/File[/lib/systemd/system/kube-scheduler.service]: Filebucketed /lib/systemd/system/kube-scheduler.service to puppet with sum d76fba5ec94279e60287d3065bae626e
Notice: /Stage[main]/K8s::Scheduler/Base::Service_unit[kube-scheduler]/File[/lib/systemd/system/kube-scheduler.service]/content: content changed '{md5}d76fba5ec94279e60287d3065bae626e' to '{md5}3692b3f685f188ccb66fdf08362e7f79'
Notice: /Stage[main]/K8s::Scheduler/Base::Service_unit[kube-scheduler]/File[/lib/systemd/system/kube-scheduler.service]/mode: mode changed '0644' to '0444'
Info: /Stage[main]/K8s::Scheduler/Base::Service_unit[kube-scheduler]/File[/lib/systemd/system/kube-scheduler.service]: Scheduling refresh of Service[kube-scheduler]
Info: /Stage[main]/K8s::Scheduler/Base::Service_unit[kube-scheduler]/File[/lib/systemd/system/kube-scheduler.service]: Scheduling refresh of Exec[systemd reload for kube-scheduler]
Info: /Stage[main]/K8s::Scheduler/Base::Service_unit[kube-scheduler]/File[/lib/systemd/system/kube-scheduler.service]: Scheduling refresh of Service[kube-scheduler]
Info: /Stage[main]/K8s::Scheduler/Base::Service_unit[kube-scheduler]/File[/lib/systemd/system/kube-scheduler.service]: Scheduling refresh of Exec[systemd reload for kube-scheduler]
Notice: /Stage[main]/K8s::Scheduler/Base::Service_unit[kube-scheduler]/Exec[systemd reload for kube-scheduler]: Triggered 'refresh' from 2 events
Notice: /Stage[main]/K8s::Scheduler/Base::Service_unit[kube-scheduler]/Service[kube-scheduler]/enable: enable changed 'false' to 'true'
Notice: /Stage[main]/K8s::Scheduler/Base::Service_unit[kube-scheduler]/Service[kube-scheduler]: Triggered 'refresh' from 2 events
Notice: /Stage[main]/Base::Firewall/Sudo::User[nagios_check_ferm]/File[/etc/sudoers.d/nagios_check_ferm]/ensure: created
Info: /Stage[main]/Base::Firewall/Sudo::User[nagios_check_ferm]/File[/etc/sudoers.d/nagios_check_ferm]: Scheduling refresh of Exec[sudo_user_nagios_check_ferm_linting]
Notice: /Stage[main]/Base::Firewall/Sudo::User[nagios_check_ferm]/Exec[sudo_user_nagios_check_ferm_linting]: Triggered 'refresh' from 1 events
Notice: /Stage[main]/Base::Firewall/Nrpe::Monitor_service[conntrack_table_size]/Nrpe::Check[check_conntrack_table_size]/File[/etc/nagios/nrpe.d/check_conntrack_table_size.cfg]/ensure: created
Info: /Stage[main]/Base::Firewall/Nrpe::Monitor_service[conntrack_table_size]/Nrpe::Check[check_conntrack_table_size]/File[/etc/nagios/nrpe.d/check_conntrack_table_size.cfg]: Scheduling refresh of Service[nagios-nrpe-server]
Notice: /Stage[main]/Base::Firewall/Nrpe::Monitor_service[ferm_active]/Nrpe::Check[check_ferm_active]/File[/etc/nagios/nrpe.d/check_ferm_active.cfg]/ensure: created
Info: /Stage[main]/Base::Firewall/Nrpe::Monitor_service[ferm_active]/Nrpe::Check[check_ferm_active]/File[/etc/nagios/nrpe.d/check_ferm_active.cfg]: Scheduling refresh of Service[nagios-nrpe-server]
Notice: /Stage[main]/Sysctl/Exec[update_sysctl]: Triggered 'refresh' from 1 events
Notice: /Stage[main]/Nrpe/Service[nagios-nrpe-server]: Triggered 'refresh' from 2 events
Notice: /Stage[main]/Apt/Exec[apt-get update]: Triggered 'refresh' from 2 events
Notice: /Stage[main]/Diamond/Service[diamond]: Triggered 'refresh' from 2 events
Notice: Finished catalog run in 50.37 seconds
root@k8s-master-01:~#
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL