Follow DLS' breaking changes, init rename and unlock API

scripts/.cleanup.sh

@@ -1,22 +1,12 @@
 #!/bin/bash
 
 stopdls() {
-  if docker ps &>/dev/null | grep -q " $DLS_CTR_NAME$"; then
+  if docker ps | grep -q " $DLS_CTR_NAME$"; then
     pinfo "Stopping Direktil Local Server..."
     docker stop $DLS_CTR_NAME
   fi
 }
 
-destroyvms() {
-  for host in ${!hosts[*]}; do
-    if test -f $ctxdir/data/$host/pid ; then
-      pid=$(cat $ctxdir/data/$host/pid)
-      pinfo "Cleaning VM $host with PID $pid..."
-      kill $pid && sleep 1
-    fi
-  done
-}
-
 cleanuppaths() {
   PATHS="data secrets kubeconfig cache dist"
   cd $ctxdir
@@ -29,13 +19,13 @@ cleanuppaths() {
 }
 
 cleanupnetwork() {
-  if iptables -L |grep -q $QEMU_BR_NAME; then
+  if iptables -L -n |grep -q $QEMU_BR_NAME; then
     pinfo "Cleaning iptables rules..."
     iptables -t nat -D POSTROUTING -j MASQUERADE -s $QEMU_BR_IP/$QEMU_BR_MASK \! -o $QEMU_BR_NAME
     iptables -D FORWARD -o $QEMU_BR_NAME -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
     iptables -D FORWARD -j ACCEPT -i $QEMU_BR_NAME
   fi
-  if ip li show $QEMU_BR_NAME ; then
+  if ip li show $QEMU_BR_NAME &>/dev/null; then
     pinfo "Cleaning existing interfaces..."
     ip li set $QEMU_BR_NAME down
     ip li del $QEMU_BR_NAME
@@ -50,3 +40,4 @@ declare -A hosts
 get_hosts
 destroyvms
 cleanuppaths
+cleanupnetwork

scripts/.common

@@ -1,24 +1,6 @@
 #!/bin/bash
 
-## Vars
+source $(dirname $0)/vars
-# Docker container name for dir2config
-D2C_CTR_NAME=dir2config
-# Docker container name for direktil local server
-DLS_CTR_NAME=dls
-
-# QEMU local bridge name. If you specificy a custom name, you may have to configure qemu bridge helper to allow it
-QEMU_BR_NAME=virbr0
-# QEMU VM default disk size
-QEMU_DISK_SIZE=30G
-# Allocated CPUs to QEMU VMs
-QEMU_VM_CPU=4
-# Allocated Memory to QEMU VMs
-QEMU_VM_MEM=8096
-################
-
-# Token file for dls
-tknfile=".dls_adm_token"
-
 
 ## Helper funcs
 
@@ -31,6 +13,10 @@ perror() {
   exit 1
 }
 
+sshcmd() {
+  ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $*
+}
+
 dls() {
   path=$1
   shift
@@ -57,9 +43,10 @@ check_root() {
 }
 
 prereqs() {
-  # set -ex
+  set -e
   cd "$(dirname $0)/.."
   ctxdir="$PWD"
+  source scripts/vars
 }
 
 check_conf() {
@@ -86,7 +73,7 @@ unlock_store() {
     pinfo "Direktil Local Server store already unlocked"
   else
     pinfo "Unlocking the DLS store ..."
-    DLS_ADM_TOKEN=$(dls /public/unlock-store -d "\"${DLS_UNLOCK_TOKEN}\""|tr -d \")
+    DLS_ADM_TOKEN=$(dls /public/unlock-store -d '{"Name": "novit", "Passphrase": "'$(echo -n ${DLS_UNLOCK_TOKEN}|base64 -w0)'"}'|tr -d \")
     pinfo "Admin access token is $DLS_ADM_TOKEN"
     echo $DLS_ADM_TOKEN > $tknfile
     chmod 444 $tknfile
@@ -107,23 +94,13 @@ get_hosts() {
 get_parts() {
   for host in ${!hosts[*]}; do
     mkdir -p $ctxdir/data/$host
-    for part in kernel initrd-v2
+    for part in kernel initrd
     do
       partfile=$ctxdir/data/$host/$part
-      test -f $partfile || dls /hosts/$host/$part -o $partfile
+      test -f $partfile || { pinfo "Downloading $part for host $host" && dls /hosts/$host/$part -o $partfile; }
     done
     diskfile=$ctxdir/data/$host/disk
-    test -f $diskfile || truncate -s ${QEMU_DISK_SIZE:-30G} $diskfile
+    test -f $diskfile || { pinfo "Creating disk $diskfile" && truncate -s ${QEMU_DISK_SIZE:-30G} $diskfile; }
-  done
-}
-
-destroyvms() {
-  for host in ${!hosts[*]}; do
-    host=$1
-    if test -f $ctxdir/data/$host/pid ; then
-      pinfo "Detected a pid file, killing process in case VM was already started"
-      kill $(cat $ctxdir/data/$host/pid) && sleep 1
-    fi
   done
 }
 
@@ -145,10 +122,18 @@ create_kubeconfig() {
   chmod 444 $ctxdir/kubeconfig
 }
 
-clean() {
+
-  set +e
+destroyvms() {
-  sudo iptables -t nat -D POSTROUTING -j MASQUERADE -s $QEMU_BR_IP \! -o $QEMU_BR_NAME &>/dev/null
+  for host in ${!hosts[*]}; do
-  sudo iptables -D FORWARD -o $QEMU_BR_NAME -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT &>/dev/null
+    if test -f $ctxdir/data/$host/pid ; then
-  sudo iptables -D FORWARD -j ACCEPT -i $QEMU_BR_NAME &>/dev/null
+      pid=$(cat $ctxdir/data/$host/pid)
+      if ! test -d /proc/$pid ; then
+        pinfo "VM $host seems not running"
+      else
+        pinfo "Cleaning VM $host with PID $pid..."
+        kill $pid && sleep 1
+      fi
+    fi
+  done
 }
 

scripts/0.start_dls.sh

@@ -1,11 +1,5 @@
 #!/bin/bash
 #
-# Admin token to unlock the DLS store
-DLS_UNLOCK_TOKEN=changeme
-#
-#
-D2C_IMG=novit.tech/direktil/local-server:b6fa941
-DLS_IMG=novit.tech/direktil/local-server:b6fa941
 
 prereqs_dls() {
   command -v docker 1>/dev/null || perror "Docker is needed, please install it and run again."
@@ -33,14 +27,13 @@ start_store() {
       -e HTTPS_PROXY=$HTTPS_PROXY \
       -v .:/var/lib/direktil \
       $DLS_IMG &
-#      -auto-unlock 'N0v!T'
   sleep 2
 }
 
 source $(dirname $0)/.common
 check_root
-prereqs_dls
 prereqs
+prereqs_dls
 dir2config
 start_store
 unlock_store

scripts/1.qemu.sh

@@ -14,7 +14,7 @@ prereqs_qemu() {
   done
 }
 setup_network_qemu() {
-  if ! ip li show $QEMU_BR_NAME ; then
+  if ! ip li show $QEMU_BR_NAME &>/dev/null ; then
     ip li add name $QEMU_BR_NAME type bridge
     ip li set $QEMU_BR_NAME up
   fi
@@ -33,10 +33,11 @@ setup_network_qemu() {
   if ! test -d /etc/qemu; then
     mkdir -p /etc/qemu
   fi
-  if ! grep -q "allow $QEMU_BR_NAME" /etc/qemu/bridge.conf; then
+  if ! grep -qs "allow $QEMU_BR_NAME" /etc/qemu/bridge.conf; then
     echo "allow $QEMU_BR_NAME" >> /etc/qemu/bridge.conf
   fi
 }
+
 run_qemu() {
   id=1
   for host in ${!hosts[*]}; do
@@ -45,7 +46,7 @@ run_qemu() {
     pinfo "Starting host $host with ip ${hosts[$host]}"
     qemu-system-x86_64 -enable-kvm -smp $QEMU_VM_CPU -m $QEMU_VM_MEM \
       -nic bridge,br=$QEMU_BR_NAME,mac=42:42:42:42:42:0${id} \
-      -kernel $ctxdir/data/$host/kernel -initrd $ctxdir/data/$host/initrd-v2 -vga qxl \
+      -kernel $ctxdir/data/$host/kernel -initrd $ctxdir/data/$host/initrd -vga qxl \
       -drive format=raw,file=$ctxdir/data/$host/disk &
     echo $! >$ctxdir/data/$host/pid
     ((++id))
@@ -54,6 +55,8 @@ run_qemu() {
 }
 # # # # # # # #
 
+
+
 source $(dirname $0)/.common
 check_root
 prereqs
@@ -66,5 +69,4 @@ get_hosts
 get_parts
 destroyvms
 run_qemu
-#clean
 

scripts/2.first_start_k8s.sh

@@ -21,13 +21,13 @@ checkup() {
     while :
     do
       pinfo "Checking availability of node $host..."
-      ssh root@${hosts[$host]} <<< true &>/dev/null
+      if true | sshcmd -q root@${hosts[$host]};
-      if [ $? == 0 ]; then
+      then
         pinfo "VM $host is up!"
         break
       else
         ((tries--))
-        if [ $tries < 1 ]; then
+        if [ "$tries" -lt "1" ]; then
           pinfo "Timeout waiting for node detection, please investigate why node $host is not up by now"
           break
         fi
@@ -39,7 +39,7 @@ checkup() {
 
 start_control_plane() {
   for host in ${!hosts[*]}; do
-    ssh root@${hosts[$host]} << EOF
+    sshcmd -q root@${hosts[$host]} << EOF
       if ls /etc/kubernetes/manifests.static/* &>/dev/null ; then
         mv /etc/kubernetes/manifests.static/* /var/lib/kubelet/manifests/
       fi
@@ -47,6 +47,23 @@ EOF
   done
 }
 
+wait_for_apiserver() {
+  vip=$(extract_var clusters public_vip)
+  vip_api_port=$(extract_var clusters api_port)
+
+  while :
+  do
+    pinfo "Waiting for apiserver availability ($vip:$vip_api_port). Images may still being pulled... "
+    if kctl get node &>/dev/null ; then
+      pinfo "API is up!"
+      break
+    else
+      sleep 20
+    fi
+  done
+
+}
+
 install_addons() {
   body='{"Kind":"cluster","Name":"'$cluster'","Assets":["addons"]}'
   download_id=$(dls /authorize-download -d "$body"|tr -d \")
@@ -55,20 +72,20 @@ install_addons() {
 }
 
 approve_kubelet_certificates() {
-  tries=5
+  tries=10
   nodes_num=$(kctl get node -oname|wc -l)
-  while [ "$nodes_num" != "${#hosts[*]}" ] ; do
+  while [ "$nodes_num" -lt "${#hosts[*]}" ] ; do
-    pinfo "Waiting for certificates requests to be created by Kubelet when it's ready... ($tries/5)"
+    pinfo "Waiting for certificates requests to be created by Kubelet when it's ready... ($tries tries out of 10)"
-    sleep 60s
+    sleep 20s
     csrs="$(kctl get csr|awk '/Pending/ {print $1}')"
     if [ "$csrs" != "" ]; then
       kctl certificate approve $csrs
     fi
     ((tries--))
-    if [ "$tries" < 1 ]; then
+    if [ "$tries" -lt "1" ]; then
-      pinfo "Timeout waiting for kubelet certificates creation, please investigate why all nodes are not up by now"
+      perror "Timeout waiting for kubelet certificates creation, please investigate why all nodes are not up by now"
-      break
     fi
+    nodes_num=$(kctl get node -oname|wc -l)
   done
   pinfo "All kubelets ($nodes_num) are up, enjoy !"
 }
@@ -83,6 +100,7 @@ declare -A hosts && get_hosts
 checkup
 start_control_plane
 create_kubeconfig
+wait_for_apiserver
 install_addons
 approve_kubelet_certificates # clients and serving certs
 

scripts/vars

@@ -0,0 +1,26 @@
+## Vars
+
+# Admin token to unlock the DLS store, replace it!
+DLS_UNLOCK_TOKEN=changeme
+
+# Docker container name for dir2config
+D2C_IMG=novit.tech/direktil/local-server:latest
+D2C_CTR_NAME=dir2config
+
+# Docker container name for direktil local server
+DLS_IMG=novit.tech/direktil/local-server:latest
+DLS_CTR_NAME=dls
+
+# QEMU local bridge name. If you specificy a custom name, you may have to configure qemu bridge helper to allow it
+QEMU_BR_NAME=virbr0
+# QEMU VM default disk size
+QEMU_DISK_SIZE=30G
+# Allocated CPUs to QEMU VMs
+QEMU_VM_CPU=4
+# Allocated Memory to QEMU VMs
+QEMU_VM_MEM=4096
+################
+
+# Token file for dls
+tknfile=".dls_adm_token"
+