github.com/jlmeeker/kismatic@v1.10.1-0.20180612190640-57f9005a1f1a/pkg/inspector/rule/rule_set.go (about) 1 package rule 2 3 import ( 4 "bytes" 5 "fmt" 6 "io" 7 "strings" 8 "text/template" 9 ) 10 11 /* 12 - kind: __RuleName__ 13 when: 14 - ["etcd", "master", "worker", "ingress", "storage"] 15 - ["rhel", "centos"] 16 ... 17 18 This rule will be executed when the node has these facts: 19 ("etcd" OR "master" OR "worker" OR "ingress" OR "storage") AND ("rhel" OR "centos") 20 */ 21 22 // DefaultRuleSet is the list of rules that are built into the inspector 23 const defaultRuleSet = `--- 24 - kind: FreeSpace 25 path: / 26 minimumBytes: 1000000000 27 28 # Python 2.5+ is installed on all nodes 29 # This is required by ansible 30 - kind: Python2Version 31 when: [] 32 supportedVersions: 33 - Python 2.5 34 - Python 2.6 35 - Python 2.7 36 37 # Executables required by kubelet 38 - kind: ExecutableInPath 39 when: 40 - ["master", "worker", "ingress", "storage"] 41 executable: iptables 42 - kind: ExecutableInPath 43 when: 44 - ["master", "worker", "ingress", "storage"] 45 executable: iptables-save 46 - kind: ExecutableInPath 47 when: 48 - ["master", "worker", "ingress", "storage"] 49 executable: iptables-restore 50 51 # Docker should be installed when installation is disabled 52 - kind: DockerInPath 53 when: 54 - ["etcd", "master", "worker", "ingress", "storage"] 55 56 # Ports used by etcd are available 57 - kind: TCPPortAvailable 58 when: 59 - ["etcd"] 60 port: 2379 61 procName: docker-proxy # docker sets up a proxy for the etcd container 62 - kind: TCPPortAvailable 63 when: 64 - ["etcd"] 65 port: 6666 66 procName: docker-proxy # docker sets up a proxy for the etcd container 67 - kind: TCPPortAvailable 68 when: 69 - ["etcd"] 70 port: 2380 71 procName: docker-proxy # docker sets up a proxy for the etcd container 72 - kind: TCPPortAvailable 73 when: 74 - ["etcd"] 75 port: 6660 76 procName: docker-proxy # docker sets up a proxy for the etcd container 77 78 # Ports used by etcd are accessible 79 - kind: TCPPortAccessible 80 when: 81 - ["etcd"] 82 port: 2379 83 timeout: 5s 84 - kind: TCPPortAccessible 85 when: 86 - ["etcd"] 87 port: 6666 88 timeout: 5s 89 - kind: TCPPortAccessible 90 when: 91 - ["etcd"] 92 port: 2380 93 timeout: 5s 94 - kind: TCPPortAccessible 95 when: 96 - ["etcd"] 97 port: 6660 98 timeout: 5s 99 100 # Ports used by K8s master are available 101 - kind: TCPPortAvailable 102 when: 103 - ["master"] 104 port: 6443 105 procName: kube-apiserver 106 # kube-scheduler 107 - kind: TCPPortAvailable 108 when: 109 - ["master"] 110 port: 10251 111 procName: kube-scheduler 112 # kube-controller-manager 113 - kind: TCPPortAvailable 114 when: 115 - ["master"] 116 port: 10252 117 procName: kube-controller 118 119 # Ports used by K8s master are accessible 120 - kind: TCPPortAccessible 121 when: 122 - ["master"] 123 port: 6443 124 timeout: 5s 125 # kube-scheduler 126 - kind: TCPPortAccessible 127 when: 128 - ["master"] 129 port: 10251 130 timeout: 5s 131 # kube-controller-manager 132 - kind: TCPPortAccessible 133 when: 134 - ["master"] 135 port: 10252 136 timeout: 5s 137 138 # Ports used by K8s worker are available 139 # kubelet localhost healthz 140 - kind: TCPPortAvailable 141 when: 142 - ["master", "worker", "ingress", "storage"] 143 port: 10248 144 procName: kubelet 145 # kube-proxy metrics 146 - kind: TCPPortAvailable 147 when: 148 - ["master", "worker", "ingress", "storage"] 149 port: 10249 150 procName: kube-proxy 151 # kube-proxy health 152 - kind: TCPPortAvailable 153 when: 154 - ["master", "worker", "ingress", "storage"] 155 port: 10256 156 procName: kube-proxy 157 # kubelet 158 - kind: TCPPortAvailable 159 when: 160 - ["master", "worker", "ingress", "storage"] 161 port: 10250 162 procName: kubelet 163 164 # Ports used by K8s worker are accessible 165 # kube-proxy 166 - kind: TCPPortAccessible 167 when: 168 - ["master", "worker", "ingress", "storage"] 169 port: 10256 170 timeout: 5s 171 # kubelet 172 - kind: TCPPortAccessible 173 when: 174 - ["master", "worker", "ingress", "storage"] 175 port: 10250 176 timeout: 5s 177 178 # Port used by Ingress 179 - kind: TCPPortAvailable 180 when: 181 - ["ingress"] 182 port: 80 183 procName: nginx 184 - kind: TCPPortAccessible 185 when: 186 - ["ingress"] 187 port: 80 188 timeout: 5s 189 - kind: TCPPortAvailable 190 when: 191 - ["ingress"] 192 port: 443 193 procName: nginx 194 - kind: TCPPortAccessible 195 when: 196 - ["ingress"] 197 port: 443 198 timeout: 5s 199 # healthz 200 - kind: TCPPortAvailable 201 when: 202 - ["ingress"] 203 port: 10254 204 procName: nginx-ingress-c 205 - kind: TCPPortAccessible 206 when: 207 - ["ingress"] 208 port: 10254 209 timeout: 5s 210 211 # Port required for gluster-healthz 212 - kind: TCPPortAvailable 213 when: 214 - ["storage"] 215 port: 8081 216 procName: exechealthz 217 - kind: TCPPortAccessible 218 when: 219 - ["storage"] 220 port: 8081 221 timeout: 5s 222 223 # Ports required for NFS 224 # Removed due to https://github.com/apprenda/kismatic/issues/784 225 #- kind: TCPPortAvailable 226 # when: 227 # - ["storage"] 228 # port: 111 229 #- kind: TCPPortAccessible 230 # when: 231 # - ["storage"] 232 # port: 111 233 # timeout: 5s 234 - kind: TCPPortAvailable 235 when: 236 - ["storage"] 237 port: 2049 238 procName: glusterfs 239 - kind: TCPPortAccessible 240 when: 241 - ["storage"] 242 port: 2049 243 timeout: 5s 244 - kind: TCPPortAvailable 245 when: 246 - ["storage"] 247 port: 38465 248 procName: glusterfs 249 - kind: TCPPortAccessible 250 when: 251 - ["storage"] 252 port: 38465 253 timeout: 5s 254 - kind: TCPPortAvailable 255 when: 256 - ["storage"] 257 port: 38466 258 procName: glusterfs 259 - kind: TCPPortAccessible 260 when: 261 - ["storage"] 262 port: 38466 263 timeout: 5s 264 - kind: TCPPortAvailable 265 when: 266 - ["storage"] 267 port: 38467 268 procName: glusterfs 269 - kind: TCPPortAccessible 270 when: 271 - ["storage"] 272 port: 38467 273 timeout: 5s 274 275 - kind: PackageDependency 276 when: 277 - ["etcd", "master", "worker", "ingress", "storage"] 278 - ["ubuntu"] 279 packageName: docker-ce 280 packageVersion: 17.03.2~ce-0~ubuntu-xenial 281 - kind: PackageDependency 282 when: 283 - ["master", "worker", "ingress", "storage"] 284 - ["ubuntu"] 285 packageName: kubelet 286 packageVersion: {{.kubernetes_deb_version}} 287 - kind: PackageDependency 288 when: 289 - ["master", "worker", "ingress", "storage"] 290 - ["ubuntu"] 291 packageName: nfs-common 292 - kind: PackageDependency 293 when: 294 - ["master", "worker", "ingress", "storage"] 295 - ["ubuntu"] 296 packageName: kubectl 297 packageVersion: {{.kubernetes_deb_version}} 298 # https://docs.docker.com/engine/installation/linux/docker-ee/ubuntu/#uninstall-old-versions 299 - kind: PackageNotInstalled 300 when: 301 - ["etcd", "master", "worker", "ingress", "storage"] 302 - ["ubuntu"] 303 packageName: docker 304 - kind: PackageNotInstalled 305 when: 306 - ["etcd", "master", "worker", "ingress", "storage"] 307 - ["ubuntu"] 308 packageName: docker-engine 309 - kind: PackageNotInstalled 310 when: 311 - ["etcd", "master", "worker", "ingress", "storage"] 312 - ["ubuntu"] 313 packageName: docker-ce 314 acceptablePackageVersion: 17.03.2~ce-0~ubuntu-xenial 315 - kind: PackageNotInstalled 316 when: 317 - ["etcd", "master", "worker", "ingress", "storage"] 318 - ["ubuntu"] 319 packageName: docker-ee 320 321 - kind: PackageDependency 322 when: 323 - ["etcd", "master", "worker", "ingress", "storage"] 324 - ["centos"] 325 packageName: docker-ce 326 packageVersion: 17.03.2.ce-1.el7.centos 327 - kind: PackageDependency 328 when: 329 - ["master", "worker", "ingress", "storage"] 330 - ["centos"] 331 packageName: kubelet 332 packageVersion: {{.kubernetes_yum_version}} 333 - kind: PackageDependency 334 when: 335 - ["master", "worker", "ingress", "storage"] 336 - ["centos"] 337 packageName: nfs-utils 338 - kind: PackageDependency 339 when: 340 - ["master", "worker", "ingress", "storage"] 341 - ["centos"] 342 packageName: kubectl 343 packageVersion: {{.kubernetes_yum_version}} 344 # https://docs.docker.com/engine/installation/linux/docker-ee/centos/ 345 - kind: PackageNotInstalled 346 when: 347 - ["etcd", "master", "worker", "ingress", "storage"] 348 - ["centos"] 349 packageName: docker 350 - kind: PackageNotInstalled 351 when: 352 - ["etcd", "master", "worker", "ingress", "storage"] 353 - ["centos"] 354 packageName: docker-common 355 - kind: PackageNotInstalled 356 when: 357 - ["etcd", "master", "worker", "ingress", "storage"] 358 - ["centos"] 359 packageName: docker-selinux 360 - kind: PackageNotInstalled 361 when: 362 - ["etcd", "master", "worker", "ingress", "storage"] 363 - ["centos"] 364 packageName: docker-engine-selinux 365 - kind: PackageNotInstalled 366 when: 367 - ["etcd", "master", "worker", "ingress", "storage"] 368 - ["centos"] 369 packageName: docker-engine 370 - kind: PackageNotInstalled 371 when: 372 - ["etcd", "master", "worker", "ingress", "storage"] 373 - ["centos"] 374 packageName: docker-ce 375 acceptablePackageVersion: 17.03.2.ce-1.el7.centos 376 - kind: PackageNotInstalled 377 when: 378 - ["etcd", "master", "worker", "ingress", "storage"] 379 - ["centos"] 380 packageName: docker-ee 381 382 - kind: PackageDependency 383 when: 384 - ["etcd", "master", "worker", "ingress", "storage"] 385 - ["rhel"] 386 packageName: docker-ce 387 packageVersion: 17.03.2.ce-1.el7.centos 388 - kind: PackageDependency 389 when: 390 - [master", "worker", "ingress", "storage"] 391 - ["rhel"] 392 packageName: kubelet 393 packageVersion: {{.kubernetes_yum_version}} 394 - kind: PackageDependency 395 when: 396 - [master", "worker", "ingress", "storage"] 397 - ["rhel"] 398 packageName: nfs-utils 399 - kind: PackageDependency 400 when: 401 - ["master", "worker", "ingress", "storage"] 402 - ["rhel"] 403 packageName: kubectl 404 packageVersion: {{.kubernetes_yum_version}} 405 # https://docs.docker.com/engine/installation/linux/docker-ee/rhel/#os-requirements 406 - kind: PackageNotInstalled 407 when: 408 - ["etcd", "master", "worker", "ingress", "storage"] 409 - ["rhel"] 410 packageName: docker 411 - kind: PackageNotInstalled 412 when: 413 - ["etcd", "master", "worker", "ingress", "storage"] 414 - ["rhel"] 415 packageName: docker-common 416 - kind: PackageNotInstalled 417 when: 418 - ["etcd", "master", "worker", "ingress", "storage"] 419 - ["rhel"] 420 packageName: docker-selinux 421 - kind: PackageNotInstalled 422 when: 423 - ["etcd", "master", "worker", "ingress", "storage"] 424 - ["rhel"] 425 packageName: docker-engine-selinux 426 - kind: PackageNotInstalled 427 when: 428 - ["etcd", "master", "worker", "ingress", "storage"] 429 - ["rhel"] 430 packageName: docker-engine 431 - kind: PackageNotInstalled 432 when: 433 - ["etcd", "master", "worker", "ingress", "storage"] 434 - ["rhel"] 435 packageName: docker-ce 436 acceptablePackageVersion: 17.03.2.ce-1.el7.centos 437 - kind: PackageNotInstalled 438 when: 439 - ["etcd", "master", "worker", "ingress", "storage"] 440 - ["rhel"] 441 packageName: docker-ee 442 443 # Gluster packages 444 - kind: PackageDependency 445 when: 446 - ["storage"] 447 - ["centos"] 448 packageName: glusterfs-server 449 packageVersion: 3.8.15-2.el7 450 - kind: PackageDependency 451 when: 452 - ["storage"] 453 - ["rhel"] 454 packageName: glusterfs-server 455 packageVersion: 3.8.15-2.el7 456 - kind: PackageDependency 457 when: 458 - ["storage"] 459 - ["ubuntu"] 460 packageName: glusterfs-server 461 packageVersion: 3.8.15-ubuntu1~xenial1 462 ` 463 464 const upgradeRuleSet = `--- 465 - kind: FreeSpace 466 path: / 467 minimumBytes: 1000000000 468 469 - kind: PackageDependency 470 when: 471 - ["etcd", "master", "worker", "ingress", "storage"] 472 - ["ubuntu"] 473 packageName: docker-ce 474 packageVersion: 17.03.2~ce-0~ubuntu-xenial 475 - kind: PackageDependency 476 when: 477 - ["master", "worker", "ingress", "storage"] 478 - ["ubuntu"] 479 packageName: kubelet 480 packageVersion: {{.kubernetes_deb_version}} 481 - kind: PackageDependency 482 when: 483 - ["master", "worker", "ingress", "storage"] 484 - ["ubuntu"] 485 packageName: nfs-common 486 - kind: PackageDependency 487 when: 488 - ["master", "worker", "ingress", "storage"] 489 - ["ubuntu"] 490 packageName: kubectl 491 packageVersion: {{.kubernetes_deb_version}} 492 493 - kind: PackageDependency 494 when: 495 - ["etcd", "master", "worker", "ingress", "storage"] 496 - ["centos"] 497 packageName: docker-ce 498 packageVersion: 17.03.2.ce-1.el7.centos 499 - kind: PackageDependency 500 when: 501 - ["master", "worker", "ingress", "storage"] 502 - ["centos"] 503 packageName: kubelet 504 packageVersion: {{.kubernetes_yum_version}} 505 - kind: PackageDependency 506 when: 507 - ["master", "worker", "ingress", "storage"] 508 - ["centos"] 509 packageName: nfs-utils 510 - kind: PackageDependency 511 when: 512 - ["master", "worker", "ingress", "storage"] 513 - ["centos"] 514 packageName: kubectl 515 packageVersion: {{.kubernetes_yum_version}} 516 517 - kind: PackageDependency 518 when: 519 - ["etcd", "master", "worker", "ingress", "storage"] 520 - ["rhel"] 521 packageName: docker-ce 522 packageVersion: 17.03.2.ce-1.el7.centos 523 - kind: PackageDependency 524 when: 525 - [master", "worker", "ingress", "storage"] 526 - ["rhel"] 527 packageName: kubelet 528 packageVersion: {{.kubernetes_yum_version}} 529 - kind: PackageDependency 530 when: 531 - [master", "worker", "ingress", "storage"] 532 - ["rhel"] 533 packageName: nfs-utils 534 - kind: PackageDependency 535 when: 536 - ["master", "worker", "ingress", "storage"] 537 - ["rhel"] 538 packageName: kubectl 539 packageVersion: {{.kubernetes_yum_version}} 540 541 # Gluster packages 542 - kind: PackageDependency 543 when: 544 - ["storage"] 545 - ["centos"] 546 packageName: glusterfs-server 547 packageVersion: 3.8.15-2.el7 548 - kind: PackageDependency 549 when: 550 - ["storage"] 551 - ["rhel"] 552 packageName: glusterfs-server 553 packageVersion: 3.8.15-2.el7 554 - kind: PackageDependency 555 when: 556 - ["storage"] 557 - ["ubuntu"] 558 packageName: glusterfs-server 559 packageVersion: 3.8.15-ubuntu1~xenial1 560 ` 561 562 // DefaultRules returns the list of rules that are built into the inspector 563 func DefaultRules(vars map[string]string) []Rule { 564 tmpl, err := template.New("").Parse(defaultRuleSet) 565 if err != nil { 566 panic(fmt.Errorf("error parsing rules: %v", err)) 567 } 568 var rawRules bytes.Buffer 569 err = tmpl.Execute(&rawRules, vars) 570 if err != nil { 571 panic(fmt.Errorf("error reading rules from: %v", err)) 572 } 573 rules, err := UnmarshalRulesYAML(rawRules.Bytes()) 574 if err != nil { 575 // The default rules should not contain errors 576 // If they do, panic so that we catch them during tests 577 panic(err) 578 } 579 return rules 580 } 581 582 // DumpDefaultRules writes the default rule set to a file 583 func DumpDefaultRules(writer io.Writer) error { 584 _, err := io.Copy(writer, strings.NewReader(defaultRuleSet)) 585 if err != nil { 586 return err 587 } 588 return nil 589 } 590 591 func UpgradeRules(vars map[string]string) []Rule { 592 tmpl, err := template.New("").Parse(upgradeRuleSet) 593 if err != nil { 594 panic(fmt.Errorf("error parsing rules: %v", err)) 595 } 596 fmt.Printf("template: %v+\n", tmpl.Tree) 597 var rawRules bytes.Buffer 598 err = tmpl.Execute(&rawRules, vars) 599 if err != nil { 600 panic(fmt.Errorf("error reading rules from: %v", err)) 601 } 602 fmt.Printf("raw rules: %v\n", rawRules.String()) 603 rules, err := UnmarshalRulesYAML(rawRules.Bytes()) 604 if err != nil { 605 // The upgrade rules should not contain errors 606 // If they do, panic so that we catch them during tests 607 panic(err) 608 } 609 return rules 610 }