diff --git a/cluster/gce/container-linux/configure-helper.sh b/cluster/gce/container-linux/configure-helper.sh index d0bcdef82185e..abb1d4a749f1e 100755 --- a/cluster/gce/container-linux/configure-helper.sh +++ b/cluster/gce/container-linux/configure-helper.sh @@ -25,6 +25,12 @@ set -o errexit set -o nounset set -o pipefail +# Use --retry-connrefused opt only if it's supported by curl. +CURL_RETRY_CONNREFUSED="" +if curl --help | grep -q -- '--retry-connrefused'; then + CURL_RETRY_CONNREFUSED='--retry-connrefused' +fi + function create-dirs { echo "Creating required directories" mkdir -p /var/lib/kubelet @@ -975,7 +981,7 @@ function start-kube-apiserver { params+=" --feature-gates=${FEATURE_GATES}" fi if [[ -n "${PROJECT_ID:-}" && -n "${TOKEN_URL:-}" && -n "${TOKEN_BODY:-}" && -n "${NODE_NETWORK:-}" ]]; then - local -r vm_external_ip=$(curl --retry 5 --retry-delay 3 --fail --silent -H 'Metadata-Flavor: Google' "http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip") + local -r vm_external_ip=$(curl --retry 5 --retry-delay 3 ${CURL_RETRY_CONNREFUSED} --fail --silent -H 'Metadata-Flavor: Google' "http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip") if [[ -n "${PROXY_SSH_USER:-}" ]]; then params+=" --advertise-address=${vm_external_ip}" params+=" --ssh-user=${PROXY_SSH_USER}" @@ -1469,7 +1475,7 @@ function setup-rkt { mkdir -p /etc/rkt "${KUBE_HOME}/download/" local rkt_tar="${KUBE_HOME}/download/rkt.tar.gz" local rkt_tmpdir=$(mktemp -d "${KUBE_HOME}/rkt_download.XXXXX") - curl --retry 5 --retry-delay 3 --fail --silent --show-error \ + curl --retry 5 --retry-delay 3 ${CURL_RETRY_CONNREFUSED} --fail --silent --show-error \ --location --create-dirs --output "${rkt_tar}" \ https://github.com/coreos/rkt/releases/download/v${RKT_VERSION}/rkt-v${RKT_VERSION}.tar.gz tar --strip-components=1 -xf "${rkt_tar}" -C "${rkt_tmpdir}" --overwrite @@ -1508,7 +1514,7 @@ function install-docker2aci { local tar_path="${KUBE_HOME}/download/docker2aci.tar.gz" local tmp_path="${KUBE_HOME}/docker2aci" mkdir -p "${KUBE_HOME}/download/" "${tmp_path}" - curl --retry 5 --retry-delay 3 --fail --silent --show-error \ + curl --retry 5 --retry-delay 3 ${CURL_RETRY_CONNREFUSED} --fail --silent --show-error \ --location --create-dirs --output "${tar_path}" \ https://github.com/appc/docker2aci/releases/download/v0.14.0/docker2aci-v0.14.0.tar.gz tar --strip-components=1 -xf "${tar_path}" -C "${tmp_path}" --overwrite diff --git a/cluster/gce/container-linux/configure.sh b/cluster/gce/container-linux/configure.sh index 7ee40b684b489..962a5c033122b 100755 --- a/cluster/gce/container-linux/configure.sh +++ b/cluster/gce/container-linux/configure.sh @@ -18,10 +18,16 @@ set -o errexit set -o nounset set -o pipefail +# Use --retry-connrefused opt only if it's supported by curl. +CURL_RETRY_CONNREFUSED="" +if curl --help | grep -q -- '--retry-connrefused'; then + CURL_RETRY_CONNREFUSED='--retry-connrefused' +fi + function download-kube-env { # Fetch kube-env from GCE metadata server. local -r tmp_kube_env="/tmp/kube-env.yaml" - curl --fail --retry 5 --retry-delay 3 --silent --show-error \ + curl --fail --retry 5 --retry-delay 3 ${CURL_RETRY_CONNREFUSED} --silent --show-error \ -H "X-Google-Metadata-Request: True" \ -o "${tmp_kube_env}" \ http://metadata.google.internal/computeMetadata/v1/instance/attributes/kube-env @@ -55,7 +61,7 @@ function download-or-bust { for url in "${urls[@]}"; do local file="${url##*/}" rm -f "${file}" - if ! curl -f --ipv4 -Lo "${file}" --connect-timeout 20 --max-time 300 --retry 6 --retry-delay 10 "${url}"; then + if ! curl -f --ipv4 -Lo "${file}" --connect-timeout 20 --max-time 300 --retry 6 --retry-delay 10 ${CURL_RETRY_CONNREFUSED} "${url}"; then echo "== Failed to download ${url}. Retrying. ==" elif [[ -n "${hash}" ]] && ! validate-hash "${file}" "${hash}"; then echo "== Hash validation of ${url} failed. Retrying. ==" diff --git a/cluster/gce/container-linux/master.yaml b/cluster/gce/container-linux/master.yaml index 4dec695c9d7ab..444d304273978 100644 --- a/cluster/gce/container-linux/master.yaml +++ b/cluster/gce/container-linux/master.yaml @@ -17,7 +17,8 @@ coreos: Type=oneshot RemainAfterExit=yes ExecStartPre=/bin/mkdir -p /opt/kubernetes/bin - ExecStartPre=/usr/bin/curl --fail --retry 5 --retry-delay 3 --silent --show-error -H "X-Google-Metadata-Request: True" -o /opt/kubernetes/bin/configure.sh http://metadata.google.internal/computeMetadata/v1/instance/attributes/configure-sh + # Use --retry-connrefused opt only if it's supported by curl. + ExecStartPre=/bin/bash -c 'OPT=""; if curl --help | grep -q -- "--retry-connrefused"; then OPT="--retry-connrefused"; fi; /usr/bin/curl --fail --retry 5 --retry-delay 3 $OPT --silent --show-error -H "X-Google-Metadata-Request: True" -o /opt/kubernetes/bin/configure.sh http://metadata.google.internal/computeMetadata/v1/instance/attributes/configure-sh' ExecStartPre=/bin/chmod 544 /opt/kubernetes/bin/configure.sh ExecStart=/opt/kubernetes/bin/configure.sh diff --git a/cluster/gce/container-linux/node.yaml b/cluster/gce/container-linux/node.yaml index b203c4fded39d..9886679cd78ff 100644 --- a/cluster/gce/container-linux/node.yaml +++ b/cluster/gce/container-linux/node.yaml @@ -17,7 +17,8 @@ coreos: Type=oneshot RemainAfterExit=yes ExecStartPre=/bin/mkdir -p /opt/kubernetes/bin - ExecStartPre=/usr/bin/curl --fail --retry 5 --retry-delay 3 --silent --show-error -H "X-Google-Metadata-Request: True" -o /opt/kubernetes/bin/configure.sh http://metadata.google.internal/computeMetadata/v1/instance/attributes/configure-sh + # Use --retry-connrefused opt only if it's supported by curl. + ExecStartPre=/bin/bash -c 'OPT=""; if curl --help | grep -q -- "--retry-connrefused"; then OPT="--retry-connrefused"; fi; /usr/bin/curl --fail --retry 5 --retry-delay 3 $OPT --silent --show-error -H "X-Google-Metadata-Request: True" -o /opt/kubernetes/bin/configure.sh http://metadata.google.internal/computeMetadata/v1/instance/attributes/configure-sh' ExecStartPre=/bin/chmod 544 /opt/kubernetes/bin/configure.sh ExecStart=/opt/kubernetes/bin/configure.sh diff --git a/cluster/gce/gci/configure-helper.sh b/cluster/gce/gci/configure-helper.sh index f82f2a23dca8f..0bf30051c9ecf 100644 --- a/cluster/gce/gci/configure-helper.sh +++ b/cluster/gce/gci/configure-helper.sh @@ -28,6 +28,12 @@ set -o pipefail readonly UUID_MNT_PREFIX="/mnt/disks/by-uuid/google-local-ssds" readonly UUID_BLOCK_PREFIX="/dev/disk/by-uuid/google-local-ssds" +# Use --retry-connrefused opt only if it's supported by curl. +CURL_RETRY_CONNREFUSED="" +if curl --help | grep -q -- '--retry-connrefused'; then + CURL_RETRY_CONNREFUSED='--retry-connrefused' +fi + function setup-os-params { # Reset core_pattern. On GCI, the default core_pattern pipes the core dumps to # /sbin/crash_reporter which is more restrictive in saving crash dumps. So for @@ -1655,7 +1661,7 @@ function start-kube-apiserver { params+=" --feature-gates=${FEATURE_GATES}" fi if [[ -n "${PROJECT_ID:-}" && -n "${TOKEN_URL:-}" && -n "${TOKEN_BODY:-}" && -n "${NODE_NETWORK:-}" ]]; then - local -r vm_external_ip=$(curl --retry 5 --retry-delay 3 --fail --silent -H 'Metadata-Flavor: Google' "http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip") + local -r vm_external_ip=$(curl --retry 5 --retry-delay 3 ${CURL_RETRY_CONNREFUSED} --fail --silent -H 'Metadata-Flavor: Google' "http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip") if [[ -n "${PROXY_SSH_USER:-}" ]]; then params+=" --advertise-address=${vm_external_ip}" params+=" --ssh-user=${PROXY_SSH_USER}" diff --git a/cluster/gce/gci/configure.sh b/cluster/gce/gci/configure.sh index ac6a28efd9e3a..f8ac61b61367d 100644 --- a/cluster/gce/gci/configure.sh +++ b/cluster/gce/gci/configure.sh @@ -31,6 +31,12 @@ DEFAULT_NPD_SHA1="a57a3fe64cab8a18ec654f5cef0aec59dae62568" DEFAULT_MOUNTER_TAR_SHA="8003b798cf33c7f91320cd6ee5cec4fa22244571" ### +# Use --retry-connrefused opt only if it's supported by curl. +CURL_RETRY_CONNREFUSED="" +if curl --help | grep -q -- '--retry-connrefused'; then + CURL_RETRY_CONNREFUSED='--retry-connrefused' +fi + function set-broken-motd { cat > /etc/motd <