restore etcd listening on eth0 (#1712)

* restore etcd listening on eth0

* removed etcd on localhost only test

* hyphen ftw

Author: jackfrancis

parts/kubernetesmastercustomdata.yml

@@ -372,7 +372,7 @@ runcmd:
 - /opt/azure/containers/setup-etcd.sh
 {{end}}
 - apt-mark hold walinuxagent {{GetKubernetesMasterPreprovisionYaml}}
-- /bin/echo DAEMON_ARGS=--name "{{WrapAsVerbatim "variables('masterVMNames')[copyIndex(variables('masterOffset'))]"}}" --initial-advertise-peer-urls "{{WrapAsVerbatim "variables('masterEtcdPeerURLs')[copyIndex(variables('masterOffset'))]"}}" --listen-peer-urls "{{WrapAsVerbatim "variables('masterEtcdPeerURLs')[copyIndex(variables('masterOffset'))]"}}" --advertise-client-urls "{{WrapAsVerbatim "variables('masterEtcdClientURLs')[copyIndex(variables('masterOffset'))]"}}" --listen-client-urls "{{WrapAsVerbatim "concat('http://127.0.0.1:', variables('masterEtcdClientPort'))"}}" --initial-cluster-token "k8s-etcd-cluster" --initial-cluster "{{WrapAsVerbatim "variables('masterEtcdClusterStates')[div(variables('masterCount'), 2)]"}} --data-dir "/var/lib/etcddisk"" --initial-cluster-state "new" | tee -a /etc/default/etcd
+- /bin/echo DAEMON_ARGS=--name "{{WrapAsVerbatim "variables('masterVMNames')[copyIndex(variables('masterOffset'))]"}}" --initial-advertise-peer-urls "{{WrapAsVerbatim "variables('masterEtcdPeerURLs')[copyIndex(variables('masterOffset'))]"}}" --listen-peer-urls "{{WrapAsVerbatim "variables('masterEtcdPeerURLs')[copyIndex(variables('masterOffset'))]"}}" --advertise-client-urls "{{WrapAsVerbatim "variables('masterEtcdClientURLs')[copyIndex(variables('masterOffset'))]"}}" --listen-client-urls "{{WrapAsVerbatim "concat(variables('masterEtcdClientURLs')[copyIndex(variables('masterOffset'))], ',http://127.0.0.1:', variables('masterEtcdClientPort'))"}}" --initial-cluster-token "k8s-etcd-cluster" --initial-cluster "{{WrapAsVerbatim "variables('masterEtcdClusterStates')[div(variables('masterCount'), 2)]"}} --data-dir "/var/lib/etcddisk"" --initial-cluster-state "new" | tee -a /etc/default/etcd
 - sudo /bin/chown -R etcd:etcd /var/lib/etcd/default
 - /opt/azure/containers/mountetcd.sh
 - sudo /bin/chown -R etcd:etcd /var/lib/etcddisk

test/e2e/kubernetes/kubernetes_test.go

@@ -6,7 +6,6 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
-	"regexp"
 	"time"
 
 	"github.com/Azure/acs-engine/pkg/api/common"
@@ -16,7 +15,6 @@ import (
 	"github.com/Azure/acs-engine/test/e2e/kubernetes/node"
 	"github.com/Azure/acs-engine/test/e2e/kubernetes/pod"
 	"github.com/Azure/acs-engine/test/e2e/kubernetes/service"
-	"github.com/Azure/acs-engine/test/e2e/remote"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 )
@@ -65,46 +63,6 @@ var _ = Describe("Azure Container Cluster using the Kubernetes Orchestrator", fu
 			}
 		})
 
-		/* The master nodes are hidden behind a load balancer. Therefore, we will create an ssh connection and then continue to reuse that connection for subsequent commands. We will iterate the nodes first to make sure that we ssh onto each host from a given master and then the inner loop will verify that we cannot connect to another master's etcd instance. If we see a "Host key verification failed" error this is an indication that we are trying to ssh onto a host that we are already on. Then we will just execute the etcdctl command locally. */
-		It("should not expose etcd to the internet", func() {
-			hostKeyRegex, err := regexp.Compile("Host key verification failed")
-			Expect(err).NotTo(HaveOccurred())
-
-			nodes, err := node.GetByPrefix("k8s-master")
-			Expect(err).NotTo(HaveOccurred())
-			Expect(len(nodes)).NotTo(Equal(0))
-
-			conn, err := remote.NewConnection(fmt.Sprintf("%s.%s.cloudapp.azure.com", cfg.Name, cfg.Location), "22", eng.ClusterDefinition.Properties.LinuxProfile.AdminUsername, cfg.GetSSHKeyPath())
-			Expect(err).NotTo(HaveOccurred())
-
-			hostname, err := conn.Execute("hostname")
-			Expect(err).NotTo(HaveOccurred())
-			for _, n := range nodes {
-				for _, nprime := range nodes {
-					// I am doing this to validate that we always run these commands from the same host
-					host, err := conn.Execute("hostname")
-					Expect(err).NotTo(HaveOccurred())
-					Expect(hostname).To(Equal(host))
-
-					if n.Metadata.Name != nprime.Metadata.Name {
-						etcdCmd := fmt.Sprintf("etcdctl --endpoint=http://%s:2379 ls /registry/secrets/kube-system", nprime.Status.GetAddressByType("InternalIP").Address)
-						cmd := fmt.Sprintf("ssh %s@%s %s", eng.ClusterDefinition.Properties.LinuxProfile.AdminUsername, n.Metadata.Name, etcdCmd)
-
-						out, err := conn.Execute(cmd)
-						matched := hostKeyRegex.MatchString(string(out))
-						if !matched {
-							Expect(err).To(HaveOccurred())
-							Expect(out).To(MatchRegexp("connection refused"))
-						} else {
-							out, err := conn.Execute(etcdCmd)
-							Expect(err).To(HaveOccurred())
-							Expect(out).To(MatchRegexp("connection refused"))
-						}
-					}
-				}
-			}
-		})
-
 		It("should have kube-dns running", func() {
 			running, err := pod.WaitOnReady("kube-dns", "kube-system", 5*time.Second, cfg.Timeout)
 			Expect(err).NotTo(HaveOccurred())