(List (Com {[LIT_CHARS set]} {[LIT_CHARS -o]} {[LIT_CHARS errexit]} ) (Com {[LIT_CHARS set]} {[LIT_CHARS -o]} {[LIT_CHARS nounset]} ) (Com {[LIT_CHARS set]} {[LIT_CHARS -o]} {[LIT_CHARS pipefail]} ) (FunctionDef setup-os-params [] (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "core.%e.%p.%t"]]} < (FilenameRedirectNode filename={[LIT_CHARS /proc/sys/kernel/core_pattern]} "> 1), > ) ) (FunctionDef config-ip-firewall [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Configuring IP firewall rules"]]} ) (If (Pipeline (Com {[LIT_CHARS iptables]} {[LIT_CHARS -L]} {[LIT_CHARS INPUT]} ) (Com {[LIT_CHARS grep]} {[DQ [LIT_CHARS "Chain INPUT (policy DROP)"]]} < (FilenameRedirectNode filename={[LIT_CHARS /dev/null]} "> 1), > ) ) (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Add rules to accept all inbound TCP/UDP/ICMP packets"]]} ) (Com {[LIT_CHARS iptables]} {[LIT_CHARS -A]} {[LIT_CHARS INPUT]} {[LIT_CHARS -w]} {[LIT_CHARS -p]} {[LIT_CHARS TCP]} {[LIT_CHARS -j]} {[LIT_CHARS ACCEPT]} ) (Com {[LIT_CHARS iptables]} {[LIT_CHARS -A]} {[LIT_CHARS INPUT]} {[LIT_CHARS -w]} {[LIT_CHARS -p]} {[LIT_CHARS UDP]} {[LIT_CHARS -j]} {[LIT_CHARS ACCEPT]} ) (Com {[LIT_CHARS iptables]} {[LIT_CHARS -A]} {[LIT_CHARS INPUT]} {[LIT_CHARS -w]} {[LIT_CHARS -p]} {[LIT_CHARS ICMP]} {[LIT_CHARS -j]} {[LIT_CHARS ACCEPT]} ) ) ) (If (Pipeline (Com {[LIT_CHARS iptables]} {[LIT_CHARS -L]} {[LIT_CHARS FORWARD]} ) (Com {[LIT_CHARS grep]} {[DQ [LIT_CHARS "Chain FORWARD (policy DROP)"]]} < (FilenameRedirectNode filename={[LIT_CHARS /dev/null]} "> 1), > ) ) (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Add rules to accept all forwarded TCP/UDP/ICMP packets"]]} ) (Com {[LIT_CHARS iptables]} {[LIT_CHARS -A]} {[LIT_CHARS FORWARD]} {[LIT_CHARS -w]} {[LIT_CHARS -p]} {[LIT_CHARS TCP]} {[LIT_CHARS -j]} {[LIT_CHARS ACCEPT]} ) (Com {[LIT_CHARS iptables]} {[LIT_CHARS -A]} {[LIT_CHARS FORWARD]} {[LIT_CHARS -w]} {[LIT_CHARS -p]} {[LIT_CHARS UDP]} {[LIT_CHARS -j]} {[LIT_CHARS ACCEPT]} ) (Com {[LIT_CHARS iptables]} {[LIT_CHARS -A]} {[LIT_CHARS FORWARD]} {[LIT_CHARS -w]} {[LIT_CHARS -p]} {[LIT_CHARS ICMP]} {[LIT_CHARS -j]} {[LIT_CHARS ACCEPT]} ) ) ) ) ) (FunctionDef create-dirs [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Creating required directories"]]} ) (Com {[LIT_CHARS mkdir]} {[LIT_CHARS -p]} {[LIT_CHARS /var/lib/kubelet]} ) (Com {[LIT_CHARS mkdir]} {[LIT_CHARS -p]} {[LIT_CHARS /etc/kubernetes/manifests]} ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub KUBERNETES_MASTER test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS false]]}}) (Com {[LIT_CHARS mkdir]} {[LIT_CHARS -p]} {[LIT_CHARS /var/lib/kube-proxy]} ) ) ) ) (FunctionDef safe-format-and-mount [] (List (= scope= flags=0 words=[] bindings=[('device', {[VarSub 1]})]) (= scope= flags=0 words=[] bindings=[('mountpoint', {[VarSub 2]})]) (If (Pipeline! (Com {[LIT_CHARS tune2fs]} {[LIT_CHARS -l]} {[DQ [VarSub device]]} ) ) (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Formatting '"][VarSub device][LIT_CHARS "'"]]} ) (Com {[LIT_CHARS mkfs.ext4]} {[LIT_CHARS -F]} {[LIT_CHARS -E]} {[LIT_VAR_LIKE "lazy_itable_init="] [LIT_CHARS 0] [LIT_COMMA ","] [LIT_VAR_LIKE "lazy_journal_init="] [LIT_CHARS 0] [LIT_COMMA ","] [LIT_CHARS discard] =} {[DQ [VarSub device]]} ) ) ) (Com {[LIT_CHARS mkdir]} {[LIT_CHARS -p]} {[DQ [VarSub mountpoint]]} ) (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Mounting '"][VarSub device][LIT_CHARS "' at '"][VarSub mountpoint][LIT_CHARS "'"]]} ) (Com {[LIT_CHARS mount]} {[LIT_CHARS -o]} {[LIT_CHARS discard] [LIT_COMMA ","] [LIT_CHARS defaults]} {[DQ [VarSub device]]} {[DQ [VarSub mountpoint]]} ) ) ) (FunctionDef ensure-local-ssds [] (For ssd [{[LIT_CHARS /dev/disk/by-id/google-local-ssd-] [LIT_OTHER "*"]}]) (If (Com {[LIT_DBRACKET_LIKE "["]} {[LIT_CHARS -e]} {[DQ [VarSub ssd]]} {[LIT_DBRACKET_LIKE "]"]} ) (List (= scope= flags=0 words=[] bindings=[('ssdnum', {[ComSub (Pipeline (Com {[LIT_CHARS echo]} {[VarSub ssd]}) (Com {[LIT_CHARS sed]} {[LIT_CHARS -e]} {[SQ ]}) )]})]) (= scope= flags=0 words=[] bindings=[('ssdmount', {[DQ [LIT_CHARS /mnt/disks/ssd][VarSub ssdnum][LIT_CHARS /]]})]) (Com {[LIT_CHARS mkdir]} {[LIT_CHARS -p]} {[VarSub ssdmount]} ) (Com {[LIT_CHARS safe-format-and-mount]} {[DQ [VarSub ssd]]} {[VarSub ssdmount]} ) (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Mounted local SSD "][VarSub ssd][LIT_CHARS " at "][VarSub ssdmount]]} ) (Com {[LIT_CHARS chmod]} {[LIT_CHARS a] [LIT_OTHER "+"] [LIT_CHARS w]} {[VarSub ssdmount]} ) ) (ElseTrue) (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "No local SSD disks found."]]} ) ) ) ) (FunctionDef setup-logrotate [] (List (Com {[LIT_CHARS mkdir]} {[LIT_CHARS -p]} {[LIT_CHARS /etc/logrotate.d/]} ) (Com {[LIT_CHARS cat]} < (FilenameRedirectNode filename={[LIT_CHARS /etc/logrotate.d/docker-containers]} "> 1), (HereDocRedirectNode here_end='EOF' do_expansion=True body_word={[DQ [LIT_CHARS "/var/lib/docker/containers/*/*-json.log {\n"][LIT_CHARS " rotate 5\n"][LIT_CHARS " copytruncate\n"][LIT_CHARS " missingok\n"][LIT_CHARS " notifempty\n"][LIT_CHARS " compress\n"][LIT_CHARS " maxsize 10M\n"][LIT_CHARS " daily\n"][LIT_CHARS " dateext\n"][LIT_CHARS " dateformat -%Y%m%d-%s\n"][LIT_CHARS " create 0644 root root\n"][LIT_CHARS "}\n"]]} 0), > ) (Com {[LIT_CHARS cat]} < (FilenameRedirectNode filename={[LIT_CHARS /etc/logrotate.d/allvarlogs]} "> 1), (HereDocRedirectNode here_end='EOF' do_expansion=True body_word={[DQ [LIT_CHARS "/var/log/*.log {\n"][LIT_CHARS " rotate 5\n"][LIT_CHARS " copytruncate\n"][LIT_CHARS " missingok\n"][LIT_CHARS " notifempty\n"][LIT_CHARS " compress\n"][LIT_CHARS " maxsize 100M\n"][LIT_CHARS " daily\n"][LIT_CHARS " dateext\n"][LIT_CHARS " dateformat -%Y%m%d-%s\n"][LIT_CHARS " create 0644 root root\n"][LIT_CHARS "}\n"]]} 0), > ) ) ) (FunctionDef find-master-pd [] (List (= scope= flags=0 words=[] bindings=[('MASTER_PD_DEVICE', {[DQ ]})]) (If (DBracket {B! {B1 UNARY_FILE_e {[LIT_CHARS /dev/disk/by-id/google-master-pd]}}}) (Com {[LIT_CHARS return]} ) ) (= scope= flags=0 words=[] bindings=[('device_info', {[ComSub (Com {[LIT_CHARS ls]} {[LIT_CHARS -l]} {[LIT_CHARS /dev/disk/by-id/google-master-pd]})]})]) (= scope= flags=0 words=[] bindings=[('relative_path', {[VarSub device_info transform_ops=[VS_UNARY_DPOUND {[LIT_CHARS "* "]}]]})]) (= scope= flags=0 words=[] bindings=[('MASTER_PD_DEVICE', {[DQ [LIT_CHARS /dev/disk/by-id/][VarSub relative_path]]})]) ) ) (FunctionDef mount-master-pd [] (List (Com {[LIT_CHARS find-master-pd]} ) (If (DBracket {B1 UNARY_STRING_z {[DQ [VarSub MASTER_PD_DEVICE test_op=VS_TEST_COLON_HYPHEN {}]]}}) (Com {[LIT_CHARS return]} ) ) (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Mounting master-pd"]]} ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('pd_path', {[DQ [LIT_CHARS /dev/disk/by-id/google-master-pd]]})]) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('mount_point', {[DQ [LIT_CHARS /mnt/disks/master-pd]]})]) (Com {[LIT_CHARS mkdir]} {[LIT_CHARS -p]} {[DQ [VarSub mount_point]]} ) (Com {[LIT_CHARS safe-format-and-mount]} {[DQ [VarSub pd_path]]} {[DQ [VarSub mount_point]]} ) (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Mounted master-pd '"][VarSub pd_path][LIT_CHARS "' at '"][VarSub mount_point][LIT_CHARS "'"]]} ) (Com {[LIT_CHARS mkdir]} {[LIT_CHARS -m]} {[LIT_CHARS 700]} {[LIT_CHARS -p]} {[DQ [VarSub mount_point][LIT_CHARS /var/etcd]]} ) (Com {[LIT_CHARS ln]} {[LIT_CHARS -s]} {[LIT_CHARS -f]} {[DQ [VarSub mount_point][LIT_CHARS /var/etcd]]} {[LIT_CHARS /var/etcd]} ) (Com {[LIT_CHARS mkdir]} {[LIT_CHARS -p]} {[LIT_CHARS /etc/srv]} ) (Com {[LIT_CHARS mkdir]} {[LIT_CHARS -p]} {[DQ [VarSub mount_point][LIT_CHARS /srv/kubernetes]]} ) (Com {[LIT_CHARS ln]} {[LIT_CHARS -s]} {[LIT_CHARS -f]} {[DQ [VarSub mount_point][LIT_CHARS /srv/kubernetes]]} {[LIT_CHARS /etc/srv/kubernetes]} ) (Com {[LIT_CHARS mkdir]} {[LIT_CHARS -p]} {[DQ [VarSub mount_point][LIT_CHARS /srv/sshproxy]]} ) (Com {[LIT_CHARS ln]} {[LIT_CHARS -s]} {[LIT_CHARS -f]} {[DQ [VarSub mount_point][LIT_CHARS /srv/sshproxy]]} {[LIT_CHARS /etc/srv/sshproxy]} ) (If (List (Fork (Pipeline! (Com {[LIT_CHARS id]} {[LIT_CHARS etcd]} ) ) ) (Com < (FilenameRedirectNode filename={[LIT_CHARS /dev/null]} "> 1), > ) ) (Com {[LIT_CHARS useradd]} {[LIT_CHARS -s]} {[LIT_CHARS /sbin/nologin]} {[LIT_CHARS -d]} {[LIT_CHARS /var/etcd]} {[LIT_CHARS etcd]} ) ) (Com {[LIT_CHARS chown]} {[LIT_CHARS -R]} {[LIT_CHARS etcd]} {[DQ [VarSub mount_point][LIT_CHARS /var/etcd]]} ) (Com {[LIT_CHARS chgrp]} {[LIT_CHARS -R]} {[LIT_CHARS etcd]} {[DQ [VarSub mount_point][LIT_CHARS /var/etcd]]} ) ) ) (FunctionDef create-master-auth [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Creating master auth files"]]} ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('auth_dir', {[DQ [LIT_CHARS /etc/srv/kubernetes]]})]) (If (DBracket {B? LOGICAL_BINARY_AND {B! {B1 UNARY_FILE_e {[DQ [VarSub auth_dir][LIT_CHARS /ca.crt]]}}} {B? LOGICAL_BINARY_AND {B! {B1 UNARY_STRING_z {[DQ [VarSub CA_CERT test_op=VS_TEST_COLON_HYPHEN {}]]}}} {B? LOGICAL_BINARY_AND {B! {B1 UNARY_STRING_z {[DQ [VarSub MASTER_CERT test_op=VS_TEST_COLON_HYPHEN {}]]}}} {B! {B1 UNARY_STRING_z {[DQ [VarSub MASTER_KEY test_op=VS_TEST_COLON_HYPHEN {}]]}}}}}}) (List (Pipeline (Com {[LIT_CHARS echo]} {[DQ [VarSub CA_CERT]]} ) (Com {[LIT_CHARS base64]} {[LIT_CHARS --decode]} < (FilenameRedirectNode filename={[DQ [VarSub auth_dir][LIT_CHARS /ca.crt]]} "> 1), > ) ) (Pipeline (Com {[LIT_CHARS echo]} {[DQ [VarSub MASTER_CERT]]} ) (Com {[LIT_CHARS base64]} {[LIT_CHARS --decode]} < (FilenameRedirectNode filename={[DQ [VarSub auth_dir][LIT_CHARS /server.cert]]} "> 1), > ) ) (Pipeline (Com {[LIT_CHARS echo]} {[DQ [VarSub MASTER_KEY]]} ) (Com {[LIT_CHARS base64]} {[LIT_CHARS --decode]} < (FilenameRedirectNode filename={[DQ [VarSub auth_dir][LIT_CHARS /server.key]]} "> 1), > ) ) ) ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('basic_auth_csv', {[DQ [VarSub auth_dir][LIT_CHARS /basic_auth.csv]]})]) (If (DBracket {B! {B1 UNARY_FILE_e {[DQ [VarSub basic_auth_csv]]}}}) (Com {[LIT_CHARS echo]} {[DQ [VarSub KUBE_PASSWORD][LIT_CHARS ","][VarSub KUBE_USER][LIT_CHARS ",admin"]]} < (FilenameRedirectNode filename={[DQ [VarSub basic_auth_csv]]} "> 1), > ) ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('known_tokens_csv', {[DQ [VarSub auth_dir][LIT_CHARS /known_tokens.csv]]})]) (If (DBracket {B! {B1 UNARY_FILE_e {[DQ [VarSub known_tokens_csv]]}}}) (List (Com {[LIT_CHARS echo]} {[DQ [VarSub KUBE_BEARER_TOKEN][LIT_CHARS ",admin,admin"]]} < (FilenameRedirectNode filename={[DQ [VarSub known_tokens_csv]]} "> 1), > ) (Com {[LIT_CHARS echo]} {[DQ [VarSub KUBELET_TOKEN][LIT_CHARS ",kubelet,kubelet"]]} < (FilenameRedirectNode filename={[DQ [VarSub known_tokens_csv]]} >"> 1), > ) (Com {[LIT_CHARS echo]} {[DQ [VarSub KUBE_PROXY_TOKEN][LIT_CHARS ",kube_proxy,kube_proxy"]]} < (FilenameRedirectNode filename={[DQ [VarSub known_tokens_csv]]} >"> 1), > ) ) ) (= scope= flags=0 words=[] bindings=[('use_cloud_config', {[DQ [LIT_CHARS false]]})]) (Com {[LIT_CHARS cat]} < (HereDocRedirectNode here_end='EOF' do_expansion=True body_word={[DQ [LIT_CHARS "[global]\n"]]} 0), (FilenameRedirectNode filename={[LIT_CHARS /etc/gce.conf]} "> 1), > ) (If (DBracket {B? LOGICAL_BINARY_AND {B1 UNARY_STRING_n {[DQ [VarSub PROJECT_ID test_op=VS_TEST_COLON_HYPHEN {}]]}} {B? LOGICAL_BINARY_AND {B1 UNARY_STRING_n {[DQ [VarSub TOKEN_URL test_op=VS_TEST_COLON_HYPHEN {}]]}} {B? LOGICAL_BINARY_AND {B1 UNARY_STRING_n {[DQ [VarSub TOKEN_BODY test_op=VS_TEST_COLON_HYPHEN {}]]}} {B1 UNARY_STRING_n {[DQ [VarSub NODE_NETWORK test_op=VS_TEST_COLON_HYPHEN {}]]}}}}}) (List (= scope= flags=0 words=[] bindings=[('use_cloud_config', {[DQ [LIT_CHARS true]]})]) (Com {[LIT_CHARS cat]} < (HereDocRedirectNode here_end='EOF' do_expansion=True body_word={[DQ [LIT_CHARS "token-url = "][VarSub TOKEN_URL][LIT_CHARS "\n"][LIT_CHARS "token-body = "][VarSub TOKEN_BODY][LIT_CHARS "\n"][LIT_CHARS "project-id = "][VarSub PROJECT_ID][LIT_CHARS "\n"][LIT_CHARS "network-name = "][VarSub NODE_NETWORK][LIT_CHARS "\n"]]} 0), (FilenameRedirectNode filename={[LIT_CHARS /etc/gce.conf]} >"> 1), > ) ) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub NODE_INSTANCE_PREFIX test_op=VS_TEST_COLON_HYPHEN {}]]}}) (List (= scope= flags=0 words=[] bindings=[('use_cloud_config', {[DQ [LIT_CHARS true]]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub NODE_TAGS test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('node_tags', {[DQ [VarSub NODE_TAGS]]})]) (ElseTrue) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('node_tags', {[DQ [VarSub NODE_INSTANCE_PREFIX]]})]) ) (Com {[LIT_CHARS cat]} < (HereDocRedirectNode here_end='EOF' do_expansion=True body_word={[DQ [LIT_CHARS "node-tags = "][VarSub node_tags][LIT_CHARS "\n"][LIT_CHARS "node-instance-prefix = "][VarSub NODE_INSTANCE_PREFIX][LIT_CHARS "\n"]]} 0), (FilenameRedirectNode filename={[LIT_CHARS /etc/gce.conf]} >"> 1), > ) ) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub MULTIZONE test_op=VS_TEST_COLON_HYPHEN {}]]}}) (List (= scope= flags=0 words=[] bindings=[('use_cloud_config', {[DQ [LIT_CHARS true]]})]) (Com {[LIT_CHARS cat]} < (HereDocRedirectNode here_end='EOF' do_expansion=True body_word={[DQ [LIT_CHARS "multizone = "][VarSub MULTIZONE][LIT_CHARS "\n"]]} 0), (FilenameRedirectNode filename={[LIT_CHARS /etc/gce.conf]} >"> 1), > ) ) ) (If (DBracket {B2 BINARY_STRING_NOT_EQUAL {[DQ [VarSub use_cloud_config]]} {[DQ [LIT_CHARS true]]}}) (Com {[LIT_CHARS rm]} {[LIT_CHARS -f]} {[LIT_CHARS /etc/gce.conf]} ) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub GCP_AUTHN_URL test_op=VS_TEST_COLON_HYPHEN {}]]}}) (Com {[LIT_CHARS cat]} < (HereDocRedirectNode here_end='EOF' do_expansion=True body_word={[DQ [LIT_CHARS "clusters:\n"][LIT_CHARS " - name: gcp-authentication-server\n"][LIT_CHARS " cluster:\n"][LIT_CHARS " server: "][VarSub GCP_AUTHN_URL][LIT_CHARS "\n"][LIT_CHARS "users:\n"][LIT_CHARS " - name: kube-apiserver\n"][LIT_CHARS " user:\n"][LIT_CHARS " auth-provider:\n"][LIT_CHARS " name: gcp\n"][LIT_CHARS "current-context: webhook\n"][LIT_CHARS "contexts:\n"][LIT_CHARS "- context:\n"][LIT_CHARS " cluster: gcp-authentication-server\n"][LIT_CHARS " user: kube-apiserver\n"][LIT_CHARS " name: webhook\n"]]} 0), (FilenameRedirectNode filename={[LIT_CHARS /etc/gcp_authn.config]} "> 1), > ) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub GCP_AUTHZ_URL test_op=VS_TEST_COLON_HYPHEN {}]]}}) (Com {[LIT_CHARS cat]} < (HereDocRedirectNode here_end='EOF' do_expansion=True body_word={[DQ [LIT_CHARS "clusters:\n"][LIT_CHARS " - name: gcp-authorization-server\n"][LIT_CHARS " cluster:\n"][LIT_CHARS " server: "][VarSub GCP_AUTHZ_URL][LIT_CHARS "\n"][LIT_CHARS "users:\n"][LIT_CHARS " - name: kube-apiserver\n"][LIT_CHARS " user:\n"][LIT_CHARS " auth-provider:\n"][LIT_CHARS " name: gcp\n"][LIT_CHARS "current-context: webhook\n"][LIT_CHARS "contexts:\n"][LIT_CHARS "- context:\n"][LIT_CHARS " cluster: gcp-authorization-server\n"][LIT_CHARS " user: kube-apiserver\n"][LIT_CHARS " name: webhook\n"]]} 0), (FilenameRedirectNode filename={[LIT_CHARS /etc/gcp_authz.config]} "> 1), > ) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub GCP_IMAGE_VERIFICATION_URL test_op=VS_TEST_COLON_HYPHEN {}]]}}) (List (Com {[LIT_CHARS cat]} < (HereDocRedirectNode here_end='EOF' do_expansion=True body_word={[DQ [LIT_CHARS "clusters:\n"][LIT_CHARS " - name: gcp-image-review-server\n"][LIT_CHARS " cluster:\n"][LIT_CHARS " server: "][VarSub GCP_IMAGE_VERIFICATION_URL][LIT_CHARS "\n"][LIT_CHARS "users:\n"][LIT_CHARS " - name: kube-apiserver\n"][LIT_CHARS " user:\n"][LIT_CHARS " auth-provider:\n"][LIT_CHARS " name: gcp\n"][LIT_CHARS "current-context: webhook\n"][LIT_CHARS "contexts:\n"][LIT_CHARS "- context:\n"][LIT_CHARS " cluster: gcp-image-review-server\n"][LIT_CHARS " user: kube-apiserver\n"][LIT_CHARS " name: webhook\n"]]} 0), (FilenameRedirectNode filename={[LIT_CHARS /etc/gcp_image_review.config]} "> 1), > ) (Com {[LIT_CHARS cat]} < (HereDocRedirectNode here_end='EOF' do_expansion=True body_word={[DQ [LIT_CHARS "imagePolicy:\n"][LIT_CHARS " kubeConfigFile: /etc/gcp_image_review.config\n"][LIT_CHARS " allowTTL: 30\n"][LIT_CHARS " denyTTL: 30\n"][LIT_CHARS " retryBackoff: 500\n"][LIT_CHARS " defaultAllow: true\n"]]} 0), (FilenameRedirectNode filename={[LIT_CHARS /etc/admission_controller.config]} "> 1), > ) ) ) ) ) (FunctionDef create-kubelet-kubeconfig [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Creating kubelet kubeconfig file"]]} ) (If (DBracket {B1 UNARY_STRING_z {[DQ [VarSub KUBELET_CA_CERT test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('KUBELET_CA_CERT', {[DQ [VarSub CA_CERT]]})]) ) (Com {[LIT_CHARS cat]} < (HereDocRedirectNode here_end='EOF' do_expansion=True body_word={[DQ [LIT_CHARS "apiVersion: v1\n"][LIT_CHARS "kind: Config\n"][LIT_CHARS "users:\n"][LIT_CHARS "- name: kubelet\n"][LIT_CHARS " user:\n"][LIT_CHARS " client-certificate-data: "][VarSub KUBELET_CERT][LIT_CHARS "\n"][LIT_CHARS " client-key-data: "][VarSub KUBELET_KEY][LIT_CHARS "\n"][LIT_CHARS "clusters:\n"][LIT_CHARS "- name: local\n"][LIT_CHARS " cluster:\n"][LIT_CHARS " certificate-authority-data: "][VarSub KUBELET_CA_CERT][LIT_CHARS "\n"][LIT_CHARS "contexts:\n"][LIT_CHARS "- context:\n"][LIT_CHARS " cluster: local\n"][LIT_CHARS " user: kubelet\n"][LIT_CHARS " name: service-account-context\n"][LIT_CHARS "current-context: service-account-context\n"]]} 0), (FilenameRedirectNode filename={[LIT_CHARS /var/lib/kubelet/kubeconfig]} "> 1), > ) ) ) (FunctionDef create-master-kubelet-auth [] (If (DBracket {B? LOGICAL_BINARY_AND {B1 UNARY_STRING_n {[DQ [VarSub KUBELET_APISERVER test_op=VS_TEST_COLON_HYPHEN {}]]}} {B? LOGICAL_BINARY_AND {B1 UNARY_STRING_n {[DQ [VarSub KUBELET_CERT test_op=VS_TEST_COLON_HYPHEN {}]]}} {B1 UNARY_STRING_n {[DQ [VarSub KUBELET_KEY test_op=VS_TEST_COLON_HYPHEN {}]]}}}}) (Com {[LIT_CHARS create-kubelet-kubeconfig]} ) ) ) (FunctionDef create-kubeproxy-kubeconfig [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Creating kube-proxy kubeconfig file"]]} ) (Com {[LIT_CHARS cat]} < (HereDocRedirectNode here_end='EOF' do_expansion=True body_word={[DQ [LIT_CHARS "apiVersion: v1\n"][LIT_CHARS "kind: Config\n"][LIT_CHARS "users:\n"][LIT_CHARS "- name: kube-proxy\n"][LIT_CHARS " user:\n"][LIT_CHARS " token: "][VarSub KUBE_PROXY_TOKEN][LIT_CHARS "\n"][LIT_CHARS "clusters:\n"][LIT_CHARS "- name: local\n"][LIT_CHARS " cluster:\n"][LIT_CHARS " certificate-authority-data: "][VarSub CA_CERT][LIT_CHARS "\n"][LIT_CHARS "contexts:\n"][LIT_CHARS "- context:\n"][LIT_CHARS " cluster: local\n"][LIT_CHARS " user: kube-proxy\n"][LIT_CHARS " name: service-account-context\n"][LIT_CHARS "current-context: service-account-context\n"]]} 0), (FilenameRedirectNode filename={[LIT_CHARS /var/lib/kube-proxy/kubeconfig]} "> 1), > ) ) ) (FunctionDef assemble-docker-flags [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Assemble docker command line flags"]]} ) (= scope= flags=0 words=[] bindings=[('docker_opts', {[DQ [LIT_CHARS "-p /var/run/docker.pid --iptables=false --ip-masq=false"]]})]) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub TEST_CLUSTER test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (= scope= flags=0 words=[] bindings=[('docker_opts+', {[DQ [LIT_CHARS " --log-level=debug"]]})]) (ElseTrue) (= scope= flags=0 words=[] bindings=[('docker_opts+', {[DQ [LIT_CHARS " --log-level=warn"]]})]) ) (= scope= flags=0 words=[] bindings=[('use_net_plugin', {[DQ [LIT_CHARS true]]})]) (If (DBracket {B? LOGICAL_BINARY_OR {B2 BINARY_STRING_EQUAL {[DQ [VarSub NETWORK_PROVIDER test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS kubenet]]}} {B2 BINARY_STRING_EQUAL {[DQ [VarSub NETWORK_PROVIDER test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS cni]]}}}) (= scope= flags=0 words=[] bindings=[('docker_opts+', {[DQ [LIT_CHARS " --bip=169.254.123.1/24"]]})]) (ElseTrue) (List (= scope= flags=0 words=[] bindings=[('use_net_plugin', {[DQ [LIT_CHARS false]]})]) (= scope= flags=0 words=[] bindings=[('docker_opts+', {[DQ [LIT_CHARS " --bridge=cbr0"]]})]) ) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub DOCKER_REGISTRY_MIRROR_URL test_op=VS_TEST_COLON_HYPHEN {}]]}}) (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Enable docker registry mirror at: "][VarSub DOCKER_REGISTRY_MIRROR_URL]]} ) (= scope= flags=0 words=[] bindings=[('docker_opts+', {[DQ [LIT_CHARS " --registry-mirror="][VarSub DOCKER_REGISTRY_MIRROR_URL]]})]) ) ) (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "DOCKER_OPTS="][\ LIT_ESCAPED_CHAR "\\\""][VarSub docker_opts][LIT_CHARS " "][VarSub EXTRA_DOCKER_OPTS test_op=VS_TEST_COLON_HYPHEN {}][\ LIT_ESCAPED_CHAR "\\\""]]} < (FilenameRedirectNode filename={[LIT_CHARS /etc/default/docker]} "> 1), > ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub use_net_plugin]]} {[DQ [LIT_CHARS true]]}}) (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Docker command line is updated. Restart docker to pick it up"]]} ) (Com {[LIT_CHARS systemctl]} {[LIT_CHARS restart]} {[LIT_CHARS docker]} ) ) ) ) ) (FunctionDef try-load-docker-image [] (List (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('img', {[VarSub 1]})]) (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Try to load docker image file "][VarSub img]]} ) (Com {[LIT_CHARS set]} {[LIT_OTHER "+"] [LIT_CHARS e]} ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('max_attempts', {[LIT_CHARS 5]})]) (= scope= flags=0 words=[{[LIT_CHARS -i]}] bindings=[('attempt_num', {[LIT_CHARS 1]})]) (While (Com {[LIT_CHARS timeout]} {[LIT_CHARS 30]} {[LIT_CHARS docker]} {[LIT_CHARS load]} {[LIT_CHARS -i]} {[DQ [VarSub img]]} ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub attempt_num]]} {[DQ [VarSub max_attempts]]}}) (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Fail to load docker image file "][VarSub img][LIT_CHARS " after "][VarSub max_attempts][LIT_CHARS " retries. Exist!!"]]} ) (Com {[LIT_CHARS exit]} {[LIT_CHARS 1]} ) ) (ElseTrue) (List (= scope= flags=0 words=[] bindings=[('attempt_num', {[ArithSub {A2 AS_OP_PLUS {A Atom NODE_ARITH_WORD {[VarSub attempt_num]}} {A Atom NODE_ARITH_WORD {[AS_NUM_LITERAL 1]}}}]})]) (Com {[LIT_CHARS sleep]} {[LIT_CHARS 5]} ) ) ) ) (Com {[LIT_CHARS set]} {[LIT_CHARS -e]} ) ) ) (FunctionDef load-docker-images [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Start loading kube-system docker images"]]} ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('img_dir', {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-docker-files]]})]) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub KUBERNETES_MASTER test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (List (Com {[LIT_CHARS try-load-docker-image]} {[DQ [VarSub img_dir][LIT_CHARS /kube-apiserver.tar]]} ) (Com {[LIT_CHARS try-load-docker-image]} {[DQ [VarSub img_dir][LIT_CHARS /kube-controller-manager.tar]]} ) (Com {[LIT_CHARS try-load-docker-image]} {[DQ [VarSub img_dir][LIT_CHARS /kube-scheduler.tar]]} ) ) (ElseTrue) (Com {[LIT_CHARS try-load-docker-image]} {[DQ [VarSub img_dir][LIT_CHARS /kube-proxy.tar]]} ) ) ) ) (FunctionDef start-kubelet [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Start kubelet"]]} ) (= scope= flags=0 words=[] bindings=[('kubelet_bin', {[DQ [VarSub KUBE_HOME][LIT_CHARS /bin/kubelet]]})]) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('version', {[DQ [ComSub (Pipeline (Com {[DQ [VarSub kubelet_bin]]} {[LIT_CHARS --version] [LIT_DBRACKET_LIKE "="] [LIT_CHARS true]}) (Com {[LIT_CHARS cut]} {[LIT_CHARS -f2]} {[LIT_CHARS -d]} {[DQ [LIT_CHARS " "]]}) )]]})]) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('builtin_kubelet', {[DQ [LIT_CHARS /usr/bin/kubelet]]})]) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub TEST_CLUSTER test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (If (DBracket {B1 UNARY_FILE_x {[DQ [VarSub builtin_kubelet]]}}) (List (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('builtin_version', {[DQ [ComSub (Pipeline (Com {[DQ [VarSub builtin_kubelet]]} {[LIT_CHARS --version] [LIT_DBRACKET_LIKE "="] [LIT_CHARS true]}) (Com {[LIT_CHARS cut]} {[LIT_CHARS -f2]} {[LIT_CHARS -d]} {[DQ [LIT_CHARS " "]]}) )]]})]) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub builtin_version]]} {[DQ [VarSub version]]}}) (= scope= flags=0 words=[] bindings=[('kubelet_bin', {[DQ [VarSub builtin_kubelet]]})]) ) ) ) ) (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Using kubelet binary at "][VarSub kubelet_bin]]} ) (= scope= flags=0 words=[] bindings=[('flags', {[DQ [VarSub KUBELET_TEST_LOG_LEVEL test_op=VS_TEST_COLON_HYPHEN {[DQ [LIT_CHARS "--v=2"]]}][LIT_CHARS " "][VarSub KUBELET_TEST_ARGS test_op=VS_TEST_COLON_HYPHEN {}]]})]) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --allow-privileged=true"]]})]) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --babysit-daemons=true"]]})]) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --cgroup-root=/"]]})]) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --cloud-provider=gce"]]})]) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --cluster-dns="][VarSub DNS_SERVER_IP]]})]) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --cluster-domain="][VarSub DNS_DOMAIN]]})]) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --config=/etc/kubernetes/manifests"]]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub KUBELET_PORT test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --port="][VarSub KUBELET_PORT]]})]) ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub KUBERNETES_MASTER test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (List (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --enable-debugging-handlers=false"]]})]) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --hairpin-mode=none"]]})]) (If (DBracket {B? LOGICAL_BINARY_AND {B! {B1 UNARY_STRING_z {[DQ [VarSub KUBELET_APISERVER test_op=VS_TEST_COLON_HYPHEN {}]]}}} {B? LOGICAL_BINARY_AND {B! {B1 UNARY_STRING_z {[DQ [VarSub KUBELET_CERT test_op=VS_TEST_COLON_HYPHEN {}]]}}} {B! {B1 UNARY_STRING_z {[DQ [VarSub KUBELET_KEY test_op=VS_TEST_COLON_HYPHEN {}]]}}}}}) (List (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --api-servers=https://"][VarSub KUBELET_APISERVER]]})]) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --register-schedulable=false"]]})]) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --pod-cidr=10.123.45.0/29"]]})]) ) (ElseTrue) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --pod-cidr="][VarSub MASTER_IP_RANGE]]})]) ) ) (ElseTrue) (List (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --enable-debugging-handlers=true"]]})]) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --api-servers=https://"][VarSub KUBERNETES_MASTER_NAME]]})]) (If (AndOr OP_OR_IF (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub HAIRPIN_MODE test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS promiscuous-bridge]]}}) (AndOr OP_OR_IF (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub HAIRPIN_MODE test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS hairpin-veth]]}}) (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub HAIRPIN_MODE test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS none]]}}) ) ) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --hairpin-mode="][VarSub HAIRPIN_MODE]]})]) ) ) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub NETWORK_PROVIDER test_op=VS_TEST_COLON_HYPHEN {}]]}}) (List (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub NETWORK_PROVIDER test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS cni]]}}) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --cni-bin-dir=/home/kubernetes/bin"]]})]) (ElseTrue) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --network-plugin-dir=/home/kubernetes/bin"]]})]) ) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --network-plugin="][VarSub NETWORK_PROVIDER]]})]) ) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub NON_MASQUERADE_CIDR test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --non-masquerade-cidr="][VarSub NON_MASQUERADE_CIDR]]})]) ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_MANIFEST_URL test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (List (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --manifest-url="][VarSub MANIFEST_URL]]})]) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --manifest-url-header="][VarSub MANIFEST_URL_HEADER]]})]) ) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub ENABLE_CUSTOM_METRICS test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --enable-custom-metrics="][VarSub ENABLE_CUSTOM_METRICS]]})]) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub NODE_LABELS test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --node-labels="][VarSub NODE_LABELS]]})]) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub EVICTION_HARD test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --eviction-hard="][VarSub EVICTION_HARD]]})]) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub FEATURE_GATES test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('flags+', {[DQ [LIT_CHARS " --feature-gates="][VarSub FEATURE_GATES]]})]) ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('kubelet_env_file', {[DQ [LIT_CHARS /etc/default/kubelet]]})]) (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "KUBELET_OPTS="][\ LIT_ESCAPED_CHAR "\\\""][VarSub flags][\ LIT_ESCAPED_CHAR "\\\""]]} < (FilenameRedirectNode filename={[DQ [VarSub kubelet_env_file]]} "> 1), > ) (Com {[LIT_CHARS cat]} < (HereDocRedirectNode here_end='EOF' do_expansion=True body_word={[DQ [LIT_CHARS "[Unit]\n"][LIT_CHARS "Description=Kubernetes kubelet\n"][LIT_CHARS "Requires=network-online.target\n"][LIT_CHARS "After=network-online.target\n"][LIT_CHARS "\n"][LIT_CHARS "[Service]\n"][LIT_CHARS "Restart=always\n"][LIT_CHARS "RestartSec=10\n"][LIT_CHARS "EnvironmentFile="][VarSub kubelet_env_file][LIT_CHARS "\n"][LIT_CHARS "ExecStart="][VarSub kubelet_bin][LIT_CHARS " "][\ LIT_ESCAPED_CHAR "\\$"][LIT_CHARS "KUBELET_OPTS\n"][LIT_CHARS "\n"][LIT_CHARS "[Install]\n"][LIT_CHARS "WantedBy=multi-user.target\n"]]} 0), (FilenameRedirectNode filename={[LIT_CHARS /etc/systemd/system/kubelet.service]} "> 1), > ) (AndOr OP_OR_IF (Com {[LIT_CHARS iptables]} {[LIT_CHARS -t]} {[LIT_CHARS nat]} {[LIT_CHARS -F]} ) (Com {[LIT_CHARS true]} ) ) (Com {[LIT_CHARS systemctl]} {[LIT_CHARS start]} {[LIT_CHARS kubelet.service]} ) ) ) (FunctionDef prepare-log-file [] (List (Com {[LIT_CHARS touch]} {[VarSub 1]} ) (Com {[LIT_CHARS chmod]} {[LIT_CHARS 644]} {[VarSub 1]} ) (Com {[LIT_CHARS chown]} {[LIT_CHARS root] [LIT_OTHER ":"] [LIT_CHARS root]} {[VarSub 1]} ) ) ) (FunctionDef start-kube-proxy [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Start kube-proxy pod"]]} ) (Com {[LIT_CHARS prepare-log-file]} {[LIT_CHARS /var/log/kube-proxy.log]} ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('src_file', {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-manifests/kubernetes/kube-proxy.manifest]]})]) (Com {[LIT_CHARS remove-salt-config-comments]} {[DQ [VarSub src_file]]} ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('kubeconfig', {[DQ [LIT_CHARS "--kubeconfig=/var/lib/kube-proxy/kubeconfig"]]})]) (= scope= flags=0 words=[] bindings=[('kube_docker_registry', {[DQ [LIT_CHARS gcr.io/google_containers]]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub KUBE_DOCKER_REGISTRY test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('kube_docker_registry', {[VarSub KUBE_DOCKER_REGISTRY]})]) ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('kube_proxy_docker_tag', {[ComSub (Com {[LIT_CHARS cat]} {[LIT_CHARS /home/kubernetes/kube-docker-files/kube-proxy.docker_tag]})]})]) (= scope= flags=0 words=[] bindings=[('api_servers', {[DQ [LIT_CHARS "--master=https://"][VarSub KUBERNETES_MASTER_NAME]]})]) (= scope= flags=0 words=[] bindings=[('params', {[DQ [VarSub KUBEPROXY_TEST_LOG_LEVEL test_op=VS_TEST_COLON_HYPHEN {[DQ [LIT_CHARS "--v=2"]]}]]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub FEATURE_GATES test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --feature-gates="][VarSub FEATURE_GATES]]})]) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub KUBEPROXY_TEST_ARGS test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " "][VarSub KUBEPROXY_TEST_ARGS]]})]) ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{kubeconfig}}@"][VarSub kubeconfig][LIT_CHARS "@g"]]} {[VarSub src_file]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'kube_docker_registry'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS "}}@"][VarSub kube_docker_registry][LIT_CHARS "@g"]]} {[VarSub src_file]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'kube-proxy_docker_tag'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS "}}@"][VarSub kube_proxy_docker_tag][LIT_CHARS "@g"]]} {[VarSub src_file]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{params}}@"][VarSub params][LIT_CHARS "@g"]]} {[VarSub src_file]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ cpurequest }}@100m@g"]]} {[VarSub src_file]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{api_servers_with_port}}@"][VarSub api_servers][LIT_CHARS "@g"]]} {[VarSub src_file]} ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub CLUSTER_IP_RANGE test_op=VS_TEST_COLON_HYPHEN {}]]}}) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{cluster_cidr}}@--cluster-cidr="][VarSub CLUSTER_IP_RANGE][LIT_CHARS "@g"]]} {[VarSub src_file]} ) ) (Com {[LIT_CHARS cp]} {[DQ [VarSub src_file]]} {[LIT_CHARS /etc/kubernetes/manifests]} ) ) ) (FunctionDef prepare-etcd-manifest [] (List (= scope= flags=0 words=[] bindings=[('host_name', {[ComSub (Com {[LIT_CHARS hostname]})]})]) (= scope= flags=0 words=[] bindings=[('etcd_cluster', {[DQ ]})]) (= scope= flags=0 words=[] bindings=[('cluster_state', {[DQ [LIT_CHARS new]]})]) (For host [{[ComSub (Pipeline (Com {[LIT_CHARS echo]} {[DQ [VarSub INITIAL_ETCD_CLUSTER test_op=VS_TEST_COLON_HYPHEN {[VarSub host_name]}]]}) (Com {[LIT_CHARS tr]} {[DQ [LIT_CHARS ","]]} {[DQ [\ LIT_ESCAPED_CHAR "\\n"]]}) )]}]) (List (= scope= flags=0 words=[] bindings=[('etcd_host', {[DQ [LIT_CHARS etcd-][VarSub host][LIT_CHARS "=http://"][VarSub host][LIT_CHARS ":"][VarSub 3]]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub etcd_cluster]]}}) (List (= scope= flags=0 words=[] bindings=[('etcd_cluster+', {[DQ [LIT_CHARS ","]]})]) (= scope= flags=0 words=[] bindings=[('cluster_state', {[DQ [LIT_CHARS existing]]})]) ) ) (= scope= flags=0 words=[] bindings=[('etcd_cluster+', {[DQ [VarSub etcd_host]]})]) ) ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('temp_file', {[DQ [LIT_CHARS /tmp/][VarSub 5]]})]) (Com {[LIT_CHARS cp]} {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-manifests/kubernetes/gci-trusty/etcd.manifest]]} {[DQ [VarSub temp_file]]} ) (Com {[LIT_CHARS remove-salt-config-comments]} {[DQ [VarSub temp_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *suffix *}}@"][VarSub 1][LIT_CHARS "@g"]]} {[DQ [VarSub temp_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *port *}}@"][VarSub 2][LIT_CHARS "@g"]]} {[DQ [VarSub temp_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *server_port *}}@"][VarSub 3][LIT_CHARS "@g"]]} {[DQ [VarSub temp_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *cpulimit *}}@"][\ LIT_ESCAPED_CHAR "\\\""][VarSub 4][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS "@g"]]} {[DQ [VarSub temp_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *hostname *}}@"][VarSub host_name][LIT_CHARS "@g"]]} {[DQ [VarSub temp_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *etcd_cluster *}}@"][VarSub etcd_cluster][LIT_CHARS "@g"]]} {[DQ [VarSub temp_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *storage_backend *}}@"][VarSub STORAGE_BACKEND test_op=VS_TEST_COLON_HYPHEN {}][LIT_CHARS "@g"]]} {[DQ [VarSub temp_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *cluster_state *}}@"][VarSub cluster_state][LIT_CHARS "@g"]]} {[DQ [VarSub temp_file]]} ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub ETCD_VERSION test_op=VS_TEST_COLON_HYPHEN {}]]}}) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *pillar"][\ LIT_ESCAPED_CHAR "\\."][LIT_CHARS "get('etcd_docker_tag', '"][\ LIT_ESCAPED_CHAR "\\("][LIT_CHARS ".*"][\ LIT_ESCAPED_CHAR "\\)"][LIT_CHARS "') *}}@"][VarSub ETCD_VERSION][LIT_CHARS "@g"]]} {[DQ [VarSub temp_file]]} ) (ElseTrue) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *pillar"][\ LIT_ESCAPED_CHAR "\\."][LIT_CHARS "get('etcd_docker_tag', '"][\ LIT_ESCAPED_CHAR "\\("][LIT_CHARS ".*"][\ LIT_ESCAPED_CHAR "\\)"][LIT_CHARS "') *}}@"][\ LIT_ESCAPED_CHAR "\\1"][LIT_CHARS "@g"]]} {[DQ [VarSub temp_file]]} ) ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@/mnt/master-pd/var/etcd@/mnt/disks/master-pd/var/etcd@g"]]} {[DQ [VarSub temp_file]]} ) (Com {[LIT_CHARS mv]} {[DQ [VarSub temp_file]]} {[LIT_CHARS /etc/kubernetes/manifests]} ) ) ) (FunctionDef start-etcd-empty-dir-cleanup-pod [] (Com {[LIT_CHARS cp]} {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-manifests/kubernetes/gci-trusty/etcd-empty-dir-cleanup/etcd-empty-dir-cleanup.yaml]]} {[DQ [LIT_CHARS /etc/kubernetes/manifests]]} ) ) (FunctionDef start-etcd-servers [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Start etcd pods"]]} ) (If (DBracket {B1 UNARY_FILE_d {[LIT_CHARS /etc/etcd]}}) (Com {[LIT_CHARS rm]} {[LIT_CHARS -rf]} {[LIT_CHARS /etc/etcd]} ) ) (If (DBracket {B1 UNARY_FILE_e {[LIT_CHARS /etc/default/etcd]}}) (Com {[LIT_CHARS rm]} {[LIT_CHARS -f]} {[LIT_CHARS /etc/default/etcd]} ) ) (If (DBracket {B1 UNARY_FILE_e {[LIT_CHARS /etc/systemd/system/etcd.service]}}) (Com {[LIT_CHARS rm]} {[LIT_CHARS -f]} {[LIT_CHARS /etc/systemd/system/etcd.service]} ) ) (If (DBracket {B1 UNARY_FILE_e {[LIT_CHARS /etc/init.d/etcd]}}) (Com {[LIT_CHARS rm]} {[LIT_CHARS -f]} {[LIT_CHARS /etc/init.d/etcd]} ) ) (Com {[LIT_CHARS prepare-log-file]} {[LIT_CHARS /var/log/etcd.log]} ) (Com {[LIT_CHARS prepare-etcd-manifest]} {[DQ ]} {[DQ [LIT_CHARS 2379]]} {[DQ [LIT_CHARS 2380]]} {[DQ [LIT_CHARS 200m]]} {[DQ [LIT_CHARS etcd.manifest]]} ) (Com {[LIT_CHARS prepare-log-file]} {[LIT_CHARS /var/log/etcd-events.log]} ) (Com {[LIT_CHARS prepare-etcd-manifest]} {[DQ [LIT_CHARS -events]]} {[DQ [LIT_CHARS 4002]]} {[DQ [LIT_CHARS 2381]]} {[DQ [LIT_CHARS 100m]]} {[DQ [LIT_CHARS etcd-events.manifest]]} ) ) ) (FunctionDef compute-master-manifest-variables [] (List (= scope= flags=0 words=[] bindings=[('CLOUD_CONFIG_OPT', {[DQ ]})]) (= scope= flags=0 words=[] bindings=[('CLOUD_CONFIG_VOLUME', {[DQ ]})]) (= scope= flags=0 words=[] bindings=[('CLOUD_CONFIG_MOUNT', {[DQ ]})]) (If (DBracket {B1 UNARY_FILE_f {[LIT_CHARS /etc/gce.conf]}}) (List (= scope= flags=0 words=[] bindings=[('CLOUD_CONFIG_OPT', {[DQ [LIT_CHARS "--cloud-config=/etc/gce.conf"]]})]) (= scope= flags=0 words=[] bindings=[('CLOUD_CONFIG_VOLUME', {[DQ [LIT_CHARS "{"][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS name][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS cloudconfigmount][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ","][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS hostPath][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": {"][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS path][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS /etc/gce.conf][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS "}},"]]})]) (= scope= flags=0 words=[] bindings=[('CLOUD_CONFIG_MOUNT', {[DQ [LIT_CHARS "{"][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS name][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS cloudconfigmount][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ","][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS mountPath][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS /etc/gce.conf][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ", "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS readOnly][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": true},"]]})]) ) ) (= scope= flags=0 words=[] bindings=[('DOCKER_REGISTRY', {[DQ [LIT_CHARS gcr.io/google_containers]]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub KUBE_DOCKER_REGISTRY test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('DOCKER_REGISTRY', {[DQ [VarSub KUBE_DOCKER_REGISTRY]]})]) ) ) ) (FunctionDef remove-salt-config-comments [] (List (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[DQ [LIT_CHARS "/^[ |"][\ LIT_ESCAPED_CHAR "\\t"][LIT_CHARS "]*{[#|%]/d"]]} {[VarSub 1]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[DQ [LIT_CHARS "/^[ |"][\ LIT_ESCAPED_CHAR "\\t"][LIT_CHARS "]*#/d"]]} {[VarSub 1]} ) ) ) (FunctionDef start-kube-apiserver [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Start kubernetes api-server"]]} ) (Com {[LIT_CHARS prepare-log-file]} {[LIT_CHARS /var/log/kube-apiserver.log]} ) (= scope= flags=0 words=[] bindings=[('params', {[DQ [VarSub API_SERVER_TEST_LOG_LEVEL test_op=VS_TEST_COLON_HYPHEN {[DQ [LIT_CHARS "--v=2"]]}][LIT_CHARS " "][VarSub APISERVER_TEST_ARGS test_op=VS_TEST_COLON_HYPHEN {}][LIT_CHARS " "][VarSub CLOUD_CONFIG_OPT]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --address=127.0.0.1"]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --allow-privileged=true"]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --authorization-policy-file=/etc/srv/kubernetes/abac-authz-policy.jsonl"]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --basic-auth-file=/etc/srv/kubernetes/basic_auth.csv"]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --cloud-provider=gce"]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --client-ca-file=/etc/srv/kubernetes/ca.crt"]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --etcd-servers=http://127.0.0.1:2379"]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --etcd-servers-overrides=/events#http://127.0.0.1:4002"]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --secure-port=443"]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --tls-cert-file=/etc/srv/kubernetes/server.cert"]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --tls-private-key-file=/etc/srv/kubernetes/server.key"]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --token-auth-file=/etc/srv/kubernetes/known_tokens.csv"]]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub STORAGE_BACKEND test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --storage-backend="][VarSub STORAGE_BACKEND]]})]) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub ENABLE_GARBAGE_COLLECTOR test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --enable-garbage-collector="][VarSub ENABLE_GARBAGE_COLLECTOR]]})]) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub NUM_NODES test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --target-ram-mb="][ArithSub {A2 AS_OP_STAR {A Atom NODE_ARITH_WORD {[VarSub NUM_NODES]}} {A Atom NODE_ARITH_WORD {[AS_NUM_LITERAL 60]}}}]]})]) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub SERVICE_CLUSTER_IP_RANGE test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --service-cluster-ip-range="][VarSub SERVICE_CLUSTER_IP_RANGE]]})]) ) (= scope= flags=0 words=[] bindings=[('admission_controller_config_mount', {[DQ ]})]) (= scope= flags=0 words=[] bindings=[('admission_controller_config_volume', {[DQ ]})]) (= scope= flags=0 words=[] bindings=[('image_policy_webhook_config_mount', {[DQ ]})]) (= scope= flags=0 words=[] bindings=[('image_policy_webhook_config_volume', {[DQ ]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub ADMISSION_CONTROL test_op=VS_TEST_COLON_HYPHEN {}]]}}) (List (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --admission-control="][VarSub ADMISSION_CONTROL]]})]) (If (DBracket {B2 BINARY_STRING_EQUAL {[VarSub ADMISSION_CONTROL]} {[LIT_OTHER "*"] [DQ [LIT_CHARS ImagePolicyWebhook]] [LIT_OTHER "*"]}}) (List (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --admission-control-config-file=/etc/admission_controller.config"]]})]) (= scope= flags=0 words=[] bindings=[('admission_controller_config_mount', {[DQ [LIT_CHARS "{"][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS name][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS admissioncontrollerconfigmount][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ","][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS mountPath][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS /etc/admission_controller.config][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ", "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS readOnly][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": false},"]]})]) (= scope= flags=0 words=[] bindings=[('admission_controller_config_volume', {[DQ [LIT_CHARS "{"][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS name][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS admissioncontrollerconfigmount][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ","][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS hostPath][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": {"][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS path][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS /etc/admission_controller.config][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS "}},"]]})]) (= scope= flags=0 words=[] bindings=[('image_policy_webhook_config_mount', {[DQ [LIT_CHARS "{"][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS name][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS imagepolicywebhookconfigmount][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ","][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS mountPath][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS /etc/gcp_image_review.config][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ", "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS readOnly][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": false},"]]})]) (= scope= flags=0 words=[] bindings=[('image_policy_webhook_config_volume', {[DQ [LIT_CHARS "{"][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS name][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS imagepolicywebhookconfigmount][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ","][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS hostPath][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": {"][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS path][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS /etc/gcp_image_review.config][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS "}},"]]})]) ) ) ) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub KUBE_APISERVER_REQUEST_TIMEOUT test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --min-request-timeout="][VarSub KUBE_APISERVER_REQUEST_TIMEOUT]]})]) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub RUNTIME_CONFIG test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --runtime-config="][VarSub RUNTIME_CONFIG]]})]) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub FEATURE_GATES test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --feature-gates="][VarSub FEATURE_GATES]]})]) ) (If (DBracket {B? LOGICAL_BINARY_AND {B1 UNARY_STRING_n {[DQ [VarSub PROJECT_ID test_op=VS_TEST_COLON_HYPHEN {}]]}} {B? LOGICAL_BINARY_AND {B1 UNARY_STRING_n {[DQ [VarSub TOKEN_URL test_op=VS_TEST_COLON_HYPHEN {}]]}} {B? LOGICAL_BINARY_AND {B1 UNARY_STRING_n {[DQ [VarSub TOKEN_BODY test_op=VS_TEST_COLON_HYPHEN {}]]}} {B1 UNARY_STRING_n {[DQ [VarSub NODE_NETWORK test_op=VS_TEST_COLON_HYPHEN {}]]}}}}}) (List (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('vm_external_ip', {[ComSub (Com {[LIT_CHARS curl]} {[LIT_CHARS --retry]} {[LIT_CHARS 5]} {[LIT_CHARS --retry-delay]} {[LIT_CHARS 3]} {[LIT_CHARS --fail]} {[LIT_CHARS --silent]} {[LIT_CHARS -H]} {[SQ ]} {[DQ [LIT_CHARS "http://metadata/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip"]]})]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --advertise-address="][VarSub vm_external_ip]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --ssh-user="][VarSub PROXY_SSH_USER]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --ssh-keyfile=/etc/srv/sshproxy/.sshkeyfile"]]})]) ) ) (= scope= flags=0 words=[] bindings=[('webhook_authn_config_mount', {[DQ ]})]) (= scope= flags=0 words=[] bindings=[('webhook_authn_config_volume', {[DQ ]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub GCP_AUTHN_URL test_op=VS_TEST_COLON_HYPHEN {}]]}}) (List (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --authentication-token-webhook-config-file=/etc/gcp_authn.config"]]})]) (= scope= flags=0 words=[] bindings=[('webhook_authn_config_mount', {[DQ [LIT_CHARS "{"][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS name][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS webhookauthnconfigmount][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ","][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS mountPath][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS /etc/gcp_authn.config][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ", "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS readOnly][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": false},"]]})]) (= scope= flags=0 words=[] bindings=[('webhook_authn_config_volume', {[DQ [LIT_CHARS "{"][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS name][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS webhookauthnconfigmount][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ","][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS hostPath][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": {"][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS path][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS /etc/gcp_authn.config][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS "}},"]]})]) ) ) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --authorization-mode=ABAC"]]})]) (= scope= flags=0 words=[] bindings=[('webhook_config_mount', {[DQ ]})]) (= scope= flags=0 words=[] bindings=[('webhook_config_volume', {[DQ ]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub GCP_AUTHZ_URL test_op=VS_TEST_COLON_HYPHEN {}]]}}) (List (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS ",Webhook --authorization-webhook-config-file=/etc/gcp_authz.config"]]})]) (= scope= flags=0 words=[] bindings=[('webhook_config_mount', {[DQ [LIT_CHARS "{"][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS name][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS webhookconfigmount][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ","][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS mountPath][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS /etc/gcp_authz.config][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ", "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS readOnly][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": false},"]]})]) (= scope= flags=0 words=[] bindings=[('webhook_config_volume', {[DQ [LIT_CHARS "{"][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS name][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS webhookconfigmount][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ","][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS hostPath][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": {"][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS path][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS ": "][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS /etc/gcp_authz.config][\ LIT_ESCAPED_CHAR "\\\""][LIT_CHARS "}},"]]})]) ) ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('src_dir', {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-manifests/kubernetes/gci-trusty]]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub KUBE_USER test_op=VS_TEST_COLON_HYPHEN {}]]}}) (List (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('abac_policy_json', {[DQ [VarSub src_dir][LIT_CHARS /abac-authz-policy.jsonl]]})]) (Com {[LIT_CHARS remove-salt-config-comments]} {[DQ [VarSub abac_policy_json]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s/{{kube_user}}/"][VarSub KUBE_USER][LIT_CHARS /g]]} {[DQ [VarSub abac_policy_json]]} ) (Com {[LIT_CHARS cp]} {[DQ [VarSub abac_policy_json]]} {[LIT_CHARS /etc/srv/kubernetes/]} ) ) ) (= scope= flags=0 words=[] bindings=[('src_file', {[DQ [VarSub src_dir][LIT_CHARS /kube-apiserver.manifest]]})]) (Com {[LIT_CHARS remove-salt-config-comments]} {[DQ [VarSub src_file]]} ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('kube_apiserver_docker_tag', {[ComSub (Com {[LIT_CHARS cat]} {[LIT_CHARS /home/kubernetes/kube-docker-files/kube-apiserver.docker_tag]})]})]) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{params}}@"][VarSub params][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{srv_kube_path}}@/etc/srv/kubernetes@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{srv_sshproxy_path}}@/etc/srv/sshproxy@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{cloud_config_mount}}@"][VarSub CLOUD_CONFIG_MOUNT][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{cloud_config_volume}}@"][VarSub CLOUD_CONFIG_VOLUME][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'kube_docker_registry'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS "}}@"][VarSub DOCKER_REGISTRY][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'kube-apiserver_docker_tag'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS "}}@"][VarSub kube_apiserver_docker_tag][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'allow_privileged'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS "}}@true@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{secure_port}}@443@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{secure_port}}@8080@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{additional_cloud_config_mount}}@@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{additional_cloud_config_volume}}@@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{webhook_authn_config_mount}}@"][VarSub webhook_authn_config_mount][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{webhook_authn_config_volume}}@"][VarSub webhook_authn_config_volume][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{webhook_config_mount}}@"][VarSub webhook_config_mount][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{webhook_config_volume}}@"][VarSub webhook_config_volume][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{admission_controller_config_mount}}@"][VarSub admission_controller_config_mount][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{admission_controller_config_volume}}@"][VarSub admission_controller_config_volume][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{image_policy_webhook_config_mount}}@"][VarSub image_policy_webhook_config_mount][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{image_policy_webhook_config_volume}}@"][VarSub image_policy_webhook_config_volume][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS cp]} {[DQ [VarSub src_file]]} {[LIT_CHARS /etc/kubernetes/manifests]} ) ) ) (FunctionDef start-kube-controller-manager [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Start kubernetes controller-manager"]]} ) (Com {[LIT_CHARS prepare-log-file]} {[LIT_CHARS /var/log/kube-controller-manager.log]} ) (= scope= flags=0 words=[] bindings=[('params', {[DQ [VarSub CONTROLLER_MANAGER_TEST_LOG_LEVEL test_op=VS_TEST_COLON_HYPHEN {[DQ [LIT_CHARS "--v=2"]]}][LIT_CHARS " "][VarSub CONTROLLER_MANAGER_TEST_ARGS test_op=VS_TEST_COLON_HYPHEN {}][LIT_CHARS " "][VarSub CLOUD_CONFIG_OPT]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --cloud-provider=gce"]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --master=127.0.0.1:8080"]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --root-ca-file=/etc/srv/kubernetes/ca.crt"]]})]) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --service-account-private-key-file=/etc/srv/kubernetes/server.key"]]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub ENABLE_GARBAGE_COLLECTOR test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --enable-garbage-collector="][VarSub ENABLE_GARBAGE_COLLECTOR]]})]) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub INSTANCE_PREFIX test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --cluster-name="][VarSub INSTANCE_PREFIX]]})]) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub CLUSTER_IP_RANGE test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --cluster-cidr="][VarSub CLUSTER_IP_RANGE]]})]) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub SERVICE_CLUSTER_IP_RANGE test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --service-cluster-ip-range="][VarSub SERVICE_CLUSTER_IP_RANGE]]})]) ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub NETWORK_PROVIDER test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS kubenet]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --allocate-node-cidrs=true"]]})]) (DBracket {B1 UNARY_STRING_n {[DQ [VarSub ALLOCATE_NODE_CIDRS test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --allocate-node-cidrs="][VarSub ALLOCATE_NODE_CIDRS]]})]) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub TERMINATED_POD_GC_THRESHOLD test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --terminated-pod-gc-threshold="][VarSub TERMINATED_POD_GC_THRESHOLD]]})]) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub FEATURE_GATES test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --feature-gates="][VarSub FEATURE_GATES]]})]) ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('kube_rc_docker_tag', {[ComSub (Com {[LIT_CHARS cat]} {[LIT_CHARS /home/kubernetes/kube-docker-files/kube-controller-manager.docker_tag]})]})]) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('src_file', {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-manifests/kubernetes/gci-trusty/kube-controller-manager.manifest]]})]) (Com {[LIT_CHARS remove-salt-config-comments]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{srv_kube_path}}@/etc/srv/kubernetes@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'kube_docker_registry'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS "}}@"][VarSub DOCKER_REGISTRY][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'kube-controller-manager_docker_tag'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS "}}@"][VarSub kube_rc_docker_tag][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{params}}@"][VarSub params][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{cloud_config_mount}}@"][VarSub CLOUD_CONFIG_MOUNT][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{cloud_config_volume}}@"][VarSub CLOUD_CONFIG_VOLUME][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{additional_cloud_config_mount}}@@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{additional_cloud_config_volume}}@@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS cp]} {[DQ [VarSub src_file]]} {[LIT_CHARS /etc/kubernetes/manifests]} ) ) ) (FunctionDef start-kube-scheduler [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Start kubernetes scheduler"]]} ) (Com {[LIT_CHARS prepare-log-file]} {[LIT_CHARS /var/log/kube-scheduler.log]} ) (= scope= flags=0 words=[] bindings=[('params', {[DQ [VarSub SCHEDULER_TEST_LOG_LEVEL test_op=VS_TEST_COLON_HYPHEN {[DQ [LIT_CHARS "--v=2"]]}][LIT_CHARS " "][VarSub SCHEDULER_TEST_ARGS test_op=VS_TEST_COLON_HYPHEN {}]]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub FEATURE_GATES test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --feature-gates="][VarSub FEATURE_GATES]]})]) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub SCHEDULING_ALGORITHM_PROVIDER test_op=VS_TEST_COLON_HYPHEN {}]]}}) (= scope= flags=0 words=[] bindings=[('params+', {[DQ [LIT_CHARS " --algorithm-provider="][VarSub SCHEDULING_ALGORITHM_PROVIDER]]})]) ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('kube_scheduler_docker_tag', {[ComSub (Com {[LIT_CHARS cat]} {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-docker-files/kube-scheduler.docker_tag]]})]})]) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('src_file', {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-manifests/kubernetes/gci-trusty/kube-scheduler.manifest]]})]) (Com {[LIT_CHARS remove-salt-config-comments]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{params}}@"][VarSub params][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'kube_docker_registry'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS "}}@"][VarSub DOCKER_REGISTRY][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'kube-scheduler_docker_tag'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS "}}@"][VarSub kube_scheduler_docker_tag][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS cp]} {[DQ [VarSub src_file]]} {[LIT_CHARS /etc/kubernetes/manifests]} ) ) ) (FunctionDef start-cluster-autoscaler [] (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_CLUSTER_AUTOSCALER test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Start kubernetes cluster autoscaler"]]} ) (Com {[LIT_CHARS prepare-log-file]} {[LIT_CHARS /var/log/cluster-autoscaler.log]} ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('src_file', {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-manifests/kubernetes/gci-trusty/cluster-autoscaler.manifest]]})]) (Com {[LIT_CHARS remove-salt-config-comments]} {[DQ [VarSub src_file]]} ) (= scope= flags=0 words=[] bindings=[('params', {[DQ [VarSub AUTOSCALER_MIG_CONFIG][LIT_CHARS " "][VarSub CLOUD_CONFIG_OPT]]})]) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{params}}@"][VarSub params][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{cloud_config_mount}}@"][VarSub CLOUD_CONFIG_MOUNT][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{cloud_config_volume}}@"][VarSub CLOUD_CONFIG_VOLUME][LIT_CHARS "@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{%.*%}@@g"]]} {[DQ [VarSub src_file]]} ) (Com {[LIT_CHARS cp]} {[DQ [VarSub src_file]]} {[LIT_CHARS /etc/kubernetes/manifests]} ) ) ) ) (FunctionDef setup-addon-manifests [] (List (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('src_dir', {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-manifests/kubernetes/gci-trusty/][VarSub 2]]})]) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('dst_dir', {[DQ [LIT_CHARS /etc/kubernetes/][VarSub 1][LIT_CHARS /][VarSub 2]]})]) (If (DBracket {B! {B1 UNARY_FILE_d {[DQ [VarSub dst_dir]]}}}) (Com {[LIT_CHARS mkdir]} {[LIT_CHARS -p]} {[DQ [VarSub dst_dir]]} ) ) (= scope= flags=0 words=[] bindings=[('files', {[ComSub (Com {[LIT_CHARS find]} {[DQ [VarSub src_dir]]} {[LIT_CHARS -maxdepth]} {[LIT_CHARS 1]} {[LIT_CHARS -name]} {[DQ [LIT_CHARS "*.yaml"]]})]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub files]]}}) (Com {[LIT_CHARS cp]} {[DQ [VarSub src_dir][LIT_CHARS /]] [LIT_OTHER "*"] [LIT_CHARS .yaml]} {[DQ [VarSub dst_dir]]} ) ) (= scope= flags=0 words=[] bindings=[('files', {[ComSub (Com {[LIT_CHARS find]} {[DQ [VarSub src_dir]]} {[LIT_CHARS -maxdepth]} {[LIT_CHARS 1]} {[LIT_CHARS -name]} {[DQ [LIT_CHARS "*.json"]]})]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub files]]}}) (Com {[LIT_CHARS cp]} {[DQ [VarSub src_dir][LIT_CHARS /]] [LIT_OTHER "*"] [LIT_CHARS .json]} {[DQ [VarSub dst_dir]]} ) ) (= scope= flags=0 words=[] bindings=[('files', {[ComSub (Com {[LIT_CHARS find]} {[DQ [VarSub src_dir]]} {[LIT_CHARS -maxdepth]} {[LIT_CHARS 1]} {[LIT_CHARS -name]} {[DQ [LIT_CHARS "*.yaml.in"]]})]})]) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub files]]}}) (Com {[LIT_CHARS cp]} {[DQ [VarSub src_dir][LIT_CHARS /]] [LIT_OTHER "*"] [LIT_CHARS .yaml.in]} {[DQ [VarSub dst_dir]]} ) ) (Com {[LIT_CHARS chown]} {[LIT_CHARS -R]} {[LIT_CHARS root] [LIT_OTHER ":"] [LIT_CHARS root]} {[DQ [VarSub dst_dir]]} ) (Com {[LIT_CHARS chmod]} {[LIT_CHARS 755]} {[DQ [VarSub dst_dir]]} ) (Com {[LIT_CHARS chmod]} {[LIT_CHARS 644]} {[DQ [VarSub dst_dir]] [LIT_CHARS /] [LIT_OTHER "*"]} ) ) ) (FunctionDef start-kube-addons [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Prepare kube-addons manifests and start kube addon manager"]]} ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('src_dir', {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-manifests/kubernetes/gci-trusty]]})]) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('dst_dir', {[DQ [LIT_CHARS /etc/kubernetes/addons]]})]) (If (AndOr OP_OR_IF (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_CLUSTER_MONITORING test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS influxdb]]}}) (AndOr OP_OR_IF (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_CLUSTER_MONITORING test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS google]]}}) (AndOr OP_OR_IF (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_CLUSTER_MONITORING test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS standalone]]}}) (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_CLUSTER_MONITORING test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS googleinfluxdb]]}}) ) ) ) (List (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('file_dir', {[DQ [LIT_CHARS cluster-monitoring/][VarSub ENABLE_CLUSTER_MONITORING]]})]) (Com {[LIT_CHARS setup-addon-manifests]} {[DQ [LIT_CHARS addons]]} {[DQ [VarSub file_dir]]} ) (= scope= flags=0 words=[] bindings=[('base_metrics_memory', {[DQ [LIT_CHARS 140Mi]]})]) (= scope= flags=0 words=[] bindings=[('metrics_memory', {[DQ [VarSub base_metrics_memory]]})]) (= scope= flags=0 words=[] bindings=[('base_eventer_memory', {[DQ [LIT_CHARS 190Mi]]})]) (= scope= flags=0 words=[] bindings=[('base_metrics_cpu', {[DQ [LIT_CHARS 80m]]})]) (= scope= flags=0 words=[] bindings=[('metrics_cpu', {[DQ [VarSub base_metrics_cpu]]})]) (= scope= flags=0 words=[] bindings=[('eventer_memory', {[DQ [VarSub base_eventer_memory]]})]) (= scope= flags=0 words=[] bindings=[('nanny_memory', {[DQ [LIT_CHARS 90Mi]]})]) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('metrics_memory_per_node', {[DQ [LIT_CHARS 4]]})]) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('metrics_cpu_per_node', {[DQ [LIT_CHARS 0.5]]})]) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('eventer_memory_per_node', {[DQ [LIT_CHARS 500]]})]) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('nanny_memory_per_node', {[DQ [LIT_CHARS 200]]})]) (If (DBracket {B? LOGICAL_BINARY_AND {B1 UNARY_STRING_n {[DQ [VarSub NUM_NODES test_op=VS_TEST_COLON_HYPHEN {}]]}} {B2 BINARY_INT_GE {[DQ [VarSub NUM_NODES]]} {[LIT_CHARS 1]}}}) (List (= scope= flags=0 words=[] bindings=[('num_kube_nodes', {[DQ [ArithSub {A2 AS_OP_PLUS {A Atom NODE_ARITH_WORD {[VarSub NUM_NODES]}} {A Atom NODE_ARITH_WORD {[AS_NUM_LITERAL 1]}}}]]})]) (= scope= flags=0 words=[] bindings=[('metrics_memory', {[DQ [ArithSub {A2 AS_OP_PLUS {A2 AS_OP_STAR {A Atom NODE_ARITH_WORD {[VarSub num_kube_nodes]}} {A Atom NODE_ARITH_WORD {[VarSub metrics_memory_per_node]}}} {A Atom NODE_ARITH_WORD {[AS_NUM_LITERAL 200]}}}][LIT_CHARS Mi]]})]) (= scope= flags=0 words=[] bindings=[('eventer_memory', {[DQ [ArithSub {A2 AS_OP_PLUS {A2 AS_OP_STAR {A Atom NODE_ARITH_WORD {[VarSub num_kube_nodes]}} {A Atom NODE_ARITH_WORD {[VarSub eventer_memory_per_node]}}} {A2 AS_OP_STAR {A Atom NODE_ARITH_WORD {[AS_NUM_LITERAL 200]}} {A Atom NODE_ARITH_WORD {[AS_NUM_LITERAL 1024]}}}}][LIT_CHARS Ki]]})]) (= scope= flags=0 words=[] bindings=[('nanny_memory', {[DQ [ArithSub {A2 AS_OP_PLUS {A2 AS_OP_STAR {A Atom NODE_ARITH_WORD {[VarSub num_kube_nodes]}} {A Atom NODE_ARITH_WORD {[VarSub nanny_memory_per_node]}}} {A2 AS_OP_STAR {A Atom NODE_ARITH_WORD {[AS_NUM_LITERAL 90]}} {A Atom NODE_ARITH_WORD {[AS_NUM_LITERAL 1024]}}}}][LIT_CHARS Ki]]})]) (= scope= flags=0 words=[] bindings=[('metrics_cpu', {[ComSub (Pipeline (Com {[LIT_CHARS echo]} {[LIT_CHARS -]}) (Com {[LIT_CHARS awk]} {[DQ [LIT_CHARS "{print "][VarSub num_kube_nodes][LIT_CHARS " * "][VarSub metrics_cpu_per_node][LIT_CHARS " + 80}"]]}) )] [LIT_CHARS m]})]) ) ) (= scope= flags=0 words=[] bindings=[('controller_yaml', {[DQ [VarSub dst_dir][LIT_CHARS /][VarSub file_dir]]})]) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_CLUSTER_MONITORING test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS googleinfluxdb]]}}) (= scope= flags=0 words=[] bindings=[('controller_yaml', {[DQ [VarSub controller_yaml][LIT_CHARS /heapster-controller-combined.yaml]]})]) (ElseTrue) (= scope= flags=0 words=[] bindings=[('controller_yaml', {[DQ [VarSub controller_yaml][LIT_CHARS /heapster-controller.yaml]]})]) ) (Com {[LIT_CHARS remove-salt-config-comments]} {[DQ [VarSub controller_yaml]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *base_metrics_memory *}}@"][VarSub base_metrics_memory][LIT_CHARS "@g"]]} {[DQ [VarSub controller_yaml]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *metrics_memory *}}@"][VarSub metrics_memory][LIT_CHARS "@g"]]} {[DQ [VarSub controller_yaml]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *base_metrics_cpu *}}@"][VarSub base_metrics_cpu][LIT_CHARS "@g"]]} {[DQ [VarSub controller_yaml]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *metrics_cpu *}}@"][VarSub metrics_cpu][LIT_CHARS "@g"]]} {[DQ [VarSub controller_yaml]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *base_eventer_memory *}}@"][VarSub base_eventer_memory][LIT_CHARS "@g"]]} {[DQ [VarSub controller_yaml]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *eventer_memory *}}@"][VarSub eventer_memory][LIT_CHARS "@g"]]} {[DQ [VarSub controller_yaml]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *metrics_memory_per_node *}}@"][VarSub metrics_memory_per_node][LIT_CHARS "@g"]]} {[DQ [VarSub controller_yaml]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *eventer_memory_per_node *}}@"][VarSub eventer_memory_per_node][LIT_CHARS "@g"]]} {[DQ [VarSub controller_yaml]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *nanny_memory *}}@"][VarSub nanny_memory][LIT_CHARS "@g"]]} {[DQ [VarSub controller_yaml]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *metrics_cpu_per_node *}}@"][VarSub metrics_cpu_per_node][LIT_CHARS "@g"]]} {[DQ [VarSub controller_yaml]]} ) ) ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_CLUSTER_DNS test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (List (Com {[LIT_CHARS setup-addon-manifests]} {[DQ [LIT_CHARS addons]]} {[DQ [LIT_CHARS dns]]} ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('dns_rc_file', {[DQ [VarSub dst_dir][LIT_CHARS /dns/skydns-rc.yaml]]})]) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('dns_svc_file', {[DQ [VarSub dst_dir][LIT_CHARS /dns/skydns-svc.yaml]]})]) (Com {[LIT_CHARS mv]} {[DQ [VarSub dst_dir][LIT_CHARS /dns/skydns-rc.yaml.in]]} {[DQ [VarSub dns_rc_file]]} ) (Com {[LIT_CHARS mv]} {[DQ [VarSub dst_dir][LIT_CHARS /dns/skydns-svc.yaml.in]]} {[DQ [VarSub dns_svc_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'dns_replicas'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS " *}}@"][VarSub DNS_REPLICAS][LIT_CHARS "@g"]]} {[DQ [VarSub dns_rc_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'dns_domain'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS " *}}@"][VarSub DNS_DOMAIN][LIT_CHARS "@g"]]} {[DQ [VarSub dns_rc_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'dns_server'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS " *}}@"][VarSub DNS_SERVER_IP][LIT_CHARS "@g"]]} {[DQ [VarSub dns_svc_file]]} ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub FEDERATION test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (List (= scope= flags=0 words=[] bindings=[('federations_domain_map', {[DQ [VarSub FEDERATIONS_DOMAIN_MAP test_op=VS_TEST_COLON_HYPHEN {}]]})]) (If (DBracket {B? LOGICAL_BINARY_AND {B1 UNARY_STRING_z {[DQ [VarSub federations_domain_map]]}} {B? LOGICAL_BINARY_AND {B1 UNARY_STRING_n {[DQ [VarSub FEDERATION_NAME test_op=VS_TEST_COLON_HYPHEN {}]]}} {B1 UNARY_STRING_n {[DQ [VarSub DNS_ZONE_NAME test_op=VS_TEST_COLON_HYPHEN {}]]}}}}) (= scope= flags=0 words=[] bindings=[('federations_domain_map', {[DQ [VarSub FEDERATION_NAME][LIT_CHARS "="][VarSub DNS_ZONE_NAME]]})]) ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub federations_domain_map]]}}) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'federations_domain_map'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS " *}}@- --federations="][VarSub federations_domain_map][LIT_CHARS "@g"]]} {[DQ [VarSub dns_rc_file]]} ) (ElseTrue) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "/{{ *pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'federations_domain_map'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS " *}}/d"]]} {[DQ [VarSub dns_rc_file]]} ) ) ) (ElseTrue) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "/{{ *pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'federations_domain_map'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS " *}}/d"]]} {[DQ [VarSub dns_rc_file]]} ) ) ) ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_CLUSTER_REGISTRY test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (List (Com {[LIT_CHARS setup-addon-manifests]} {[DQ [LIT_CHARS addons]]} {[DQ [LIT_CHARS registry]]} ) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('registry_pv_file', {[DQ [VarSub dst_dir][LIT_CHARS /registry/registry-pv.yaml]]})]) (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('registry_pvc_file', {[DQ [VarSub dst_dir][LIT_CHARS /registry/registry-pvc.yaml]]})]) (Com {[LIT_CHARS mv]} {[DQ [VarSub dst_dir][LIT_CHARS /registry/registry-pv.yaml.in]]} {[DQ [VarSub registry_pv_file]]} ) (Com {[LIT_CHARS mv]} {[DQ [VarSub dst_dir][LIT_CHARS /registry/registry-pvc.yaml.in]]} {[DQ [VarSub registry_pvc_file]]} ) (Com {[LIT_CHARS remove-salt-config-comments]} {[DQ [VarSub controller_yaml]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'cluster_registry_disk_size'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS " *}}@"][VarSub CLUSTER_REGISTRY_DISK_SIZE][LIT_CHARS "@g"]]} {[DQ [VarSub registry_pv_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'cluster_registry_disk_size'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS " *}}@"][VarSub CLUSTER_REGISTRY_DISK_SIZE][LIT_CHARS "@g"]]} {[DQ [VarSub registry_pvc_file]]} ) (Com {[LIT_CHARS sed]} {[LIT_CHARS -i]} {[LIT_CHARS -e]} {[DQ [LIT_CHARS "s@{{ *pillar"][\ LIT_ESCAPED_CHAR "\\["][LIT_CHARS "'cluster_registry_disk_name'"][\ LIT_ESCAPED_CHAR "\\]"][LIT_CHARS " *}}@"][VarSub CLUSTER_REGISTRY_DISK][LIT_CHARS "@g"]]} {[DQ [VarSub registry_pvc_file]]} ) ) ) (If (AndOr OP_AND_IF (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_NODE_LOGGING test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (AndOr OP_AND_IF (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub LOGGING_DESTINATION test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS elasticsearch]]}}) (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_CLUSTER_LOGGING test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) ) ) (Com {[LIT_CHARS setup-addon-manifests]} {[DQ [LIT_CHARS addons]]} {[DQ [LIT_CHARS fluentd-elasticsearch]]} ) ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_CLUSTER_UI test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (Com {[LIT_CHARS setup-addon-manifests]} {[DQ [LIT_CHARS addons]]} {[DQ [LIT_CHARS dashboard]]} ) ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_NODE_PROBLEM_DETECTOR test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (Com {[LIT_CHARS setup-addon-manifests]} {[DQ [LIT_CHARS addons]]} {[DQ [LIT_CHARS node-problem-detector]]} ) ) (If (Pipeline (Com {[LIT_CHARS echo]} {[DQ [VarSub ADMISSION_CONTROL test_op=VS_TEST_COLON_HYPHEN {}]]} ) (Com {[LIT_CHARS grep]} {[LIT_CHARS -q]} {[DQ [LIT_CHARS LimitRanger]]} ) ) (Com {[LIT_CHARS setup-addon-manifests]} {[DQ [LIT_CHARS admission-controls]]} {[DQ [LIT_CHARS limit-range]]} ) ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub NETWORK_POLICY_PROVIDER test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS calico]]}}) (Com {[LIT_CHARS setup-addon-manifests]} {[DQ [LIT_CHARS addons]]} {[DQ [LIT_CHARS calico-policy-controller]]} ) ) (Com {[LIT_CHARS cp]} {[DQ [VarSub src_dir][LIT_CHARS /kube-addon-manager.yaml]]} {[LIT_CHARS /etc/kubernetes/manifests]} ) ) ) (FunctionDef start-fluentd [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Start fluentd pod"]]} ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_NODE_LOGGING test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub LOGGING_DESTINATION test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS gcp]]}}) (Com {[LIT_CHARS cp]} {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-manifests/kubernetes/gci-trusty/gci/fluentd-gcp.yaml]]} {[LIT_CHARS /etc/kubernetes/manifests/]} ) (DBracket {B? LOGICAL_BINARY_AND {B2 BINARY_STRING_EQUAL {[DQ [VarSub LOGGING_DESTINATION test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS elasticsearch]]}} {B2 BINARY_STRING_NOT_EQUAL {[DQ [VarSub KUBERNETES_MASTER test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}}) (Com {[LIT_CHARS cp]} {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-manifests/kubernetes/fluentd-es.yaml]]} {[LIT_CHARS /etc/kubernetes/manifests/]} ) ) ) ) ) (FunctionDef start-image-puller [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Start image-puller"]]} ) (Com {[LIT_CHARS cp]} {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-manifests/kubernetes/gci-trusty/e2e-image-puller.manifest]]} {[LIT_CHARS /etc/kubernetes/manifests/]} ) ) ) (FunctionDef start-kube-registry-proxy [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Start kube-registry-proxy"]]} ) (Com {[LIT_CHARS cp]} {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-manifests/kubernetes/kube-registry-proxy.yaml]]} {[LIT_CHARS /etc/kubernetes/manifests]} ) ) ) (FunctionDef start-lb-controller [] (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_L7_LOADBALANCING test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS glbc]]}}) (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Start GCE L7 pod"]]} ) (Com {[LIT_CHARS prepare-log-file]} {[LIT_CHARS /var/log/glbc.log]} ) (Com {[LIT_CHARS setup-addon-manifests]} {[DQ [LIT_CHARS addons]]} {[DQ [LIT_CHARS cluster-loadbalancing/glbc]]} ) (Com {[LIT_CHARS cp]} {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-manifests/kubernetes/gci-trusty/glbc.manifest]]} {[LIT_CHARS /etc/kubernetes/manifests/]} ) ) ) ) (FunctionDef start-rescheduler [] (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_RESCHEDULER test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Start Rescheduler"]]} ) (Com {[LIT_CHARS prepare-log-file]} {[LIT_CHARS /var/log/rescheduler.log]} ) (Com {[LIT_CHARS cp]} {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-manifests/kubernetes/gci-trusty/rescheduler.manifest]]} {[LIT_CHARS /etc/kubernetes/manifests/]} ) ) ) ) (FunctionDef setup-kubelet-dir [] (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Making /var/lib/kubelet executable for kubelet"]]} ) (Com {[LIT_CHARS mount]} {[LIT_CHARS -B]} {[LIT_CHARS /var/lib/kubelet]} {[LIT_CHARS /var/lib/kubelet/]} ) (Com {[LIT_CHARS mount]} {[LIT_CHARS -B]} {[LIT_CHARS -o]} {[LIT_CHARS remount] [LIT_COMMA ","] [LIT_CHARS exec] [LIT_COMMA ","] [LIT_CHARS suid] [LIT_COMMA ","] [LIT_CHARS dev]} {[LIT_CHARS /var/lib/kubelet]} ) ) ) (FunctionDef reset-motd [] (List (= scope= flags=0 words=[{[LIT_CHARS -r]}] bindings=[('version', {[DQ [ComSub (Pipeline (Com {[DQ [VarSub KUBE_HOME]] [LIT_CHARS /bin/kubelet]} {[LIT_CHARS --version] [LIT_DBRACKET_LIKE "="] [LIT_CHARS true]}) (Com {[LIT_CHARS cut]} {[LIT_CHARS -f2]} {[LIT_CHARS -d]} {[DQ [LIT_CHARS " "]]}) )]]})]) (= scope= flags=0 words=[] bindings=[('gitref', {[DQ [ComSub (Pipeline (Com {[LIT_CHARS echo]} {[DQ [VarSub version]]}) (Com {[LIT_CHARS sed]} {[LIT_CHARS -r]} {[DQ [LIT_CHARS "s/(v[0-9]+"][\ LIT_ESCAPED_CHAR "\\."][LIT_CHARS "[0-9]+"][\ LIT_ESCAPED_CHAR "\\."][LIT_CHARS "[0-9]+)(-[a-z]+"][\ LIT_ESCAPED_CHAR "\\."][LIT_CHARS "[0-9]+)?.*/"][\ LIT_ESCAPED_CHAR "\\1"][\ LIT_ESCAPED_CHAR "\\2"][LIT_CHARS /g]]}) )]]})]) (= scope= flags=0 words=[] bindings=[('devel', {[DQ ]})]) (If (DBracket {B2 BINARY_STRING_NOT_EQUAL {[DQ [VarSub gitref]]} {[DQ [VarSub version]]}}) (List (= scope= flags=0 words=[] bindings=[('devel', {[DQ [LIT_CHARS "\n"][LIT_CHARS "Note: This looks like a development version, which might not be present on GitHub.\n"][LIT_CHARS "If it isn't, the closest tag is at:\n"][LIT_CHARS " https://github.com/kubernetes/kubernetes/tree/"][VarSub gitref][LIT_CHARS "\n"]]})]) (= scope= flags=0 words=[] bindings=[('gitref', {[DQ [VarSub version transform_ops=[PatSub {[LIT_CHARS "*+"]} {} do_all]]]})]) ) ) (Com {[LIT_CHARS cat]} < (FilenameRedirectNode filename={[LIT_CHARS /etc/motd]} "> 1), (HereDocRedirectNode here_end='EOF' do_expansion=True body_word={[DQ [LIT_CHARS "\n"][LIT_CHARS "Welcome to Kubernetes "][VarSub version][LIT_CHARS "!\n"][LIT_CHARS "\n"][LIT_CHARS "You can find documentation for Kubernetes at:\n"][LIT_CHARS " http://docs.kubernetes.io/\n"][LIT_CHARS "\n"][LIT_CHARS "The source for this release can be found at:\n"][LIT_CHARS " /home/kubernetes/kubernetes-src.tar.gz\n"][LIT_CHARS "Or you can download it at:\n"][LIT_CHARS " https://storage.googleapis.com/kubernetes-release/release/"][VarSub version][LIT_CHARS "/kubernetes-src.tar.gz\n"][LIT_CHARS "\n"][LIT_CHARS "It is based on the Kubernetes source at:\n"][LIT_CHARS " https://github.com/kubernetes/kubernetes/tree/"][VarSub gitref][LIT_CHARS "\n"][VarSub devel][LIT_CHARS "\n"][LIT_CHARS "For Kubernetes copyright and licensing information, see:\n"][LIT_CHARS " /home/kubernetes/LICENSES\n"][LIT_CHARS "\n"]]} 0), > ) ) ) (FunctionDef override-kubectl [] (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "export PATH="][VarSub KUBE_HOME][LIT_CHARS "/bin:"][\ LIT_ESCAPED_CHAR "\\$"][LIT_CHARS PATH]]} < (FilenameRedirectNode filename={[LIT_CHARS /etc/profile.d/kube_env.sh]} "> 1), > ) ) (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Start to configure instance for kubernetes"]]} ) (= scope= flags=0 words=[] bindings=[('KUBE_HOME', {[DQ [LIT_CHARS /home/kubernetes]]})]) (If (DBracket {B! {B1 UNARY_FILE_e {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-env]]}}}) (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "The "][VarSub KUBE_HOME][LIT_CHARS "/kube-env file does not exist!! Terminate cluster initialization."]]} ) (Com {[LIT_CHARS exit]} {[LIT_CHARS 1]} ) ) ) (Com {[LIT_CHARS source]} {[DQ [VarSub KUBE_HOME][LIT_CHARS /kube-env]]} ) (If (DBracket {B1 UNARY_STRING_n {[DQ [VarSub KUBE_USER test_op=VS_TEST_COLON_HYPHEN {}]]}}) (If (Pipeline! (DBracket {B2 BINARY_STRING_TILDE_EQUAL {[DQ [VarSub KUBE_USER]]} {[LIT_OTHER "^"] [LIT_DBRACKET_LIKE "["] [LIT_CHARS -._] [LIT_OTHER "@"] [LIT_CHARS a-zA-Z0-9] [LIT_DBRACKET_LIKE "]"] [LIT_OTHER "+"] [LIT_OTHER "$"]}}) ) (List (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Bad KUBE_USER format."]]} ) (Com {[LIT_CHARS exit]} {[LIT_CHARS 1]} ) ) ) ) (Com {[LIT_CHARS setup-os-params]} ) (Com {[LIT_CHARS config-ip-firewall]} ) (Com {[LIT_CHARS create-dirs]} ) (Com {[LIT_CHARS setup-kubelet-dir]} ) (Com {[LIT_CHARS ensure-local-ssds]} ) (Com {[LIT_CHARS setup-logrotate]} ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub KUBERNETES_MASTER test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (List (Com {[LIT_CHARS mount-master-pd]} ) (Com {[LIT_CHARS create-master-auth]} ) (Com {[LIT_CHARS create-master-kubelet-auth]} ) ) (ElseTrue) (List (Com {[LIT_CHARS create-kubelet-kubeconfig]} ) (Com {[LIT_CHARS create-kubeproxy-kubeconfig]} ) ) ) (Com {[LIT_CHARS override-kubectl]} ) (Com {[LIT_CHARS assemble-docker-flags]} ) (Com {[LIT_CHARS load-docker-images]} ) (Com {[LIT_CHARS start-kubelet]} ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub KUBERNETES_MASTER test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (List (Com {[LIT_CHARS compute-master-manifest-variables]} ) (Com {[LIT_CHARS start-etcd-servers]} ) (Com {[LIT_CHARS start-etcd-empty-dir-cleanup-pod]} ) (Com {[LIT_CHARS start-kube-apiserver]} ) (Com {[LIT_CHARS start-kube-controller-manager]} ) (Com {[LIT_CHARS start-kube-scheduler]} ) (Com {[LIT_CHARS start-kube-addons]} ) (Com {[LIT_CHARS start-cluster-autoscaler]} ) (Com {[LIT_CHARS start-lb-controller]} ) (Com {[LIT_CHARS start-rescheduler]} ) ) (ElseTrue) (List (Com {[LIT_CHARS start-kube-proxy]} ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub ENABLE_CLUSTER_REGISTRY test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (Com {[LIT_CHARS start-kube-registry-proxy]} ) ) (If (DBracket {B2 BINARY_STRING_EQUAL {[DQ [VarSub PREPULL_E2E_IMAGES test_op=VS_TEST_COLON_HYPHEN {}]]} {[DQ [LIT_CHARS true]]}}) (Com {[LIT_CHARS start-image-puller]} ) ) ) ) (Com {[LIT_CHARS start-fluentd]} ) (Com {[LIT_CHARS reset-motd]} ) (Com {[LIT_CHARS echo]} {[DQ [LIT_CHARS "Done for the configuration for kubernetes"]]} ) )