(CommandList children: [ (C {(set)} {(-o)} {(errexit)}) (C {(set)} {(-o)} {(nounset)}) (C {(set)} {(-o)} {(pipefail)}) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:KUBE_ROOT) op: Equal rhs: {(DQ (/home/kubernetes))} spids: [73] ) ] spids: [73] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:KUBE_BINDIR) op: Equal rhs: {(DQ (${ VSub_Name KUBE_ROOT) (/kubernetes/server/bin))} spids: [78] ) ] spids: [78] ) (FuncDef name: config-ip-firewall body: (BraceGroup children: [ (C {(echo)} {(DQ ("Configuring IP firewall rules"))}) (If arms: [ (if_arm cond: [ (Sentence child: (Pipeline children: [ (C {(iptables)} {(-L)} {(INPUT)}) (SimpleCommand words: [{(grep)} {(DQ ("Chain INPUT (policy DROP)"))}] redirects: [ (Redir op_id: Redir_Great fd: -1 arg_word: {(/dev/null)} spids: [125] ) ] ) ] negated: False ) terminator: <Op_Semi ";"> ) ] action: [ (C {(echo)} {(DQ ("Add rules to accept all inbound TCP/UDP/ICMP packets"))}) (C {(iptables)} {(-A)} {(INPUT)} {(-w)} {(-p)} {(TCP)} {(-j)} {(ACCEPT)}) (C {(iptables)} {(-A)} {(INPUT)} {(-w)} {(-p)} {(UDP)} {(-j)} {(ACCEPT)}) (C {(iptables)} {(-A)} {(INPUT)} {(-w)} {(-p)} {(ICMP)} {(-j)} {(ACCEPT)}) ] spids: [-1 130] ) ] spids: [-1 191] ) (If arms: [ (if_arm cond: [ (Sentence child: (Pipeline children: [ (C {(iptables)} {(-L)} {(FORWARD)}) (SimpleCommand words: [{(grep)} {(DQ ("Chain FORWARD (policy DROP)"))}] redirects: [ (Redir op_id: Redir_Great fd: -1 arg_word: {(/dev/null)} spids: [210] ) ] ) ] negated: False ) terminator: <Op_Semi ";"> ) ] action: [ (C {(echo)} {(DQ ("Add rules to accept all forwarded TCP/UDP/ICMP packets"))}) (C {(iptables)} {(-A)} {(FORWARD)} {(-w)} {(-p)} {(TCP)} {(-j)} {(ACCEPT)}) (C {(iptables)} {(-A)} {(FORWARD)} {(-w)} {(-p)} {(UDP)} {(-j)} {(ACCEPT)}) (C {(iptables)} {(-A)} {(FORWARD)} {(-w)} {(-p)} {(ICMP)} {(-j)} {(ACCEPT)}) ] spids: [-1 215] ) ] spids: [-1 276] ) ] spids: [91] ) spids: [87 90] ) (FuncDef name: create-dirs body: (BraceGroup children: [ (C {(echo)} {(DQ ("Creating required directories"))}) (C {(mkdir)} {(-p)} {(/var/lib/kubelet)}) (C {(mkdir)} {(-p)} {(/etc/kubernetes/manifests)}) (C {(mkdir)} {(-p)} {(/etc/kubernetes/addons)}) ] spids: [285] ) spids: [281 284] ) (FuncDef name: setup-kubelet-dir body: (BraceGroup children: [ (C {(echo)} {(DQ ("Making /var/lib/kubelet executable for kubelet"))}) (C {(mount)} {(-B)} {(/var/lib/kubelet)} {(/var/lib/kubelet/)}) (C {(mount)} {(-B)} {(-o)} {(remount) (Lit_Comma ",") (exec) (Lit_Comma ",") (suid) (Lit_Comma ",") (dev)} {(/var/lib/kubelet)} ) ] spids: [325] ) spids: [321 324] ) (FuncDef name: delete-default-etcd-configs body: (BraceGroup children: [ (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr:(BoolUnary op_id:BoolUnary_d child:{(/etc/etcd)})) terminator: <Op_Semi ";"> ) ] action: [(C {(rm)} {(-rf)} {(/etc/etcd)})] spids: [-1 384] ) ] spids: [-1 394] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr:(BoolUnary op_id:BoolUnary_e child:{(/etc/default/etcd)})) terminator: <Op_Semi ";"> ) ] action: [(C {(rm)} {(-f)} {(/etc/default/etcd)})] spids: [-1 408] ) ] spids: [-1 418] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolUnary op_id: BoolUnary_e child: {(/etc/systemd/system/etcd.service)} ) ) terminator: <Op_Semi ";"> ) ] action: [(C {(rm)} {(-f)} {(/etc/systemd/system/etcd.service)})] spids: [-1 432] ) ] spids: [-1 442] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr:(BoolUnary op_id:BoolUnary_e child:{(/etc/init.d/etcd)})) terminator: <Op_Semi ";"> ) ] action: [(C {(rm)} {(-f)} {(/etc/init.d/etcd)})] spids: [-1 456] ) ] spids: [-1 466] ) ] spids: [370] ) spids: [366 369] ) (FuncDef name: compute-etcd-variables body: (BraceGroup children: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:ETCD_IMAGE) op: Equal rhs: { (DQ (BracedVarSub token: <VSub_Name ETCD_IMAGE> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [483 486] ) ) } spids: [481] ) ] spids: [481] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:ETCD_QUOTA_BYTES) op: Equal rhs: {(DQ )} spids: [490] ) ] spids: [490] ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other "[")} { (DQ (BracedVarSub token: <VSub_Name ETCD_VERSION> suffix_op: (Slice begin: (ArithWord w:{(Lit_Digits 0)}) length: (ArithWord w:{(Lit_Digits 2)}) ) spids: [500 506] ) ) } {(Lit_Other "=") (Lit_Other "=")} {(DQ (3.))} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:ETCD_QUOTA_BYTES) op: Equal rhs: {(DQ (" --quota-backend-bytes=4294967296 "))} spids: [534] ) ] spids: [534] ) ] spids: [-1 519] ) ] spids: [-1 540] ) ] spids: [478] ) spids: [474 477] ) (FuncDef name: safe-format-and-mount body: (BraceGroup children: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:device) op: Equal rhs: {($ VSub_Number "$1")} spids: [560] ) ] spids: [560] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:mountpoint) op: Equal rhs: {($ VSub_Number "$2")} spids: [564] ) ] spids: [564] ) (If arms: [ (if_arm cond: [ (Sentence child: (Pipeline children: [(C {(tune2fs)} {(-l)} {(DQ (${ VSub_Name device))})] negated: True ) terminator: <Op_Semi ";"> ) ] action: [ (C {(echo)} {(DQ ("Formatting '") (${ VSub_Name device) ("'"))}) (C {(mkfs.ext4)} {(-F)} {(DQ (${ VSub_Name device))}) ] spids: [-1 589] ) ] spids: [-1 614] ) (C {(echo)} {(DQ ("Mounting '") (${ VSub_Name device) ("' at '") (${ VSub_Name mountpoint) ("'"))} ) (C {(mount)} {(-o)} {(discard) (Lit_Comma ",") (defaults)} {(DQ (${ VSub_Name device))} {(DQ (${ VSub_Name mountpoint))} ) ] spids: [557] ) spids: [551 556] ) (FuncDef name: find-attached-pd body: (BraceGroup children: [ (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:pd_name) op: Equal rhs: {($ VSub_Number "$1")} spids: [672] ) ] spids: [668] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (LogicalNot child: (BoolUnary op_id: BoolUnary_e child: {(/dev/disk/by-id/) (${ VSub_Name pd_name)} ) ) ) terminator: <Op_Semi ";"> ) ] action: [(C {(echo)} {(DQ )})] spids: [-1 692] ) ] spids: [-1 701] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:device_info) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [(C {(ls)} {(-l)} {(/dev/disk/by-id/) (${ VSub_Name pd_name)})] ) left_token: <Left_CommandSub "$("> spids: [705 714] ) } spids: [704] ) ] spids: [704] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:relative_path) op: Equal rhs: { (BracedVarSub token: <VSub_Name device_info> suffix_op: (StringUnary op_id:VOp1_DPound arg_word:{("* ")}) spids: [718 722] ) } spids: [717] ) ] spids: [717] ) (C {(echo)} {(DQ (/dev/disk/by-id/) (${ VSub_Name relative_path))}) ] spids: [665] ) spids: [659 664] ) (FuncDef name: mount-pd body: (BraceGroup children: [ (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:pd_name) op: Equal rhs: {($ VSub_Number "$1")} spids: [759] ) ] spids: [755] ) (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:mount_point) op: Equal rhs: {($ VSub_Number "$2")} spids: [767] ) ] spids: [763] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolUnary op_id: BoolUnary_z child: { (DQ (BracedVarSub token: <VSub_Name find> suffix_op: (StringUnary op_id: VTest_Hyphen arg_word: {("attached-pd ") (${ VSub_Name pd_name)} ) spids: [779 786] ) ) } ) ) terminator: <Op_Semi ";"> ) ] action: [ (C {(echo)} {(DQ ("Can't find ") (${ VSub_Name pd_name) (". Skipping mount."))}) (ControlFlow token:<ControlFlow_Return return>) ] spids: [-1 792] ) ] spids: [-1 809] ) (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:pd_path) op: Equal rhs: {(DQ (/dev/disk/by-id/) (${ VSub_Name pd_name))} spids: [817] ) ] spids: [813] ) (C {(echo)} { (DQ ("Mounting PD '") (${ VSub_Name pd_path) ("' at '") (${ VSub_Name mount_point) ("'")) } ) (C {(mkdir)} {(-p)} {(DQ (${ VSub_Name mount_point))}) (C {(safe-format-and-mount)} {(DQ (${ VSub_Name pd_path))} {(DQ (${ VSub_Name mount_point))}) (C {(echo)} { (DQ ("Mounted PD '") (${ VSub_Name pd_path) ("' at '") (${ VSub_Name mount_point) ("'")) } ) ] spids: [752] ) spids: [746 751] ) (FuncDef name: create-kubecontrollermanager-kubeconfig body: (BraceGroup children: [ (C {(echo)} {(DQ ("Creating kube-controller-manager kubeconfig file"))}) (C {(mkdir)} {(-p)} {(DQ (${ VSub_Name KUBE_ROOT) (/k8s_auth_data/kube-controller-manager))}) (SimpleCommand words: [{(cat)}] redirects: [ (HereDoc op_id: Redir_DLess fd: -1 body: { (DQ ("apiVersion: v1\n") ("kind: Config\n") ("users:\n") ("- name: kube-controller-manager\n") (" user:\n") (" token: ") (${ VSub_Name KUBE_CONTROLLER_MANAGER_TOKEN) ("\n") ("clusters:\n") ("- name: local\n") (" cluster:\n") (" insecure-skip-tls-verify: true\n") (" server: https://localhost:443\n") ("contexts:\n") ("- context:\n") (" cluster: local\n") (" user: kube-controller-manager\n") (" name: service-account-context\n") ("current-context: service-account-context\n") ) } do_expansion: True here_end: EOF was_filled: True spids: [940] ) (Redir op_id: Redir_Great fd: -1 arg_word: { (DQ (${ VSub_Name KUBE_ROOT) (/k8s_auth_data/kube-controller-manager/kubeconfig)) } spids: [943] ) ] ) ] spids: [916] ) spids: [912 915] ) (FuncDef name: create-kubescheduler-kubeconfig body: (BraceGroup children: [ (C {(echo)} {(DQ ("Creating kube-scheduler kubeconfig file"))}) (C {(mkdir)} {(-p)} {(DQ (${ VSub_Name KUBE_ROOT) (/k8s_auth_data/kube-scheduler))}) (SimpleCommand words: [{(cat)}] redirects: [ (HereDoc op_id: Redir_DLess fd: -1 body: { (DQ ("apiVersion: v1\n") ("kind: Config\n") ("users:\n") ("- name: kube-scheduler\n") (" user:\n") (" token: ") (${ VSub_Name KUBE_SCHEDULER_TOKEN) ("\n") ("clusters:\n") ("- name: local\n") (" cluster:\n") (" insecure-skip-tls-verify: true\n") (" server: https://localhost:443\n") ("contexts:\n") ("- context:\n") (" cluster: local\n") (" user: kube-scheduler\n") (" name: kube-scheduler\n") ("current-context: kube-scheduler\n") ) } do_expansion: True here_end: EOF was_filled: True spids: [1003] ) (Redir op_id: Redir_Great fd: -1 arg_word: {(DQ (${ VSub_Name KUBE_ROOT) (/k8s_auth_data/kube-scheduler/kubeconfig))} spids: [1006] ) ] ) ] spids: [979] ) spids: [975 978] ) (FuncDef name: assemble-docker-flags body: (BraceGroup children: [ (C {(echo)} {(DQ ("Assemble docker command line flags"))}) (Assignment keyword: Assign_Local pairs: [ (assign_pair lhs: (LhsName name:docker_opts) op: Equal rhs: {(DQ ("-p /var/run/docker.pid --iptables=false --ip-masq=false"))} spids: [1054] ) ] spids: [1052] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:docker_opts) op: PlusEqual rhs: {(DQ (" --log-level=debug"))} spids: [1060] ) ] spids: [1060] ) (SimpleCommand words: [ {(echo)} { (DQ ("DOCKER_OPTS=") (EscapedLiteralPart token:<Lit_EscapedChar "\\\"">) (${ VSub_Name docker_opts) (EscapedLiteralPart token:<Lit_EscapedChar "\\\"">) ) } ] redirects: [ (Redir op_id: Redir_Great fd: -1 arg_word: {(/etc/default/docker)} spids: [1084] ) ] ) (SimpleCommand words: [{(echo)} {(DQ ("DOCKER_NOFILE=65536"))}] redirects: [ (Redir op_id: Redir_DGreat fd: -1 arg_word: {(/etc/default/docker)} spids: [1095] ) ] ) (C {(systemctl)} {(restart)} {(docker)}) ] spids: [1042] ) spids: [1038 1041] ) (FuncDef name: try-load-docker-image body: (BraceGroup children: [ (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:img) op: Equal rhs: {($ VSub_Number "$1")} spids: [1132] ) ] spids: [1128] ) (C {(echo)} {(DQ ("Try to load docker image file ") (${ VSub_Name img))}) (C {(set)} {(Lit_Other "+") (e)}) (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [(assign_pair lhs:(LhsName name:max_attempts) op:Equal rhs:{(5)} spids:[1160])] spids: [1156] ) (Assignment keyword: Assign_Local flags: ["'-i'"] pairs: [(assign_pair lhs:(LhsName name:attempt_num) op:Equal rhs:{(1)} spids:[1168])] spids: [1164] ) (Until cond: [ (Sentence child: (C {(timeout)} {(30)} {(docker)} {(load)} {(-i)} {(DQ (${ VSub_Name img))}) terminator: <Op_Semi ";"> ) ] body: (DoGroup children: [ (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolBinary op_id: BoolBinary_GlobDEqual left: {(DQ (${ VSub_Name attempt_num))} right: {(DQ (${ VSub_Name max_attempts))} ) ) terminator: <Op_Semi ";"> ) ] action: [ (C {(echo)} { (DQ ("Fail to load docker image file ") (${ VSub_Name img) (" after ") (${ VSub_Name max_attempts) (" retries. Exit!!") ) } ) (C {(exit)} {(1)}) ] spids: [-1 1215] ) ] else_action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:attempt_num) op: Equal rhs: { (ArithSubPart anode: (ArithBinary op_id: Arith_Plus left: (ArithVarRef name:attempt_num) right: (ArithWord w:{(Lit_Digits 1)}) ) spids: [1242 1247] ) } spids: [1241] ) ] spids: [1241] ) (C {(sleep)} {(5)}) ] spids: [1238 1255] ) ] spids: [1191 1258] ) ) (C {(set)} {(-e)}) ] spids: [1125] ) spids: [1121 1124] ) (FuncDef name: load-docker-images body: (BraceGroup children: [ (C {(echo)} {(DQ ("Start loading kube-system docker images"))}) (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:img_dir) op: Equal rhs: {(DQ (${ VSub_Name KUBE_BINDIR))} spids: [1296] ) ] spids: [1292] ) (C {(try-load-docker-image)} {(DQ (${ VSub_Name img_dir) (/kube-apiserver.tar))}) (C {(try-load-docker-image)} {(DQ (${ VSub_Name img_dir) (/kube-controller-manager.tar))}) (C {(try-load-docker-image)} {(DQ (${ VSub_Name img_dir) (/kube-scheduler.tar))}) ] spids: [1282] ) spids: [1278 1281] ) (FuncDef name: compute-kubelet-params body: (BraceGroup children: [ (Assignment keyword: Assign_Local pairs: [ (assign_pair lhs: (LhsName name:params) op: Equal rhs: { (DQ (BracedVarSub token: <VSub_Name KUBELET_TEST_ARGS> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [1350 1353] ) ) } spids: [1348] ) ] spids: [1346] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --allow-privileged=true"))} spids: [1357] ) ] spids: [1357] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --cgroup-root=/"))} spids: [1363] ) ] spids: [1363] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --cloud-provider=gce"))} spids: [1369] ) ] spids: [1369] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --pod-manifest-path=/etc/kubernetes/manifests"))} spids: [1375] ) ] spids: [1375] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolUnary op_id: BoolUnary_n child: { (DQ (BracedVarSub token: <VSub_Name KUBELET_PORT> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [1388 1391] ) ) } ) ) terminator: <Op_Semi ";"> ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --port=") (${ VSub_Name KUBELET_PORT))} spids: [1400] ) ] spids: [1400] ) ] spids: [-1 1397] ) ] spids: [-1 1409] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --enable-debugging-handlers=false"))} spids: [1412] ) ] spids: [1412] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --hairpin-mode=none"))} spids: [1418] ) ] spids: [1418] ) (C {(echo)} {(DQ (${ VSub_Name params))}) ] spids: [1343] ) spids: [1339 1342] ) (FuncDef name: create-kubelet-conf body: (BraceGroup children: [ (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:kubelet_bin) op: Equal rhs: {(DQ ($ VSub_Number "$1"))} spids: [1451] ) ] spids: [1447] ) (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:kubelet_env_file) op: Equal rhs: {(DQ (/etc/default/kubelet))} spids: [1461] ) ] spids: [1457] ) (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:flags) op: Equal rhs: { (CommandSubPart command_list: (CommandList children:[(C {(compute-kubelet-params)})]) left_token: <Left_CommandSub "$("> spids: [1472 1474] ) } spids: [1471] ) ] spids: [1467] ) (SimpleCommand words: [ {(echo)} { (DQ ("KUBELET_OPTS=") (EscapedLiteralPart token:<Lit_EscapedChar "\\\"">) (${ VSub_Name flags) (EscapedLiteralPart token:<Lit_EscapedChar "\\\"">) ) } ] redirects: [ (Redir op_id: Redir_Great fd: -1 arg_word: {(DQ (${ VSub_Name kubelet_env_file))} spids: [1488] ) ] ) (SimpleCommand words: [{(cat)}] redirects: [ (HereDoc op_id: Redir_DLess fd: -1 body: { (DQ ("[Unit]\n") ("Description=Kubermark kubelet\n") ("Requires=network-online.target\n") ("After=network-online.target\n") ("\n") ("[Service]\n") ("Restart=always\n") ("RestartSec=10\n") ("EnvironmentFile=") (${ VSub_Name kubelet_env_file) ("\n") ("ExecStart=") (${ VSub_Name kubelet_bin) (" ") (EscapedLiteralPart token:<Lit_EscapedChar "\\$">) ("KUBELET_OPTS\n") ("\n") ("[Install]\n") ("WantedBy=multi-user.target\n") ) } do_expansion: True here_end: EOF was_filled: True spids: [1504] ) (Redir op_id: Redir_Great fd: -1 arg_word: {(/etc/systemd/system/kubelet.service)} spids: [1507] ) ] ) ] spids: [1444] ) spids: [1438 1443] ) (FuncDef name: start-kubelet body: (BraceGroup children: [ (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:kubelet_bin) op: Equal rhs: {(DQ (/usr/bin/kubelet))} spids: [1557] ) ] spids: [1553] ) (C {(create-kubelet-conf)} {(DQ (${ VSub_Name kubelet_bin))}) (AndOr children: [(C {(iptables)} {(-t)} {(nat)} {(-F)}) (C {(true)})] op_id: Op_DPipe ) (C {(systemctl)} {(start)} {(kubelet.service)}) ] spids: [1546] ) spids: [1542 1545] ) (FuncDef name: prepare-log-file body: (BraceGroup children: [ (C {(touch)} {($ VSub_Number "$1")}) (C {(chmod)} {(644)} {($ VSub_Number "$1")}) (C {(chown)} {(root) (Lit_Other ":") (root)} {($ VSub_Number "$1")}) ] spids: [1617] ) spids: [1613 1616] ) (FuncDef name: setup-addon-manifests body: (BraceGroup children: [ (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:src_dir) op: Equal rhs: {(DQ (${ VSub_Name KUBE_ROOT) (/) ($ VSub_Number "$2"))} spids: [1669] ) ] spids: [1665] ) (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:dst_dir) op: Equal rhs: {(DQ (/etc/kubernetes/) ($ VSub_Number "$1") (/) ($ VSub_Number "$2"))} spids: [1683] ) ] spids: [1679] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (LogicalNot child: (BoolUnary op_id:BoolUnary_d child:{(DQ (${ VSub_Name dst_dir))}) ) ) terminator: <Op_Semi ";"> ) ] action: [(C {(mkdir)} {(-p)} {(DQ (${ VSub_Name dst_dir))})] spids: [-1 1709] ) ] spids: [-1 1723] ) (Assignment keyword: Assign_Local pairs: [ (assign_pair lhs: (LhsName name:files) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (C {(find)} {(DQ (${ VSub_Name src_dir))} {(-maxdepth)} {(1)} {(-name)} {(DQ ("*.yaml"))} ) ] ) left_token: <Left_CommandSub "$("> spids: [1729 1747] ) } spids: [1728] ) ] spids: [1726] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolUnary op_id:BoolUnary_n child:{(DQ (${ VSub_Name files))}) ) terminator: <Op_Semi ";"> ) ] action: [ (C {(cp)} {(DQ (${ VSub_Name src_dir) (/)) (Lit_Other "*") (.yaml)} {(DQ (${ VSub_Name dst_dir))} ) ] spids: [-1 1765] ) ] spids: [-1 1786] ) (C {(chown)} {(-R)} {(root) (Lit_Other ":") (root)} {(DQ (${ VSub_Name dst_dir))}) (C {(chmod)} {(755)} {(DQ (${ VSub_Name dst_dir))}) (C {(chmod)} {(644)} {(DQ (${ VSub_Name dst_dir)) (/) (Lit_Other "*")}) ] spids: [1662] ) spids: [1658 1661] ) (FuncDef name: create-master-audit-policy body: (BraceGroup children: [ (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:path) op: Equal rhs: {(DQ (${ VSub_Number 1))} spids: [1850] ) ] spids: [1846] ) (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:policy) op: Equal rhs: { (DQ (BracedVarSub token: <VSub_Number 2> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [1864 1867] ) ) } spids: [1862] ) ] spids: [1858] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolUnary op_id:BoolUnary_n child:{(DQ (${ VSub_Name policy))}) ) terminator: <Op_Semi ";"> ) ] action: [ (SimpleCommand words: [{(echo)} {(DQ (${ VSub_Name policy))}] redirects: [ (Redir op_id: Redir_Great fd: -1 arg_word: {(DQ (${ VSub_Name path))} spids: [1898] ) ] ) (ControlFlow token:<ControlFlow_Return return>) ] spids: [-1 1887] ) ] spids: [-1 1910] ) (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:known_apis) op: Equal rhs: { (SQ <"\n"> <" - group: \"\" # core\n"> <" - group: \"admissionregistration.k8s.io\"\n"> <" - group: \"apiextensions.k8s.io\"\n"> <" - group: \"apiregistration.k8s.io\"\n"> <" - group: \"apps\"\n"> <" - group: \"authentication.k8s.io\"\n"> <" - group: \"authorization.k8s.io\"\n"> <" - group: \"autoscaling\"\n"> <" - group: \"batch\"\n"> <" - group: \"certificates.k8s.io\"\n"> <" - group: \"extensions\"\n"> <" - group: \"metrics\"\n"> <" - group: \"networking.k8s.io\"\n"> <" - group: \"policy\"\n"> <" - group: \"rbac.authorization.k8s.io\"\n"> <" - group: \"settings.k8s.io\"\n"> <" - group: \"storage.k8s.io\""> ) } spids: [1922] ) ] spids: [1918] ) (SimpleCommand words: [{(cat)}] redirects: [ (HereDoc op_id: Redir_DLess fd: -1 body: { (DQ ("apiVersion: audit.k8s.io/v1beta1\n") ("kind: Policy\n") ("rules:\n") ( " # The following requests were manually identified as high-volume and low-risk,\n" ) (" # so drop them.\n") (" - level: None\n") (" users: [") (Right_DoubleQuote "\"") ("system:kube-proxy") (Right_DoubleQuote "\"") ("]\n") (" verbs: [") (Right_DoubleQuote "\"") (watch) (Right_DoubleQuote "\"") ("]\n") (" resources:\n") (" - group: ") (Right_DoubleQuote "\"") (Right_DoubleQuote "\"") (" # core\n") (" resources: [") (Right_DoubleQuote "\"") (endpoints) (Right_DoubleQuote "\"") (", ") (Right_DoubleQuote "\"") (services) (Right_DoubleQuote "\"") (", ") (Right_DoubleQuote "\"") (services/status) (Right_DoubleQuote "\"") ("]\n") (" - level: None\n") ( " # Ingress controller reads 'configmaps/ingress-uid' through the unsecured port.\n" ) (" # TODO(#46983): Change this to the ingress controller service account.\n") (" users: [") (Right_DoubleQuote "\"") ("system:unsecured") (Right_DoubleQuote "\"") ("]\n") (" namespaces: [") (Right_DoubleQuote "\"") (kube-system) (Right_DoubleQuote "\"") ("]\n") (" verbs: [") (Right_DoubleQuote "\"") (get) (Right_DoubleQuote "\"") ("]\n") (" resources:\n") (" - group: ") (Right_DoubleQuote "\"") (Right_DoubleQuote "\"") (" # core\n") (" resources: [") (Right_DoubleQuote "\"") (configmaps) (Right_DoubleQuote "\"") ("]\n") (" - level: None\n") (" users: [") (Right_DoubleQuote "\"") (kubelet) (Right_DoubleQuote "\"") ("] # legacy kubelet identity\n") (" verbs: [") (Right_DoubleQuote "\"") (get) (Right_DoubleQuote "\"") ("]\n") (" resources:\n") (" - group: ") (Right_DoubleQuote "\"") (Right_DoubleQuote "\"") (" # core\n") (" resources: [") (Right_DoubleQuote "\"") (nodes) (Right_DoubleQuote "\"") (", ") (Right_DoubleQuote "\"") (nodes/status) (Right_DoubleQuote "\"") ("]\n") (" - level: None\n") (" userGroups: [") (Right_DoubleQuote "\"") ("system:nodes") (Right_DoubleQuote "\"") ("]\n") (" verbs: [") (Right_DoubleQuote "\"") (get) (Right_DoubleQuote "\"") ("]\n") (" resources:\n") (" - group: ") (Right_DoubleQuote "\"") (Right_DoubleQuote "\"") (" # core\n") (" resources: [") (Right_DoubleQuote "\"") (nodes) (Right_DoubleQuote "\"") (", ") (Right_DoubleQuote "\"") (nodes/status) (Right_DoubleQuote "\"") ("]\n") (" - level: None\n") (" users:\n") (" - system:kube-controller-manager\n") (" - system:kube-scheduler\n") (" - system:serviceaccount:kube-system:endpoint-controller\n") (" verbs: [") (Right_DoubleQuote "\"") (get) (Right_DoubleQuote "\"") (", ") (Right_DoubleQuote "\"") (update) (Right_DoubleQuote "\"") ("]\n") (" namespaces: [") (Right_DoubleQuote "\"") (kube-system) (Right_DoubleQuote "\"") ("]\n") (" resources:\n") (" - group: ") (Right_DoubleQuote "\"") (Right_DoubleQuote "\"") (" # core\n") (" resources: [") (Right_DoubleQuote "\"") (endpoints) (Right_DoubleQuote "\"") ("]\n") (" - level: None\n") (" users: [") (Right_DoubleQuote "\"") ("system:apiserver") (Right_DoubleQuote "\"") ("]\n") (" verbs: [") (Right_DoubleQuote "\"") (get) (Right_DoubleQuote "\"") ("]\n") (" resources:\n") (" - group: ") (Right_DoubleQuote "\"") (Right_DoubleQuote "\"") (" # core\n") (" resources: [") (Right_DoubleQuote "\"") (namespaces) (Right_DoubleQuote "\"") (", ") (Right_DoubleQuote "\"") (namespaces/status) (Right_DoubleQuote "\"") (", ") (Right_DoubleQuote "\"") (namespaces/finalize) (Right_DoubleQuote "\"") ("]\n") (" # Don't log HPA fetching metrics.\n") (" - level: None\n") (" users:\n") (" - system:kube-controller-manager\n") (" verbs: [") (Right_DoubleQuote "\"") (get) (Right_DoubleQuote "\"") (", ") (Right_DoubleQuote "\"") (list) (Right_DoubleQuote "\"") ("]\n") (" resources:\n") (" - group: ") (Right_DoubleQuote "\"") (metrics) (Right_DoubleQuote "\"") ("\n") (" # Don't log these read-only URLs.\n") (" - level: None\n") (" nonResourceURLs:\n") (" - /healthz*\n") (" - /version\n") (" - /swagger*\n") (" # Don't log events requests.\n") (" - level: None\n") (" resources:\n") (" - group: ") (Right_DoubleQuote "\"") (Right_DoubleQuote "\"") (" # core\n") (" resources: [") (Right_DoubleQuote "\"") (events) (Right_DoubleQuote "\"") ("]\n") ( " # node and pod status calls from nodes are high-volume and can be large, don't log responses for expected updates from nodes\n" ) (" - level: Request\n") (" users: [") (Right_DoubleQuote "\"") (kubelet) (Right_DoubleQuote "\"") (", ") (Right_DoubleQuote "\"") ("system:node-problem-detector") (Right_DoubleQuote "\"") (", ") (Right_DoubleQuote "\"") ("system:serviceaccount:kube-system:node-problem-detector") (Right_DoubleQuote "\"") ("]\n") (" verbs: [") (Right_DoubleQuote "\"") (update) (Right_DoubleQuote "\"") (",") (Right_DoubleQuote "\"") (patch) (Right_DoubleQuote "\"") ("]\n") (" resources:\n") (" - group: ") (Right_DoubleQuote "\"") (Right_DoubleQuote "\"") (" # core\n") (" resources: [") (Right_DoubleQuote "\"") (nodes/status) (Right_DoubleQuote "\"") (", ") (Right_DoubleQuote "\"") (pods/status) (Right_DoubleQuote "\"") ("]\n") (" omitStages:\n") (" - ") (Right_DoubleQuote "\"") (RequestReceived) (Right_DoubleQuote "\"") ("\n") (" - level: Request\n") (" userGroups: [") (Right_DoubleQuote "\"") ("system:nodes") (Right_DoubleQuote "\"") ("]\n") (" verbs: [") (Right_DoubleQuote "\"") (update) (Right_DoubleQuote "\"") (",") (Right_DoubleQuote "\"") (patch) (Right_DoubleQuote "\"") ("]\n") (" resources:\n") (" - group: ") (Right_DoubleQuote "\"") (Right_DoubleQuote "\"") (" # core\n") (" resources: [") (Right_DoubleQuote "\"") (nodes/status) (Right_DoubleQuote "\"") (", ") (Right_DoubleQuote "\"") (pods/status) (Right_DoubleQuote "\"") ("]\n") (" omitStages:\n") (" - ") (Right_DoubleQuote "\"") (RequestReceived) (Right_DoubleQuote "\"") ("\n") ( " # deletecollection calls can be large, don't log responses for expected namespace deletions\n" ) (" - level: Request\n") (" users: [") (Right_DoubleQuote "\"") ("system:serviceaccount:kube-system:namespace-controller") (Right_DoubleQuote "\"") ("]\n") (" verbs: [") (Right_DoubleQuote "\"") (deletecollection) (Right_DoubleQuote "\"") ("]\n") (" omitStages:\n") (" - ") (Right_DoubleQuote "\"") (RequestReceived) (Right_DoubleQuote "\"") ("\n") (" # Secrets, ConfigMaps, and TokenReviews can contain sensitive & binary data,\n") (" # so only log at the Metadata level.\n") (" - level: Metadata\n") (" resources:\n") (" - group: ") (Right_DoubleQuote "\"") (Right_DoubleQuote "\"") (" # core\n") (" resources: [") (Right_DoubleQuote "\"") (secrets) (Right_DoubleQuote "\"") (", ") (Right_DoubleQuote "\"") (configmaps) (Right_DoubleQuote "\"") ("]\n") (" - group: authentication.k8s.io\n") (" resources: [") (Right_DoubleQuote "\"") (tokenreviews) (Right_DoubleQuote "\"") ("]\n") (" omitStages:\n") (" - ") (Right_DoubleQuote "\"") (RequestReceived) (Right_DoubleQuote "\"") ("\n") (" # Get repsonses can be large; skip them.\n") (" - level: Request\n") (" verbs: [") (Right_DoubleQuote "\"") (get) (Right_DoubleQuote "\"") (", ") (Right_DoubleQuote "\"") (list) (Right_DoubleQuote "\"") (", ") (Right_DoubleQuote "\"") (watch) (Right_DoubleQuote "\"") ("]\n") (" resources: ") (${ VSub_Name known_apis) ("\n") (" omitStages:\n") (" - ") (Right_DoubleQuote "\"") (RequestReceived) (Right_DoubleQuote "\"") ("\n") (" # Default level for known APIs\n") (" - level: RequestResponse\n") (" resources: ") (${ VSub_Name known_apis) ("\n") (" omitStages:\n") (" - ") (Right_DoubleQuote "\"") (RequestReceived) (Right_DoubleQuote "\"") ("\n") (" # Default level for all other requests.\n") (" - level: Metadata\n") (" omitStages:\n") (" - ") (Right_DoubleQuote "\"") (RequestReceived) (Right_DoubleQuote "\"") ("\n") ) } do_expansion: True here_end: EOF was_filled: True spids: [1948] ) (Redir op_id: Redir_Great fd: -1 arg_word: {(DQ (${ VSub_Name path))} spids: [1951] ) ] ) ] spids: [1843] ) spids: [1839 1842] ) (FuncDef name: compute-etcd-params body: (BraceGroup children: [ (Assignment keyword: Assign_Local pairs: [ (assign_pair lhs: (LhsName name:params) op: Equal rhs: { (DQ (BracedVarSub token: <VSub_Name ETCD_TEST_ARGS> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [2355 2358] ) ) } spids: [2353] ) ] spids: [2351] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --listen-peer-urls=http://127.0.0.1:2380"))} spids: [2362] ) ] spids: [2362] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --advertise-client-urls=http://127.0.0.1:2379"))} spids: [2368] ) ] spids: [2368] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --listen-client-urls=http://0.0.0.0:2379"))} spids: [2374] ) ] spids: [2374] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --data-dir=/var/etcd/data"))} spids: [2380] ) ] spids: [2380] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" ") (${ VSub_Name ETCD_QUOTA_BYTES))} spids: [2386] ) ] spids: [2386] ) (C {(echo)} {(DQ (${ VSub_Name params))}) ] spids: [2348] ) spids: [2344 2347] ) (FuncDef name: compute-etcd-events-params body: (BraceGroup children: [ (Assignment keyword: Assign_Local pairs: [ (assign_pair lhs: (LhsName name:params) op: Equal rhs: { (DQ (BracedVarSub token: <VSub_Name ETCD_TEST_ARGS> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [2420 2423] ) ) } spids: [2418] ) ] spids: [2416] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --listen-peer-urls=http://127.0.0.1:2381"))} spids: [2427] ) ] spids: [2427] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --advertise-client-urls=http://127.0.0.1:4002"))} spids: [2433] ) ] spids: [2433] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --listen-client-urls=http://0.0.0.0:4002"))} spids: [2439] ) ] spids: [2439] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --data-dir=/var/etcd/data-events"))} spids: [2445] ) ] spids: [2445] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" ") (${ VSub_Name ETCD_QUOTA_BYTES))} spids: [2451] ) ] spids: [2451] ) (C {(echo)} {(DQ (${ VSub_Name params))}) ] spids: [2413] ) spids: [2409 2412] ) (FuncDef name: compute-kube-apiserver-params body: (BraceGroup children: [ (Assignment keyword: Assign_Local pairs: [ (assign_pair lhs: (LhsName name:params) op: Equal rhs: { (DQ (BracedVarSub token: <VSub_Name APISERVER_TEST_ARGS> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [2485 2488] ) ) } spids: [2483] ) ] spids: [2481] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --insecure-bind-address=0.0.0.0"))} spids: [2492] ) ] spids: [2492] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolUnary op_id: BoolUnary_z child: { (DQ (BracedVarSub token: <VSub_Name ETCD_SERVERS> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [2505 2508] ) ) } ) ) terminator: <Op_Semi ";"> ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --etcd-servers=http://127.0.0.1:2379"))} spids: [2517] ) ] spids: [2517] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: { (DQ (" --etcd-servers-overrides=/events#") (${ VSub_Name EVENT_STORE_URL) ) } spids: [2523] ) ] spids: [2523] ) ] spids: [-1 2514] ) ] else_action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --etcd-servers=") (${ VSub_Name ETCD_SERVERS))} spids: [2535] ) ] spids: [2535] ) ] spids: [2532 2544] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --tls-cert-file=/etc/srv/kubernetes/server.cert"))} spids: [2547] ) ] spids: [2547] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --tls-private-key-file=/etc/srv/kubernetes/server.key"))} spids: [2553] ) ] spids: [2553] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --requestheader-client-ca-file=/etc/srv/kubernetes/aggr_ca.crt"))} spids: [2559] ) ] spids: [2559] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --requestheader-allowed-names=aggregator"))} spids: [2565] ) ] spids: [2565] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --requestheader-extra-headers-prefix=X-Remote-Extra-"))} spids: [2571] ) ] spids: [2571] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --requestheader-group-headers=X-Remote-Group"))} spids: [2577] ) ] spids: [2577] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --requestheader-username-headers=X-Remote-User"))} spids: [2583] ) ] spids: [2583] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --proxy-client-cert-file=/etc/srv/kubernetes/proxy_client.crt"))} spids: [2589] ) ] spids: [2589] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --proxy-client-key-file=/etc/srv/kubernetes/proxy_client.key"))} spids: [2595] ) ] spids: [2595] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --enable-aggregator-routing=true"))} spids: [2601] ) ] spids: [2601] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --client-ca-file=/etc/srv/kubernetes/ca.crt"))} spids: [2607] ) ] spids: [2607] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --token-auth-file=/etc/srv/kubernetes/known_tokens.csv"))} spids: [2613] ) ] spids: [2613] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --secure-port=443"))} spids: [2619] ) ] spids: [2619] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --basic-auth-file=/etc/srv/kubernetes/basic_auth.csv"))} spids: [2625] ) ] spids: [2625] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: { (DQ (" --target-ram-mb=") (ArithSubPart anode: (ArithBinary op_id: Arith_Star left: (ArithWord w:{(${ VSub_Name NUM_NODES)}) right: (ArithWord w:{(Lit_Digits 60)}) ) spids: [2634 2643] ) ) } spids: [2631] ) ] spids: [2631] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --service-cluster-ip-range=") (${ VSub_Name SERVICE_CLUSTER_IP_RANGE))} spids: [2647] ) ] spids: [2647] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --admission-control=") (${ VSub_Name CUSTOM_ADMISSION_PLUGINS))} spids: [2656] ) ] spids: [2656] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --authorization-mode=Node,RBAC"))} spids: [2665] ) ] spids: [2665] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --allow-privileged=true"))} spids: [2671] ) ] spids: [2671] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolUnary op_id: BoolUnary_n child: { (DQ (BracedVarSub token: <VSub_Name STORAGE_BACKEND> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [2684 2687] ) ) } ) ) terminator: <Op_Semi ";"> ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --storage-backend=") (${ VSub_Name STORAGE_BACKEND))} spids: [2696] ) ] spids: [2696] ) ] spids: [-1 2693] ) ] spids: [-1 2705] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolUnary op_id: BoolUnary_n child: { (DQ (BracedVarSub token: <VSub_Name STORAGE_MEDIA_TYPE> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [2715 2718] ) ) } ) ) terminator: <Op_Semi ";"> ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --storage-media-type=") (${ VSub_Name STORAGE_MEDIA_TYPE))} spids: [2727] ) ] spids: [2727] ) ] spids: [-1 2724] ) ] spids: [-1 2736] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolUnary op_id: BoolUnary_n child: { (DQ (BracedVarSub token: <VSub_Name ETCD_QUORUM_READ> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [2746 2749] ) ) } ) ) terminator: <Op_Semi ";"> ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --etcd-quorum-read=") (${ VSub_Name ETCD_QUORUM_READ))} spids: [2758] ) ] spids: [2758] ) ] spids: [-1 2755] ) ] spids: [-1 2767] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolUnary op_id: BoolUnary_n child: { (DQ (BracedVarSub token: <VSub_Name KUBE_APISERVER_REQUEST_TIMEOUT> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [2777 2780] ) ) } ) ) terminator: <Op_Semi ";"> ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: { (DQ (" --min-request-timeout=") (${ VSub_Name KUBE_APISERVER_REQUEST_TIMEOUT) ) } spids: [2789] ) ] spids: [2789] ) ] spids: [-1 2786] ) ] spids: [-1 2798] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolUnary op_id: BoolUnary_n child: { (DQ (BracedVarSub token: <VSub_Name RUNTIME_CONFIG> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [2808 2811] ) ) } ) ) terminator: <Op_Semi ";"> ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --runtime-config=") (${ VSub_Name RUNTIME_CONFIG))} spids: [2820] ) ] spids: [2820] ) ] spids: [-1 2817] ) ] spids: [-1 2829] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolUnary op_id: BoolUnary_n child: { (DQ (BracedVarSub token: <VSub_Name FEATURE_GATES> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [2839 2842] ) ) } ) ) terminator: <Op_Semi ";"> ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --feature-gates=") (${ VSub_Name FEATURE_GATES))} spids: [2851] ) ] spids: [2851] ) ] spids: [-1 2848] ) ] spids: [-1 2860] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolBinary op_id: BoolBinary_GlobDEqual left: { (DQ (BracedVarSub token: <VSub_Name ENABLE_APISERVER_ADVANCED_AUDIT> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [2868 2871] ) ) } right: {(DQ (true))} ) ) terminator: <Op_Semi ";"> ) ] action: [ (C {(create-master-audit-policy)} {(DQ (${ VSub_Name audit_policy_file))} { (DQ (BracedVarSub token: <VSub_Name ADVANCED_AUDIT_POLICY> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [2899 2902] ) ) } ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --audit-policy-file=") (${ VSub_Name audit_policy_file))} spids: [2915] ) ] spids: [2915] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --audit-log-path=/var/log/kube-apiserver-audit.log"))} spids: [2924] ) ] spids: [2924] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --audit-log-maxage=0"))} spids: [2930] ) ] spids: [2930] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --audit-log-maxbackup=0"))} spids: [2936] ) ] spids: [2936] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --audit-log-maxsize=2000000000"))} spids: [2942] ) ] spids: [2942] ) ] spids: [-1 2883] ) ] spids: [-1 2948] ) (C {(echo)} {(DQ (${ VSub_Name params))}) ] spids: [2478] ) spids: [2474 2477] ) (FuncDef name: compute-kube-controller-manager-params body: (BraceGroup children: [ (Assignment keyword: Assign_Local pairs: [ (assign_pair lhs: (LhsName name:params) op: Equal rhs: { (DQ (BracedVarSub token: <VSub_Name CONTROLLER_MANAGER_TEST_ARGS> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [2976 2979] ) ) } spids: [2974] ) ] spids: [2972] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --use-service-account-credentials"))} spids: [2983] ) ] spids: [2983] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --kubeconfig=/etc/srv/kubernetes/kube-controller-manager/kubeconfig"))} spids: [2989] ) ] spids: [2989] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --service-account-private-key-file=/etc/srv/kubernetes/server.key"))} spids: [2995] ) ] spids: [2995] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --root-ca-file=/etc/srv/kubernetes/ca.crt"))} spids: [3001] ) ] spids: [3001] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --allocate-node-cidrs=") (${ VSub_Name ALLOCATE_NODE_CIDRS))} spids: [3007] ) ] spids: [3007] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --cluster-cidr=") (${ VSub_Name CLUSTER_IP_RANGE))} spids: [3016] ) ] spids: [3016] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --service-cluster-ip-range=") (${ VSub_Name SERVICE_CLUSTER_IP_RANGE))} spids: [3025] ) ] spids: [3025] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: { (DQ (" --terminated-pod-gc-threshold=") (${ VSub_Name TERMINATED_POD_GC_THRESHOLD) ) } spids: [3034] ) ] spids: [3034] ) (C {(echo)} {(DQ (${ VSub_Name params))}) ] spids: [2969] ) spids: [2965 2968] ) (FuncDef name: compute-kube-scheduler-params body: (BraceGroup children: [ (Assignment keyword: Assign_Local pairs: [ (assign_pair lhs: (LhsName name:params) op: Equal rhs: { (DQ (BracedVarSub token: <VSub_Name SCHEDULER_TEST_ARGS> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [3068 3071] ) ) } spids: [3066] ) ] spids: [3064] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:params) op: PlusEqual rhs: {(DQ (" --kubeconfig=/etc/srv/kubernetes/kube-scheduler/kubeconfig"))} spids: [3075] ) ] spids: [3075] ) (C {(echo)} {(DQ (${ VSub_Name params))}) ] spids: [3061] ) spids: [3057 3060] ) (FuncDef name: compute-kube-addon-manager-params body: (BraceGroup children:[(C {(echo)} {(DQ )})] spids:[3099]) spids: [3095 3098] ) (FuncDef name: start-kubemaster-component body: (BraceGroup children: [ (C {(echo)} {(DQ ("Start master component ") ($ VSub_Number "$1"))}) (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:component) op: Equal rhs: {($ VSub_Number "$1")} spids: [3170] ) ] spids: [3166] ) (C {(prepare-log-file)} {(/var/log/) (DQ (${ VSub_Name component)) (.log)}) (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:src_file) op: Equal rhs: {(DQ (${ VSub_Name KUBE_ROOT) (/) (${ VSub_Name component) (.yaml))} spids: [3189] ) ] spids: [3185] ) (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:params) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [(C {(compute-) (${ VSub_Name component) (-params)})] ) left_token: <Left_CommandSub "$("> spids: [3207 3213] ) } spids: [3206] ) ] spids: [3202] ) (C {(sed)} {(-i)} {(-e)} {(DQ ("s@{{params}}@") (${ VSub_Name params) ("@g"))} {(DQ (${ VSub_Name src_file))} ) (C {(sed)} {(-i)} {(-e)} {(DQ ("s@{{kube_docker_registry}}@") (${ VSub_Name DOCKER_REGISTRY) ("@g"))} {(DQ (${ VSub_Name src_file))} ) (C {(sed)} {(-i)} {(-e)} {(DQ ("s@{{instance_prefix}}@") (${ VSub_Name INSTANCE_PREFIX) ("@g"))} {(DQ (${ VSub_Name src_file))} ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other "[")} { (DQ (BracedVarSub token: <VSub_Name component> suffix_op: (Slice begin: (ArithWord w:{(Lit_Digits 0)}) length: (ArithWord w:{(Lit_Digits 4)}) ) spids: [3289 3295] ) ) } {(Lit_Other "=") (Lit_Other "=")} {(DQ (etcd))} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) ] action: [ (C {(sed)} {(-i)} {(-e)} {(DQ ("s@{{etcd_image}}@") (${ VSub_Name ETCD_IMAGE) ("@g"))} {(DQ (${ VSub_Name src_file))} ) ] spids: [-1 3308] ) (if_arm cond: [ (Sentence child: (C {(Lit_Other "[")} {(DQ (${ VSub_Name component))} {(Lit_Other "=") (Lit_Other "=")} {(DQ (kube-addon-manager))} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) ] action: [(C {(setup-addon-manifests)} {(DQ (addons))} {(DQ (kubemark-rbac-bindings))})] spids: [3332 3352] ) ] else_action: [ (Assignment keyword: Assign_Local flags: ["'-r'"] pairs: [ (assign_pair lhs: (LhsName name:component_docker_tag) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (C {(cat)} {(${ VSub_Name KUBE_BINDIR) (/) (${ VSub_Name component) (.docker_tag) } ) ] ) left_token: <Left_CommandSub "$("> spids: [3374 3385] ) } spids: [3373] ) ] spids: [3369] ) (C {(sed)} {(-i)} {(-e)} { (DQ ("s@{{") (${ VSub_Name component) ("_docker_tag}}@") (${ VSub_Name component_docker_tag) ("@g") ) } {(DQ (${ VSub_Name src_file))} ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other "[")} {(DQ (${ VSub_Name component))} {(Lit_Other "=") (Lit_Other "=")} {(DQ (kube-apiserver))} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) ] action: [ (Assignment keyword: Assign_Local pairs: [ (assign_pair lhs: (LhsName name:audit_policy_config_mount) op: Equal rhs: {(DQ )} spids: [3438] ) ] spids: [3436] ) (Assignment keyword: Assign_Local pairs: [ (assign_pair lhs: (LhsName name:audit_policy_config_volume) op: Equal rhs: {(DQ )} spids: [3445] ) ] spids: [3443] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolBinary op_id: BoolBinary_GlobDEqual left: { (DQ (BracedVarSub token: <VSub_Name ENABLE_APISERVER_ADVANCED_AUDIT> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [3455 3458] ) ) } right: {(DQ (true))} ) ) terminator: <Op_Semi ";"> ) ] action: [ (SimpleCommand words: [{(read)} {(-d)} {(SQ )} {(audit_policy_config_mount)}] redirects: [ (HereDoc op_id: Redir_DLess fd: -1 body: { (DQ ("- name: auditpolicyconfigmount\n") (" mountPath: ") (${ VSub_Name audit_policy_file) ("\n") (" readOnly: true\n") ) } do_expansion: True here_end: EOF was_filled: True spids: [3482] ) ] ) (SimpleCommand words: [{(read)} {(-d)} {(SQ )} {(audit_policy_config_volume)}] redirects: [ (HereDoc op_id: Redir_DLess fd: -1 body: { (DQ ("- name: auditpolicyconfigmount\n") (" hostPath:\n") (" path: ") (${ VSub_Name audit_policy_file) ("\n") (" type: FileOrCreate\n") ) } do_expansion: True here_end: EOF was_filled: True spids: [3503] ) ] ) ] spids: [-1 3470] ) ] spids: [-1 3516] ) (C {(sed)} {(-i)} {(-e)} { (DQ ("s@{{audit_policy_config_mount}}@") (${ VSub_Name audit_policy_config_mount) ("@g") ) } {(DQ (${ VSub_Name src_file))} ) (C {(sed)} {(-i)} {(-e)} { (DQ ("s@{{audit_policy_config_volume}}@") (${ VSub_Name audit_policy_config_volume) ("@g") ) } {(DQ (${ VSub_Name src_file))} ) ] spids: [-1 3433] ) ] spids: [-1 3561] ) ] spids: [3366 3564] ) (C {(cp)} {(DQ (${ VSub_Name src_file))} {(/etc/kubernetes/manifests)}) ] spids: [3155] ) spids: [3149 3154] ) (C {(echo)} {(DQ ("Start to configure master instance for kubemark"))}) (C {(cd)} {(DQ (${ VSub_Name KUBE_ROOT))}) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (LogicalNot child: (BoolUnary op_id: BoolUnary_d child: {(DQ (${ VSub_Name KUBE_ROOT) (/kubernetes))} ) ) ) terminator: <Op_Semi ";"> ) ] action: [(C {(tar)} {(xzf)} {(kubernetes-server-linux-amd64.tar.gz)})] spids: [-1 3619] ) ] spids: [-1 3628] ) (C {(source)} {(DQ (${ VSub_Name KUBE_ROOT) (/kubemark-master-env.sh))}) (C {(config-ip-firewall)}) (C {(create-dirs)}) (C {(setup-kubelet-dir)}) (C {(delete-default-etcd-configs)}) (C {(compute-etcd-variables)}) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (LogicalNot child: (BoolUnary op_id: BoolUnary_f child: { (DQ (${ VSub_Name KUBE_ROOT) (/k8s_auth_data/kube-controller-manager/kubeconfig) ) } ) ) ) terminator: <Op_Semi ";"> ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:KUBE_CONTROLLER_MANAGER_TOKEN) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (Pipeline children: [ (SimpleCommand words: [ {(dd)} {(Lit_VarLike "if=") (/dev/urandom)} {(Lit_VarLike "bs=") (128)} {(Lit_VarLike "count=") (1)} ] redirects: [ (Redir op_id: Redir_Great fd: 2 arg_word: {(/dev/null)} spids: [3694] ) ] ) (C {(base64)}) (C {(tr)} {(-d)} {(DQ ("=+/"))}) (SimpleCommand words: [ {(dd)} {(Lit_VarLike "bs=") (32)} {(Lit_VarLike "count=") (1)} ] redirects: [ (Redir op_id: Redir_Great fd: 2 arg_word: {(/dev/null)} spids: [3721] ) ] ) ] negated: False ) ] ) left_token: <Left_CommandSub "$("> spids: [3682 3723] ) } spids: [3681] ) ] spids: [3681] ) (SimpleCommand words: [ {(echo)} { (DQ (${ VSub_Name KUBE_CONTROLLER_MANAGER_TOKEN) (",system:kube-controller-manager,uid:system:kube-controller-manager") ) } ] redirects: [ (Redir op_id: Redir_DGreat fd: -1 arg_word: {(DQ (${ VSub_Name KUBE_ROOT) (/k8s_auth_data/known_tokens.csv))} spids: [3735] ) ] ) (C {(create-kubecontrollermanager-kubeconfig)}) ] spids: [-1 3678] ) ] spids: [-1 3747] ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (LogicalNot child: (BoolUnary op_id: BoolUnary_f child: { (DQ (${ VSub_Name KUBE_ROOT) (/k8s_auth_data/kube-scheduler/kubeconfig)) } ) ) ) terminator: <Op_Semi ";"> ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:KUBE_SCHEDULER_TOKEN) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [ (Pipeline children: [ (SimpleCommand words: [ {(dd)} {(Lit_VarLike "if=") (/dev/urandom)} {(Lit_VarLike "bs=") (128)} {(Lit_VarLike "count=") (1)} ] redirects: [ (Redir op_id: Redir_Great fd: 2 arg_word: {(/dev/null)} spids: [3783] ) ] ) (C {(base64)}) (C {(tr)} {(-d)} {(DQ ("=+/"))}) (SimpleCommand words: [ {(dd)} {(Lit_VarLike "bs=") (32)} {(Lit_VarLike "count=") (1)} ] redirects: [ (Redir op_id: Redir_Great fd: 2 arg_word: {(/dev/null)} spids: [3810] ) ] ) ] negated: False ) ] ) left_token: <Left_CommandSub "$("> spids: [3771 3812] ) } spids: [3770] ) ] spids: [3770] ) (SimpleCommand words: [ {(echo)} { (DQ (${ VSub_Name KUBE_SCHEDULER_TOKEN) (",system:kube-scheduler,uid:system:kube-scheduler") ) } ] redirects: [ (Redir op_id: Redir_DGreat fd: -1 arg_word: {(DQ (${ VSub_Name KUBE_ROOT) (/k8s_auth_data/known_tokens.csv))} spids: [3824] ) ] ) (C {(create-kubescheduler-kubeconfig)}) ] spids: [-1 3767] ) ] spids: [-1 3836] ) (BraceGroup children: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:main_etcd_mount_point) op: Equal rhs: {(DQ (/mnt/disks/master-pd))} spids: [3845] ) ] spids: [3845] ) (C {(mount-pd)} {(DQ (google-master-pd))} {(DQ (${ VSub_Name main_etcd_mount_point))}) (C {(mkdir)} {(-m)} {(700)} {(-p)} {(DQ (${ VSub_Name main_etcd_mount_point) (/var/etcd))}) (C {(ln)} {(-s)} {(-f)} {(DQ (${ VSub_Name main_etcd_mount_point) (/var/etcd))} {(/var/etcd)}) (C {(mkdir)} {(-p)} {(/etc/srv)}) (C {(mkdir)} {(-p)} {(DQ (${ VSub_Name main_etcd_mount_point) (/srv/kubernetes))}) (C {(ln)} {(-s)} {(-f)} {(DQ (${ VSub_Name main_etcd_mount_point) (/srv/kubernetes))} {(/etc/srv/kubernetes)} ) (If arms: [ (if_arm cond: [ (Sentence child: (DBracket expr: (BoolBinary op_id: BoolBinary_GlobDEqual left: { (DQ (CommandSubPart command_list: (CommandList children: [ (C {(ls)} {(-A)} {(${ VSub_Name main_etcd_mount_point) (/srv/kubernetes/)} ) ] ) left_token: <Left_CommandSub "$("> spids: [3948 3957] ) ) } right: {(DQ )} ) ) terminator: <Op_Semi ";"> ) ] action: [ (C {(cp)} {(-r)} {(DQ (${ VSub_Name KUBE_ROOT)) (/k8s_auth_data/) (Lit_Other "*")} {(DQ (${ VSub_Name main_etcd_mount_point) (/srv/kubernetes/))} ) ] spids: [-1 3968] ) ] spids: [-1 3991] ) (C {(mkdir)} {(-p)} {(DQ (${ VSub_Name main_etcd_mount_point) (/srv/sshproxy))}) (C {(ln)} {(-s)} {(-f)} {(DQ (${ VSub_Name main_etcd_mount_point) (/srv/sshproxy))} {(/etc/srv/sshproxy)} ) ] spids: [3842] ) (BraceGroup children: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:EVENT_STORE_IP) op: Equal rhs: { (DQ (BracedVarSub token: <VSub_Name EVENT_STORE_IP> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(127.0.0.1)}) spids: [4036 4040] ) ) } spids: [4034] ) ] spids: [4034] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:EVENT_STORE_URL) op: Equal rhs: { (DQ (BracedVarSub token: <VSub_Name EVENT_STORE_URL> suffix_op: (StringUnary op_id: VTest_ColonHyphen arg_word: {("http:") (Lit_Slash /) (Lit_Slash /) (${ VSub_Name EVENT_STORE_IP) (":4002") } ) spids: [4046 4056] ) ) } spids: [4044] ) ] spids: [4044] ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:EVENT_PD) op: Equal rhs: { (DQ (BracedVarSub token: <VSub_Name EVENT_PD> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(false)}) spids: [4062 4066] ) ) } spids: [4060] ) ] spids: [4060] ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other "[")} { (DQ (BracedVarSub token: <VSub_Name EVENT_PD> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(false)}) spids: [4075 4079] ) ) } {(Lit_Other "=") (Lit_Other "=")} {(DQ (true))} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) ] action: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:event_etcd_mount_point) op: Equal rhs: {(DQ (/mnt/disks/master-event-pd))} spids: [4095] ) ] spids: [4095] ) (C {(mount-pd)} {(DQ (google-master-event-pd))} {(DQ (${ VSub_Name event_etcd_mount_point))} ) (C {(mkdir)} {(-m)} {(700)} {(-p)} {(DQ (${ VSub_Name event_etcd_mount_point) (/var/etcd/events))} ) (C {(ln)} {(-s)} {(-f)} {(DQ (${ VSub_Name event_etcd_mount_point) (/var/etcd/events))} {(/var/etcd/events)} ) ] spids: [-1 4092] ) ] spids: [-1 4150] ) ] spids: [4031] ) (C {(assemble-docker-flags)}) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:DOCKER_REGISTRY) op: Equal rhs: {(DQ (gcr.io/google_containers))} spids: [4160] ) ] spids: [4160] ) (C {(load-docker-images)}) (Assignment keyword: Assign_Readonly pairs: [ (assign_pair lhs: (LhsName name:audit_policy_file) op: Equal rhs: {(DQ (/etc/audit_policy.config))} spids: [4170] ) ] spids: [4168] ) (C {(start-kubelet)}) (C {(start-kubemaster-component)} {(DQ (etcd))}) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other "[")} { (DQ (BracedVarSub token: <VSub_Name EVENT_STORE_IP> suffix_op: (StringUnary op_id:VTest_ColonHyphen arg_word:{(SQ )}) spids: [4192 4195] ) ) } {(Lit_Other "=") (Lit_Other "=")} {(DQ (127.0.0.1))} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) ] action: [(C {(start-kubemaster-component)} {(DQ (etcd-events))})] spids: [-1 4208] ) ] spids: [-1 4217] ) (C {(start-kubemaster-component)} {(DQ (kube-apiserver))}) (C {(start-kubemaster-component)} {(DQ (kube-controller-manager))}) (C {(start-kubemaster-component)} {(DQ (kube-scheduler))}) (C {(start-kubemaster-component)} {(DQ (kube-addon-manager))}) (C {(echo)} {(-n)} {(DQ ("Waiting for apiserver to be healthy"))}) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:start) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [(C {(date)} {(Lit_Other "+") (Lit_Other "%") (s)})] ) left_token: <Left_CommandSub "$("> spids: [4256 4262] ) } spids: [4255] ) ] spids: [4255] ) (Until cond: [ (Sentence child: (C {(Lit_Other "[")} { (DQ (CommandSubPart command_list: (CommandList children: [ (SimpleCommand words: [{(curl)} {(127.0.0.1) (Lit_Other ":") (8080/healthz)}] redirects: [ (Redir op_id: Redir_Great fd: 2 arg_word: {(/dev/null)} spids: [4276] ) ] ) ] ) left_token: <Left_CommandSub "$("> spids: [4269 4279] ) ) } {(Lit_Other "=") (Lit_Other "=")} {(DQ (ok))} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) ] body: (DoGroup children: [ (C {(echo)} {(-n)} {(DQ (.))}) (C {(sleep)} {(1)}) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:now) op: Equal rhs: { (CommandSubPart command_list: (CommandList children: [(C {(date)} {(Lit_Other "+") (Lit_Other "%") (s)})] ) left_token: <Left_CommandSub "$("> spids: [4310 4316] ) } spids: [4309] ) ] spids: [4309] ) (If arms: [ (if_arm cond: [ (Sentence child: (C {(Lit_Other "[")} { (ArithSubPart anode: (ArithBinary op_id: Arith_Minus left: (ArithVarRef name:now) right: (ArithVarRef name:start) ) spids: [4323 4330] ) } {(-gt)} {(300)} {(Lit_Other "]")} ) terminator: <Op_Semi ";"> ) ] action: [(C {(echo)} {(DQ ("Timeout!"))}) (C {(exit)} {(1)})] spids: [-1 4339] ) ] spids: [-1 4354] ) ] spids: [4292 4356] ) ) (C {(echo)} {(DQ ("Done for the configuration for kubermark master"))}) ] )