eggo/0004-use-local-cert-replace-openssl.patch

From 5a443177a9c70296d9a3e57b2336e33ba72c6657 Mon Sep 17 00:00:00 2001
From: haozi007 <liuhao27@huawei.com>
Date: Wed, 8 Sep 2021 04:21:32 +0100
Subject: [PATCH 1/4] use local cert replace openssl

Signed-off-by: haozi007 <liuhao27@huawei.com>
---
 cmd/checker.go                                       | 10 ++++++++++
 cmd/checker_test.go                                  |  9 +++++++++
 .../binary/controlplane/controlplane.go              |  2 +-
 .../binary/etcdcluster/etcdcerts.go                  |  8 ++++----
 .../binary/etcdcluster/etcdcluster.go                |  2 +-
 .../binary/etcdcluster/etcdcluster_test.go           |  2 +-
 pkg/utils/certs/certs_test.go                        | 12 ++++++------
 pkg/utils/runner/runner.go                           |  4 ++--
 8 files changed, 34 insertions(+), 15 deletions(-)

diff --git a/cmd/checker.go b/cmd/checker.go
index a924629..4530f2b 100644
--- a/cmd/checker.go
+++ b/cmd/checker.go
@@ -24,6 +24,7 @@ import (
 	"time"
 
 	"isula.org/eggo/pkg/api"
+	"isula.org/eggo/pkg/utils"
 	"isula.org/eggo/pkg/utils/endpoint"
 	chain "isula.org/eggo/pkg/utils/responsibilitychain"
 	"k8s.io/apimachinery/pkg/util/validation"
@@ -388,6 +389,15 @@ func (ccr *InstallConfigResponsibility) Execute() error {
 			if !filepath.IsAbs(path) {
 				return fmt.Errorf("srcpackage %s path: %s must be absolute", arch, path)
 			}
+			if _, ok := ccr.arch[arch]; ok {
+				exist, err := utils.CheckPathExist(path)
+				if err != nil {
+					return err
+				}
+				if !exist {
+					return fmt.Errorf("have arch: %s node, but src package: %s is not exist", arch, path)
+				}
+			}
 		}
 
 		if len(ccr.conf.PackageSrc.SrcPath) != 0 {
diff --git a/cmd/checker_test.go b/cmd/checker_test.go
index fefe0e6..1fee45a 100644
--- a/cmd/checker_test.go
+++ b/cmd/checker_test.go
@@ -44,6 +44,15 @@ func TestRunChecker(t *testing.T) {
 		t.Fatalf("load deploy config file failed: %v", err)
 	}
 
+	if err = RunChecker(conf); err == nil {
+		t.Fatalf("test invalid cluster config failed: %v", err)
+	}
+
+	for _, fn := range conf.InstallConfig.PackageSrc.SrcPath {
+		os.MkdirAll(fn, 0755)
+		defer os.RemoveAll(fn)
+	}
+
 	// test check success
 	if err = RunChecker(conf); err != nil {
 		t.Fatalf("test checker success failed: %v", err)
diff --git a/pkg/clusterdeployment/binary/controlplane/controlplane.go b/pkg/clusterdeployment/binary/controlplane/controlplane.go
index 5e6a8a0..2296c57 100644
--- a/pkg/clusterdeployment/binary/controlplane/controlplane.go
+++ b/pkg/clusterdeployment/binary/controlplane/controlplane.go
@@ -285,7 +285,7 @@ func generateCerts(savePath string, cg certs.CertGenerator, ccfg *api.ClusterCon
 }
 
 func prepareCAs(lcg certs.CertGenerator, savePath string) error {
-	if _, err := lcg.RunCommand(fmt.Sprintf("sudo mkdir -p -m 0700 %s", savePath)); err != nil {
+	if _, err := lcg.RunCommand(fmt.Sprintf("mkdir -p -m 0700 %s", savePath)); err != nil {
 		logrus.Errorf("prepare certificates store path failed: %v", err)
 		return err
 	}
diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go
index 1262e99..00f6116 100644
--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go
+++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go
@@ -89,21 +89,21 @@ func generateEtcdCerts(r runner.Runner, ccfg *api.ClusterConfig, hostConfig *api
 }
 
 // see: https://kubernetes.io/docs/setup/best-practices/certificates/
-func generateCaAndApiserverEtcdCerts(r runner.Runner, ccfg *api.ClusterConfig) error {
+func generateCaAndApiserverEtcdCerts(ccfg *api.ClusterConfig) error {
 	savePath := api.GetCertificateStorePath(ccfg.Name)
 	etcdCertsPath := filepath.Join(savePath, "etcd")
-	cg := certs.NewOpensshBinCertGenerator(r)
+	lcg := certs.NewLocalCertGenerator()
 
 	// generate etcd root ca
 	caConfig := &certs.CertConfig{
 		CommonName: "etcd-ca",
 	}
-	if err := cg.CreateCA(caConfig, etcdCertsPath, "ca"); err != nil {
+	if err := lcg.CreateCA(caConfig, etcdCertsPath, "ca"); err != nil {
 		return err
 	}
 
 	// generate apiserver-etcd-client certificates
-	if err := genApiserverEtcdClientCerts(savePath, cg, ccfg); err != nil {
+	if err := genApiserverEtcdClientCerts(savePath, lcg, ccfg); err != nil {
 		return err
 	}
 
diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go
index 88db696..5444e77 100644
--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go
+++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go
@@ -229,7 +229,7 @@ func prepareEtcdConfigs(ccfg *api.ClusterConfig, r runner.Runner, hostConfig *ap
 
 func Init(conf *api.ClusterConfig) error {
 	// generate ca certificates and kube-apiserver-etcd-client certificates
-	if err := generateCaAndApiserverEtcdCerts(&runner.LocalRunner{}, conf); err != nil {
+	if err := generateCaAndApiserverEtcdCerts(conf); err != nil {
 		return err
 	}
 
diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go
index 43be12d..f19394a 100644
--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go
+++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go
@@ -172,7 +172,7 @@ func TestEtcdCertsAndConfig(t *testing.T) {
 		t.Fatalf("prepare etcd configs failed: %v", err)
 	}
 
-	if err = generateCaAndApiserverEtcdCerts(r, deployConf); err != nil {
+	if err = generateCaAndApiserverEtcdCerts(deployConf); err != nil {
 		t.Fatalf("generate ca and apiserver etcd certs failed: %v", err)
 	}
 
diff --git a/pkg/utils/certs/certs_test.go b/pkg/utils/certs/certs_test.go
index 522d0cb..59a4a65 100644
--- a/pkg/utils/certs/certs_test.go
+++ b/pkg/utils/certs/certs_test.go
@@ -12,8 +12,8 @@ import (
 
 func TestNewLocalCertGenerator(t *testing.T) {
 	savePath := "/tmp/haozi"
-	cg := NewLocalCertGenerator()
-	err := cg.CreateServiceAccount(savePath)
+	lcg := NewLocalCertGenerator()
+	err := lcg.CreateServiceAccount(savePath)
 	if err != nil {
 		t.Fatalf("create service account failed: %v", err)
 	}
@@ -37,7 +37,7 @@ func TestNewLocalCertGenerator(t *testing.T) {
 		},
 		Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
 	}
-	err = cg.CreateCA(apiserverConfig, savePath, "ca")
+	err = lcg.CreateCA(apiserverConfig, savePath, "ca")
 	if err != nil {
 		t.Fatalf("create apiserver ca failed: %v", err)
 	}
@@ -59,16 +59,16 @@ func TestNewLocalCertGenerator(t *testing.T) {
 	}
 	caCertPath := fmt.Sprintf("%s/ca.crt", savePath)
 	caKeyPath := fmt.Sprintf("%s/ca.key", savePath)
-	err = cg.CreateCertAndKey(caCertPath, caKeyPath, adminConfig, savePath, "admin")
+	err = lcg.CreateCertAndKey(caCertPath, caKeyPath, adminConfig, savePath, "admin")
 	if err != nil {
 		t.Fatalf("create cert and key for admin failed: %v", err)
 	}
-	err = cg.CreateKubeConfig(savePath, constants.KubeConfigFileNameAdmin, caCertPath, "default-cluster", "default-admin",
+	err = lcg.CreateKubeConfig(savePath, constants.KubeConfigFileNameAdmin, caCertPath, "default-cluster", "default-admin",
 		filepath.Join(savePath, "admin.crt"), filepath.Join(savePath, "admin.key"), "https://127.0.0.1:6443")
 	if err != nil {
 		t.Fatalf("create kubeconfig for admin failed: %v", err)
 	}
-	if err := cg.CleanAll(savePath); err != nil {
+	if err := lcg.CleanAll(savePath); err != nil {
 		t.Fatalf("clean all failed: %v", err)
 	}
 }
diff --git a/pkg/utils/runner/runner.go b/pkg/utils/runner/runner.go
index 3b15a08..9e1689e 100644
--- a/pkg/utils/runner/runner.go
+++ b/pkg/utils/runner/runner.go
@@ -51,7 +51,7 @@ type LocalRunner struct {
 }
 
 func (r *LocalRunner) copyDir(srcDir, dstDir string) error {
-	output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("sudo cp -rf %v %v", srcDir, dstDir)).CombinedOutput()
+	output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("cp -rf %v %v", srcDir, dstDir)).CombinedOutput()
 	if err != nil {
 		logrus.Errorf("[local] copy %s to %s failed: %v\noutput: %v\n", srcDir, dstDir, err, string(output))
 		return err
@@ -70,7 +70,7 @@ func (r *LocalRunner) Copy(src, dst string) error {
 		// just copy file
 		return r.copyDir(src, dst)
 	}
-	output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("sudo cp -f %v %v", src, dst)).CombinedOutput()
+	output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("cp -f %v %v", src, dst)).CombinedOutput()
 	if err != nil {
 		logrus.Errorf("[local] copy %s to %s failed: %v\noutput: %v\n", src, dst, err, string(output))
 	} else {
-- 
2.25.1
eggo several bugfix Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com> 2021-09-13 20:09:25 +08:00			`From 5a443177a9c70296d9a3e57b2336e33ba72c6657 Mon Sep 17 00:00:00 2001`
			`From: haozi007 <liuhao27@huawei.com>`
			`Date: Wed, 8 Sep 2021 04:21:32 +0100`
			`Subject: [PATCH 1/4] use local cert replace openssl`

			`Signed-off-by: haozi007 <liuhao27@huawei.com>`
			`---`
			`cmd/checker.go \| 10 ++++++++++`
			`cmd/checker_test.go \| 9 +++++++++`
			`.../binary/controlplane/controlplane.go \| 2 +-`
			`.../binary/etcdcluster/etcdcerts.go \| 8 ++++----`
			`.../binary/etcdcluster/etcdcluster.go \| 2 +-`
			`.../binary/etcdcluster/etcdcluster_test.go \| 2 +-`
			`pkg/utils/certs/certs_test.go \| 12 ++++++------`
			`pkg/utils/runner/runner.go \| 4 ++--`
			`8 files changed, 34 insertions(+), 15 deletions(-)`

			`diff --git a/cmd/checker.go b/cmd/checker.go`
			`index a924629..4530f2b 100644`
			`--- a/cmd/checker.go`
			`+++ b/cmd/checker.go`
			`@@ -24,6 +24,7 @@ import (`
			`"time"`

			`"isula.org/eggo/pkg/api"`
			`+ "isula.org/eggo/pkg/utils"`
			`"isula.org/eggo/pkg/utils/endpoint"`
			`chain "isula.org/eggo/pkg/utils/responsibilitychain"`
			`"k8s.io/apimachinery/pkg/util/validation"`
			`@@ -388,6 +389,15 @@ func (ccr *InstallConfigResponsibility) Execute() error {`
			`if !filepath.IsAbs(path) {`
			`return fmt.Errorf("srcpackage %s path: %s must be absolute", arch, path)`
			`}`
			`+ if _, ok := ccr.arch[arch]; ok {`
			`+ exist, err := utils.CheckPathExist(path)`
			`+ if err != nil {`
			`+ return err`
			`+ }`
			`+ if !exist {`
			`+ return fmt.Errorf("have arch: %s node, but src package: %s is not exist", arch, path)`
			`+ }`
			`+ }`
			`}`

			`if len(ccr.conf.PackageSrc.SrcPath) != 0 {`
			`diff --git a/cmd/checker_test.go b/cmd/checker_test.go`
			`index fefe0e6..1fee45a 100644`
			`--- a/cmd/checker_test.go`
			`+++ b/cmd/checker_test.go`
			`@@ -44,6 +44,15 @@ func TestRunChecker(t *testing.T) {`
			`t.Fatalf("load deploy config file failed: %v", err)`
			`}`

			`+ if err = RunChecker(conf); err == nil {`
			`+ t.Fatalf("test invalid cluster config failed: %v", err)`
			`+ }`
			`+`
			`+ for _, fn := range conf.InstallConfig.PackageSrc.SrcPath {`
			`+ os.MkdirAll(fn, 0755)`
			`+ defer os.RemoveAll(fn)`
			`+ }`
			`+`
			`// test check success`
			`if err = RunChecker(conf); err != nil {`
			`t.Fatalf("test checker success failed: %v", err)`
			`diff --git a/pkg/clusterdeployment/binary/controlplane/controlplane.go b/pkg/clusterdeployment/binary/controlplane/controlplane.go`
			`index 5e6a8a0..2296c57 100644`
			`--- a/pkg/clusterdeployment/binary/controlplane/controlplane.go`
			`+++ b/pkg/clusterdeployment/binary/controlplane/controlplane.go`
			`@@ -285,7 +285,7 @@ func generateCerts(savePath string, cg certs.CertGenerator, ccfg *api.ClusterCon`
			`}`

			`func prepareCAs(lcg certs.CertGenerator, savePath string) error {`
			`- if _, err := lcg.RunCommand(fmt.Sprintf("sudo mkdir -p -m 0700 %s", savePath)); err != nil {`
			`+ if _, err := lcg.RunCommand(fmt.Sprintf("mkdir -p -m 0700 %s", savePath)); err != nil {`
			`logrus.Errorf("prepare certificates store path failed: %v", err)`
			`return err`
			`}`
			`diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go`
			`index 1262e99..00f6116 100644`
			`--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go`
			`+++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go`
			`@@ -89,21 +89,21 @@ func generateEtcdCerts(r runner.Runner, ccfg api.ClusterConfig, hostConfig api`
			`}`

			`// see: https://kubernetes.io/docs/setup/best-practices/certificates/`
			`-func generateCaAndApiserverEtcdCerts(r runner.Runner, ccfg *api.ClusterConfig) error {`
			`+func generateCaAndApiserverEtcdCerts(ccfg *api.ClusterConfig) error {`
			`savePath := api.GetCertificateStorePath(ccfg.Name)`
			`etcdCertsPath := filepath.Join(savePath, "etcd")`
			`- cg := certs.NewOpensshBinCertGenerator(r)`
			`+ lcg := certs.NewLocalCertGenerator()`

			`// generate etcd root ca`
			`caConfig := &certs.CertConfig{`
			`CommonName: "etcd-ca",`
			`}`
			`- if err := cg.CreateCA(caConfig, etcdCertsPath, "ca"); err != nil {`
			`+ if err := lcg.CreateCA(caConfig, etcdCertsPath, "ca"); err != nil {`
			`return err`
			`}`

			`// generate apiserver-etcd-client certificates`
			`- if err := genApiserverEtcdClientCerts(savePath, cg, ccfg); err != nil {`
			`+ if err := genApiserverEtcdClientCerts(savePath, lcg, ccfg); err != nil {`
			`return err`
			`}`

			`diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go`
			`index 88db696..5444e77 100644`
			`--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go`
			`+++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go`
			`@@ -229,7 +229,7 @@ func prepareEtcdConfigs(ccfg api.ClusterConfig, r runner.Runner, hostConfig ap`

			`func Init(conf *api.ClusterConfig) error {`
			`// generate ca certificates and kube-apiserver-etcd-client certificates`
			`- if err := generateCaAndApiserverEtcdCerts(&runner.LocalRunner{}, conf); err != nil {`
			`+ if err := generateCaAndApiserverEtcdCerts(conf); err != nil {`
			`return err`
			`}`

			`diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go`
			`index 43be12d..f19394a 100644`
			`--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go`
			`+++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go`
			`@@ -172,7 +172,7 @@ func TestEtcdCertsAndConfig(t *testing.T) {`
			`t.Fatalf("prepare etcd configs failed: %v", err)`
			`}`

			`- if err = generateCaAndApiserverEtcdCerts(r, deployConf); err != nil {`
			`+ if err = generateCaAndApiserverEtcdCerts(deployConf); err != nil {`
			`t.Fatalf("generate ca and apiserver etcd certs failed: %v", err)`
			`}`

			`diff --git a/pkg/utils/certs/certs_test.go b/pkg/utils/certs/certs_test.go`
			`index 522d0cb..59a4a65 100644`
			`--- a/pkg/utils/certs/certs_test.go`
			`+++ b/pkg/utils/certs/certs_test.go`
			`@@ -12,8 +12,8 @@ import (`

			`func TestNewLocalCertGenerator(t *testing.T) {`
			`savePath := "/tmp/haozi"`
			`- cg := NewLocalCertGenerator()`
			`- err := cg.CreateServiceAccount(savePath)`
			`+ lcg := NewLocalCertGenerator()`
			`+ err := lcg.CreateServiceAccount(savePath)`
			`if err != nil {`
			`t.Fatalf("create service account failed: %v", err)`
			`}`
			`@@ -37,7 +37,7 @@ func TestNewLocalCertGenerator(t *testing.T) {`
			`},`
			`Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},`
			`}`
			`- err = cg.CreateCA(apiserverConfig, savePath, "ca")`
			`+ err = lcg.CreateCA(apiserverConfig, savePath, "ca")`
			`if err != nil {`
			`t.Fatalf("create apiserver ca failed: %v", err)`
			`}`
			`@@ -59,16 +59,16 @@ func TestNewLocalCertGenerator(t *testing.T) {`
			`}`
			`caCertPath := fmt.Sprintf("%s/ca.crt", savePath)`
			`caKeyPath := fmt.Sprintf("%s/ca.key", savePath)`
			`- err = cg.CreateCertAndKey(caCertPath, caKeyPath, adminConfig, savePath, "admin")`
			`+ err = lcg.CreateCertAndKey(caCertPath, caKeyPath, adminConfig, savePath, "admin")`
			`if err != nil {`
			`t.Fatalf("create cert and key for admin failed: %v", err)`
			`}`
			`- err = cg.CreateKubeConfig(savePath, constants.KubeConfigFileNameAdmin, caCertPath, "default-cluster", "default-admin",`
			`+ err = lcg.CreateKubeConfig(savePath, constants.KubeConfigFileNameAdmin, caCertPath, "default-cluster", "default-admin",`
			`filepath.Join(savePath, "admin.crt"), filepath.Join(savePath, "admin.key"), "https://127.0.0.1:6443")`
			`if err != nil {`
			`t.Fatalf("create kubeconfig for admin failed: %v", err)`
			`}`
			`- if err := cg.CleanAll(savePath); err != nil {`
			`+ if err := lcg.CleanAll(savePath); err != nil {`
			`t.Fatalf("clean all failed: %v", err)`
			`}`
			`}`
			`diff --git a/pkg/utils/runner/runner.go b/pkg/utils/runner/runner.go`
			`index 3b15a08..9e1689e 100644`
			`--- a/pkg/utils/runner/runner.go`
			`+++ b/pkg/utils/runner/runner.go`
			`@@ -51,7 +51,7 @@ type LocalRunner struct {`
			`}`

			`func (r *LocalRunner) copyDir(srcDir, dstDir string) error {`
			`- output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("sudo cp -rf %v %v", srcDir, dstDir)).CombinedOutput()`
			`+ output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("cp -rf %v %v", srcDir, dstDir)).CombinedOutput()`
			`if err != nil {`
			`logrus.Errorf("[local] copy %s to %s failed: %v\noutput: %v\n", srcDir, dstDir, err, string(output))`
			`return err`
			`@@ -70,7 +70,7 @@ func (r *LocalRunner) Copy(src, dst string) error {`
			`// just copy file`
			`return r.copyDir(src, dst)`
			`}`
			`- output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("sudo cp -f %v %v", src, dst)).CombinedOutput()`
			`+ output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("cp -f %v %v", src, dst)).CombinedOutput()`
			`if err != nil {`
			`logrus.Errorf("[local] copy %s to %s failed: %v\noutput: %v\n", src, dst, err, string(output))`
			`} else {`
			`--`
			`2.25.1`