From 12225118de0b7d0f730d61d0cf5739e901a957bb Mon Sep 17 00:00:00 2001 From: zhangxiaoyu Date: Mon, 13 Sep 2021 20:09:25 +0800 Subject: [PATCH] eggo several bugfix Signed-off-by: zhangxiaoyu --- 0004-use-local-cert-replace-openssl.patch | 203 +++++++++++++++++++++ 0005-add-coredns-checker.patch | 213 ++++++++++++++++++++++ 0006-add-list-command-for-eggo.patch | 199 ++++++++++++++++++++ 0007-update-cert-of-ca.patch | 158 ++++++++++++++++ eggo.spec | 12 +- 5 files changed, 784 insertions(+), 1 deletion(-) create mode 100644 0004-use-local-cert-replace-openssl.patch create mode 100644 0005-add-coredns-checker.patch create mode 100644 0006-add-list-command-for-eggo.patch create mode 100644 0007-update-cert-of-ca.patch diff --git a/0004-use-local-cert-replace-openssl.patch b/0004-use-local-cert-replace-openssl.patch new file mode 100644 index 0000000..f730b4d --- /dev/null +++ b/0004-use-local-cert-replace-openssl.patch @@ -0,0 +1,203 @@ +From 5a443177a9c70296d9a3e57b2336e33ba72c6657 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Wed, 8 Sep 2021 04:21:32 +0100 +Subject: [PATCH 1/4] use local cert replace openssl + +Signed-off-by: haozi007 +--- + cmd/checker.go | 10 ++++++++++ + cmd/checker_test.go | 9 +++++++++ + .../binary/controlplane/controlplane.go | 2 +- + .../binary/etcdcluster/etcdcerts.go | 8 ++++---- + .../binary/etcdcluster/etcdcluster.go | 2 +- + .../binary/etcdcluster/etcdcluster_test.go | 2 +- + pkg/utils/certs/certs_test.go | 12 ++++++------ + pkg/utils/runner/runner.go | 4 ++-- + 8 files changed, 34 insertions(+), 15 deletions(-) + +diff --git a/cmd/checker.go b/cmd/checker.go +index a924629..4530f2b 100644 +--- a/cmd/checker.go ++++ b/cmd/checker.go +@@ -24,6 +24,7 @@ import ( + "time" + + "isula.org/eggo/pkg/api" ++ "isula.org/eggo/pkg/utils" + "isula.org/eggo/pkg/utils/endpoint" + chain "isula.org/eggo/pkg/utils/responsibilitychain" + "k8s.io/apimachinery/pkg/util/validation" +@@ -388,6 +389,15 @@ func (ccr *InstallConfigResponsibility) Execute() error { + if !filepath.IsAbs(path) { + return fmt.Errorf("srcpackage %s path: %s must be absolute", arch, path) + } ++ if _, ok := ccr.arch[arch]; ok { ++ exist, err := utils.CheckPathExist(path) ++ if err != nil { ++ return err ++ } ++ if !exist { ++ return fmt.Errorf("have arch: %s node, but src package: %s is not exist", arch, path) ++ } ++ } + } + + if len(ccr.conf.PackageSrc.SrcPath) != 0 { +diff --git a/cmd/checker_test.go b/cmd/checker_test.go +index fefe0e6..1fee45a 100644 +--- a/cmd/checker_test.go ++++ b/cmd/checker_test.go +@@ -44,6 +44,15 @@ func TestRunChecker(t *testing.T) { + t.Fatalf("load deploy config file failed: %v", err) + } + ++ if err = RunChecker(conf); err == nil { ++ t.Fatalf("test invalid cluster config failed: %v", err) ++ } ++ ++ for _, fn := range conf.InstallConfig.PackageSrc.SrcPath { ++ os.MkdirAll(fn, 0755) ++ defer os.RemoveAll(fn) ++ } ++ + // test check success + if err = RunChecker(conf); err != nil { + t.Fatalf("test checker success failed: %v", err) +diff --git a/pkg/clusterdeployment/binary/controlplane/controlplane.go b/pkg/clusterdeployment/binary/controlplane/controlplane.go +index 5e6a8a0..2296c57 100644 +--- a/pkg/clusterdeployment/binary/controlplane/controlplane.go ++++ b/pkg/clusterdeployment/binary/controlplane/controlplane.go +@@ -285,7 +285,7 @@ func generateCerts(savePath string, cg certs.CertGenerator, ccfg *api.ClusterCon + } + + func prepareCAs(lcg certs.CertGenerator, savePath string) error { +- if _, err := lcg.RunCommand(fmt.Sprintf("sudo mkdir -p -m 0700 %s", savePath)); err != nil { ++ if _, err := lcg.RunCommand(fmt.Sprintf("mkdir -p -m 0700 %s", savePath)); err != nil { + logrus.Errorf("prepare certificates store path failed: %v", err) + return err + } +diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go +index 1262e99..00f6116 100644 +--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go ++++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go +@@ -89,21 +89,21 @@ func generateEtcdCerts(r runner.Runner, ccfg *api.ClusterConfig, hostConfig *api + } + + // see: https://kubernetes.io/docs/setup/best-practices/certificates/ +-func generateCaAndApiserverEtcdCerts(r runner.Runner, ccfg *api.ClusterConfig) error { ++func generateCaAndApiserverEtcdCerts(ccfg *api.ClusterConfig) error { + savePath := api.GetCertificateStorePath(ccfg.Name) + etcdCertsPath := filepath.Join(savePath, "etcd") +- cg := certs.NewOpensshBinCertGenerator(r) ++ lcg := certs.NewLocalCertGenerator() + + // generate etcd root ca + caConfig := &certs.CertConfig{ + CommonName: "etcd-ca", + } +- if err := cg.CreateCA(caConfig, etcdCertsPath, "ca"); err != nil { ++ if err := lcg.CreateCA(caConfig, etcdCertsPath, "ca"); err != nil { + return err + } + + // generate apiserver-etcd-client certificates +- if err := genApiserverEtcdClientCerts(savePath, cg, ccfg); err != nil { ++ if err := genApiserverEtcdClientCerts(savePath, lcg, ccfg); err != nil { + return err + } + +diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go +index 88db696..5444e77 100644 +--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go ++++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go +@@ -229,7 +229,7 @@ func prepareEtcdConfigs(ccfg *api.ClusterConfig, r runner.Runner, hostConfig *ap + + func Init(conf *api.ClusterConfig) error { + // generate ca certificates and kube-apiserver-etcd-client certificates +- if err := generateCaAndApiserverEtcdCerts(&runner.LocalRunner{}, conf); err != nil { ++ if err := generateCaAndApiserverEtcdCerts(conf); err != nil { + return err + } + +diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go +index 43be12d..f19394a 100644 +--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go ++++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go +@@ -172,7 +172,7 @@ func TestEtcdCertsAndConfig(t *testing.T) { + t.Fatalf("prepare etcd configs failed: %v", err) + } + +- if err = generateCaAndApiserverEtcdCerts(r, deployConf); err != nil { ++ if err = generateCaAndApiserverEtcdCerts(deployConf); err != nil { + t.Fatalf("generate ca and apiserver etcd certs failed: %v", err) + } + +diff --git a/pkg/utils/certs/certs_test.go b/pkg/utils/certs/certs_test.go +index 522d0cb..59a4a65 100644 +--- a/pkg/utils/certs/certs_test.go ++++ b/pkg/utils/certs/certs_test.go +@@ -12,8 +12,8 @@ import ( + + func TestNewLocalCertGenerator(t *testing.T) { + savePath := "/tmp/haozi" +- cg := NewLocalCertGenerator() +- err := cg.CreateServiceAccount(savePath) ++ lcg := NewLocalCertGenerator() ++ err := lcg.CreateServiceAccount(savePath) + if err != nil { + t.Fatalf("create service account failed: %v", err) + } +@@ -37,7 +37,7 @@ func TestNewLocalCertGenerator(t *testing.T) { + }, + Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, + } +- err = cg.CreateCA(apiserverConfig, savePath, "ca") ++ err = lcg.CreateCA(apiserverConfig, savePath, "ca") + if err != nil { + t.Fatalf("create apiserver ca failed: %v", err) + } +@@ -59,16 +59,16 @@ func TestNewLocalCertGenerator(t *testing.T) { + } + caCertPath := fmt.Sprintf("%s/ca.crt", savePath) + caKeyPath := fmt.Sprintf("%s/ca.key", savePath) +- err = cg.CreateCertAndKey(caCertPath, caKeyPath, adminConfig, savePath, "admin") ++ err = lcg.CreateCertAndKey(caCertPath, caKeyPath, adminConfig, savePath, "admin") + if err != nil { + t.Fatalf("create cert and key for admin failed: %v", err) + } +- err = cg.CreateKubeConfig(savePath, constants.KubeConfigFileNameAdmin, caCertPath, "default-cluster", "default-admin", ++ err = lcg.CreateKubeConfig(savePath, constants.KubeConfigFileNameAdmin, caCertPath, "default-cluster", "default-admin", + filepath.Join(savePath, "admin.crt"), filepath.Join(savePath, "admin.key"), "https://127.0.0.1:6443") + if err != nil { + t.Fatalf("create kubeconfig for admin failed: %v", err) + } +- if err := cg.CleanAll(savePath); err != nil { ++ if err := lcg.CleanAll(savePath); err != nil { + t.Fatalf("clean all failed: %v", err) + } + } +diff --git a/pkg/utils/runner/runner.go b/pkg/utils/runner/runner.go +index 3b15a08..9e1689e 100644 +--- a/pkg/utils/runner/runner.go ++++ b/pkg/utils/runner/runner.go +@@ -51,7 +51,7 @@ type LocalRunner struct { + } + + func (r *LocalRunner) copyDir(srcDir, dstDir string) error { +- output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("sudo cp -rf %v %v", srcDir, dstDir)).CombinedOutput() ++ output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("cp -rf %v %v", srcDir, dstDir)).CombinedOutput() + if err != nil { + logrus.Errorf("[local] copy %s to %s failed: %v\noutput: %v\n", srcDir, dstDir, err, string(output)) + return err +@@ -70,7 +70,7 @@ func (r *LocalRunner) Copy(src, dst string) error { + // just copy file + return r.copyDir(src, dst) + } +- output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("sudo cp -f %v %v", src, dst)).CombinedOutput() ++ output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("cp -f %v %v", src, dst)).CombinedOutput() + if err != nil { + logrus.Errorf("[local] copy %s to %s failed: %v\noutput: %v\n", src, dst, err, string(output)) + } else { +-- +2.25.1 + diff --git a/0005-add-coredns-checker.patch b/0005-add-coredns-checker.patch new file mode 100644 index 0000000..3074086 --- /dev/null +++ b/0005-add-coredns-checker.patch @@ -0,0 +1,213 @@ +From e3f440f40c64265fd3cb2e0a3c8e7d44b1022550 Mon Sep 17 00:00:00 2001 +From: zhangxiaoyu +Date: Wed, 8 Sep 2021 17:11:43 +0800 +Subject: [PATCH 2/4] add coredns checker + +Signed-off-by: zhangxiaoyu +--- + cmd/api.go | 1 + + cmd/configs.go | 20 +++++++++++-------- + cmd/join.go | 9 +++++++-- + config/centos.config | 7 ++++--- + config/openEuler.config | 5 +++-- + docs/manual.md | 7 ++++--- + .../binary/coredns/coredns.go | 8 ++++++++ + pkg/utils/infra/infra.go | 6 ++++++ + 8 files changed, 45 insertions(+), 18 deletions(-) + +diff --git a/cmd/api.go b/cmd/api.go +index fdc8949..538c2e0 100644 +--- a/cmd/api.go ++++ b/cmd/api.go +@@ -28,6 +28,7 @@ type InstallConfig struct { + LoadBalance []*PackageConfig `yaml:"loadbalance"` + Container []*PackageConfig `yaml:"container"` + Image []*PackageConfig `yaml:"image"` ++ Dns []*PackageConfig `yaml:"dns"` + Addition map[string][]*PackageConfig `yaml:"addition"` // key: master, worker, etcd, loadbalance + } + +diff --git a/cmd/configs.go b/cmd/configs.go +index 7555a92..dfc4c45 100644 +--- a/cmd/configs.go ++++ b/cmd/configs.go +@@ -28,6 +28,7 @@ import ( + + "github.com/sirupsen/logrus" + "isula.org/eggo/pkg/api" ++ "isula.org/eggo/pkg/clusterdeployment/binary/coredns" + "isula.org/eggo/pkg/constants" + "isula.org/eggo/pkg/utils" + "isula.org/eggo/pkg/utils/infra" +@@ -279,6 +280,10 @@ func fillPackageConfig(ccfg *api.ClusterConfig, icfg *InstallConfig) { + ccfg.RoleInfra[s.role].Softwares = appendSoftware(ccfg.RoleInfra[s.role].Softwares, s.pc, s.dpc) + } + ++ if coredns.IsTypeBinary(ccfg.ServiceCluster.DNS.CorednsType) { ++ ccfg.RoleInfra[api.Master].Softwares = appendSoftware(ccfg.RoleInfra[api.Master].Softwares, ToEggoPackageConfig(icfg.Dns), infra.DnsPackages) ++ } ++ + if len(icfg.Addition) == 0 { + return + } +@@ -306,12 +311,9 @@ func fillOpenPort(ccfg *api.ClusterConfig, openports map[string][]*OpenPorts, dn + ccfg.RoleInfra[role].OpenPorts = append(ccfg.RoleInfra[role].OpenPorts, ToEggoOpenPort(p)...) + } + +- if dnsType == "binary" || dnsType == "" { ++ if coredns.IsTypeBinary(dnsType) { + ccfg.RoleInfra[api.Master].OpenPorts = + append(ccfg.RoleInfra[api.Master].OpenPorts, infra.CorednsPorts...) +- } else if dnsType == "pod" { +- ccfg.RoleInfra[api.Worker].OpenPorts = +- append(ccfg.RoleInfra[api.Worker].OpenPorts, infra.CorednsPorts...) + } + } + +@@ -766,6 +768,12 @@ func createDeployConfigTemplate(file string) error { + Type: "image", + }, + }, ++ Dns: []*PackageConfig{ ++ { ++ Name: "coredns", ++ Type: "pkg", ++ }, ++ }, + Addition: map[string][]*PackageConfig{ + "master": { + { +@@ -778,10 +786,6 @@ func createDeployConfigTemplate(file string) error { + Name: "calico.yaml", + Type: "yaml", + }, +- { +- Name: "coredns", +- Type: "pkg", +- }, + }, + "worker": { + { +diff --git a/cmd/join.go b/cmd/join.go +index 7d0b4a1..79d68fc 100644 +--- a/cmd/join.go ++++ b/cmd/join.go +@@ -117,8 +117,13 @@ func getMergedAndDiffConfigs(conf *DeployConfig, joinConf *DeployConfig) (*Deplo + if getHostConfigByIp(mergedConfig.Workers, host.Ip) != nil { + continue + } +- h := createHostConfig(getHostConfigByIp(allHostConfigs, host.Ip), host, +- defaultHostName(conf.ClusterID, "worker", len(conf.Workers)+i)) ++ ++ h := getHostConfigByIp(diffConfig.Masters, host.Ip) ++ if h == nil { ++ h = createHostConfig(getHostConfigByIp(allHostConfigs, host.Ip), host, ++ defaultHostName(conf.ClusterID, "worker", len(conf.Workers)+i)) ++ } ++ + mergedConfig.Workers = append(mergedConfig.Workers, h) + diffConfig.Workers = append(diffConfig.Workers, h) + } +diff --git a/config/centos.config b/config/centos.config +index c9b0d0e..a5a2924 100755 +--- a/config/centos.config ++++ b/config/centos.config +@@ -54,13 +54,14 @@ install: + image: + - name: images.tar + type: image ++ dns: ++ - name: coredns ++ type: bin ++ dst: /usr/bin + addition: + master: + - name: calico.yaml + type: yaml +- - name: coredns +- type: bin +- dst: /usr/bin + worker: + - name: conntrack,socat + type: bin +diff --git a/config/openEuler.config b/config/openEuler.config +index 90e5892..07acf9b 100755 +--- a/config/openEuler.config ++++ b/config/openEuler.config +@@ -36,9 +36,10 @@ install: + image: + - name: images.tar + type: image ++ dns: ++ - name: coredns ++ type: pkg + addition: + master: + - name: calico.yaml + type: yaml +- - name: coredns +- type: pkg +diff --git a/docs/manual.md b/docs/manual.md +index 0957069..a4913b1 100644 +--- a/docs/manual.md ++++ b/docs/manual.md +@@ -300,6 +300,10 @@ install: // 配置各种类型节点上需要 + - name: pause.tar + type: image + dst: "" ++ dns: // k8s coredns安装包。如果corednstype配置为pod,此处无需配置 ++ - name: coredns ++ type: pkg ++ dst: "" + addition: // 额外的安装包或二进制文件列表 + master: + - name: prejoin.sh +@@ -309,9 +313,6 @@ install: // 配置各种类型节点上需要 + - name: calico.yaml + type: yaml + dst: "" +- - name: coredns +- type: pkg +- dst: "" + worker: + - name: docker.service + type: file +diff --git a/pkg/clusterdeployment/binary/coredns/coredns.go b/pkg/clusterdeployment/binary/coredns/coredns.go +index 35edb08..a33c71f 100644 +--- a/pkg/clusterdeployment/binary/coredns/coredns.go ++++ b/pkg/clusterdeployment/binary/coredns/coredns.go +@@ -33,6 +33,14 @@ func init() { + cbs[CorednsTypeOfBinary] = &BinaryCoredns{} + } + ++func IsTypeBinary(configType string) bool { ++ return configType == CorednsTypeOfBinary || configType == "" ++} ++ ++func IsTypePod(configType string) bool { ++ return configType == CorednsTypeOfPod ++} ++ + func getTypeOfCoredns(configType string) string { + if configType != "" { + return configType +diff --git a/pkg/utils/infra/infra.go b/pkg/utils/infra/infra.go +index b0c8ecd..2b36e2a 100644 +--- a/pkg/utils/infra/infra.go ++++ b/pkg/utils/infra/infra.go +@@ -110,6 +110,12 @@ var ( + } + + // coredns ++ DnsPackages = []*api.PackageConfig{ ++ { ++ Name: "coredns", ++ Type: "repo", ++ }, ++ } + CorednsPorts = []*api.OpenPorts{ + { + Port: 53, +-- +2.25.1 + diff --git a/0006-add-list-command-for-eggo.patch b/0006-add-list-command-for-eggo.patch new file mode 100644 index 0000000..d691a0b --- /dev/null +++ b/0006-add-list-command-for-eggo.patch @@ -0,0 +1,199 @@ +From a0ce71ec1363c210f12b92926ba911896bd32134 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Thu, 9 Sep 2021 03:28:17 +0100 +Subject: [PATCH 3/4] add list command for eggo + +Signed-off-by: haozi007 +--- + cmd/configs.go | 6 +-- + cmd/eggo.go | 1 + + cmd/list.go | 122 +++++++++++++++++++++++++++++++++++++++++++++++ + pkg/api/tools.go | 4 ++ + 4 files changed, 130 insertions(+), 3 deletions(-) + create mode 100644 cmd/list.go + +diff --git a/cmd/configs.go b/cmd/configs.go +index dfc4c45..04e1ec8 100644 +--- a/cmd/configs.go ++++ b/cmd/configs.go +@@ -90,11 +90,11 @@ func defaultDeployConfigPath() string { + } + + func eggoPlaceHolderPath(ClusterID string) string { +- return filepath.Join(api.EggoHomePath, ClusterID, ".eggo.pid") ++ return filepath.Join(api.GetEggoClusterPath(), ClusterID, ".eggo.pid") + } + + func savedDeployConfigPath(ClusterID string) string { +- return filepath.Join(api.EggoHomePath, ClusterID, "deploy.yaml") ++ return filepath.Join(api.GetEggoClusterPath(), ClusterID, "deploy.yaml") + } + + func saveDeployConfig(cc *DeployConfig, filePath string) error { +@@ -104,7 +104,7 @@ func saveDeployConfig(cc *DeployConfig, filePath string) error { + } + + cleanPath := filepath.Clean(filePath) +- if !strings.HasPrefix(cleanPath, api.EggoHomePath) { ++ if !strings.HasPrefix(cleanPath, api.GetEggoClusterPath()) { + return fmt.Errorf("invalid config file path %v", filePath) + } + +diff --git a/cmd/eggo.go b/cmd/eggo.go +index 7e42833..272fb17 100644 +--- a/cmd/eggo.go ++++ b/cmd/eggo.go +@@ -99,6 +99,7 @@ func NewEggoCmd() *cobra.Command { + eggoCmd.AddCommand(NewTemplateCmd()) + eggoCmd.AddCommand(NewJoinCmd()) + eggoCmd.AddCommand(NewDeleteCmd()) ++ eggoCmd.AddCommand(NewListCmd()) + + return eggoCmd + } +diff --git a/cmd/list.go b/cmd/list.go +new file mode 100644 +index 0000000..27729ba +--- /dev/null ++++ b/cmd/list.go +@@ -0,0 +1,122 @@ ++/****************************************************************************** ++ * Copyright (c) Huawei Technologies Co., Ltd. 2021. All rights reserved. ++ * eggo licensed under the Mulan PSL v2. ++ * You can use this software according to the terms and conditions of the Mulan PSL v2. ++ * You may obtain a copy of Mulan PSL v2 at: ++ * http://license.coscl.org.cn/MulanPSL2 ++ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR ++ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR ++ * PURPOSE. ++ * See the Mulan PSL v2 for more details. ++ * Author: haozi007 ++ * Create: 2021-09-09 ++ * Description: eggo list command implement ++ ******************************************************************************/ ++ ++package cmd ++ ++import ( ++ "fmt" ++ "os" ++ "path/filepath" ++ ++ "github.com/sirupsen/logrus" ++ "github.com/spf13/cobra" ++ "isula.org/eggo/pkg/api" ++) ++ ++type clusterInfo struct { ++ name string ++ masterCnt int ++ workerCnt int ++ status string ++} ++ ++var ( ++ infos []clusterInfo ++) ++ ++func addClusterInfo(name string, conf *DeployConfig, err error) { ++ info := clusterInfo{ ++ name: name, ++ } ++ if err != nil { ++ info.status = "unknow" ++ logrus.Debugf("%s: %s", info.name, err.Error()) ++ infos = append(infos, info) ++ return ++ } ++ if conf.Masters != nil { ++ info.masterCnt = len(conf.Masters) ++ } ++ if conf.Workers != nil { ++ info.workerCnt = len(conf.Workers) ++ } ++ ++ if terr := RunChecker(conf); terr != nil { ++ info.status = "broken" ++ logrus.Debugf("%s: %s", info.name, terr.Error()) ++ } else { ++ info.status = "success" ++ } ++ ++ infos = append(infos, info) ++} ++ ++func checkFile(path string, info os.FileInfo, err error) error { ++ if err != nil { ++ return err ++ } ++ if !info.IsDir() { ++ logrus.Debugf("ingore non-dir: %q", path) ++ return nil ++ } ++ ++ if path == api.GetEggoClusterPath() { ++ return nil ++ } ++ ++ conf, err := loadDeployConfig(savedDeployConfigPath(info.Name())) ++ addClusterInfo(info.Name(), conf, err) ++ return filepath.SkipDir ++} ++ ++func showClustersInfo() { ++ maxLen := 8 ++ for _, info := range infos { ++ if len(info.name) > maxLen { ++ maxLen = len(info.name) ++ } ++ } ++ fmt.Printf("Name%*s\tMasters\tWorkers\tStatus\n", maxLen, "") ++ for _, info := range infos { ++ fmt.Printf("%s%*s\t%d\t%d\t%s\n", info.name, len(info.name)-maxLen, "", info.masterCnt, info.workerCnt, info.status) ++ } ++} ++ ++func listClusters(cmd *cobra.Command, args []string) error { ++ infos = nil ++ if opts.debug { ++ initLog() ++ } ++ ++ eggoDir := api.GetEggoClusterPath() ++ ++ if err := filepath.Walk(eggoDir, checkFile); err != nil { ++ logrus.Debugf("walk eggo cluster dir: %s, err: %v\n", eggoDir, err) ++ } ++ ++ showClustersInfo() ++ ++ return nil ++} ++ ++func NewListCmd() *cobra.Command { ++ listCmd := &cobra.Command{ ++ Use: "list", ++ Short: "list clusters which manager by eggo", ++ RunE: listClusters, ++ } ++ ++ return listCmd ++} +diff --git a/pkg/api/tools.go b/pkg/api/tools.go +index 89a82d5..c9aaf93 100644 +--- a/pkg/api/tools.go ++++ b/pkg/api/tools.go +@@ -63,6 +63,10 @@ func GetCertificateStorePath(cluster string) string { + return filepath.Join(EggoHomePath, cluster, "pki") + } + ++func GetEggoClusterPath() string { ++ return EggoHomePath ++} ++ + func GetEtcdServers(ecc *EtcdClusterConfig) string { + //etcd_servers="https://${MASTER_IPS[$i]}:2379" + //etcd_servers="$etcd_servers,https://${MASTER_IPS[$i]}:2379" +-- +2.25.1 + diff --git a/0007-update-cert-of-ca.patch b/0007-update-cert-of-ca.patch new file mode 100644 index 0000000..10b8bc1 --- /dev/null +++ b/0007-update-cert-of-ca.patch @@ -0,0 +1,158 @@ +From f21402b93adae2162b2cf6d57dda5c3350bd9995 Mon Sep 17 00:00:00 2001 +From: haozi007 +Date: Sat, 11 Sep 2021 11:04:10 +0100 +Subject: [PATCH 4/4] update cert of ca + +1. support external ca; +2. default expired time change to 100 years; +3. support remote yaml; + +Signed-off-by: haozi007 +--- + .../binary/controlplane/controlplane.go | 20 +++++++++++++++++-- + .../binary/etcdcluster/etcdcerts.go | 13 ++++++++++++ + pkg/utils/certs/certs.go | 4 ++-- + pkg/utils/certs/localcerts.go | 2 +- + pkg/utils/dependency/dependency.go | 8 ++++++++ + 5 files changed, 42 insertions(+), 5 deletions(-) + +diff --git a/pkg/clusterdeployment/binary/controlplane/controlplane.go b/pkg/clusterdeployment/binary/controlplane/controlplane.go +index 2296c57..9c591c4 100644 +--- a/pkg/clusterdeployment/binary/controlplane/controlplane.go ++++ b/pkg/clusterdeployment/binary/controlplane/controlplane.go +@@ -284,7 +284,7 @@ func generateCerts(savePath string, cg certs.CertGenerator, ccfg *api.ClusterCon + return generateFrontProxyClientCertificate(savePath, cg) + } + +-func prepareCAs(lcg certs.CertGenerator, savePath string) error { ++func prepareCAs(lcg certs.CertGenerator, savePath string, ccfg *api.ClusterConfig) error { + if _, err := lcg.RunCommand(fmt.Sprintf("mkdir -p -m 0700 %s", savePath)); err != nil { + logrus.Errorf("prepare certificates store path failed: %v", err) + return err +@@ -293,6 +293,22 @@ func prepareCAs(lcg certs.CertGenerator, savePath string) error { + if err := lcg.CreateServiceAccount(savePath); err != nil { + return err + } ++ ++ if ccfg.Certificate.ExternalCA { ++ getStrCmd := func(name string) string { ++ return fmt.Sprintf("cp -f %s/%s %s/%s %s", ccfg.Certificate.ExternalCAPath, certs.GetKeyName(name), ++ ccfg.Certificate.ExternalCAPath, certs.GetCertName(name), savePath) ++ } ++ ++ if _, err := lcg.RunCommand(getStrCmd(RootCAName)); err != nil { ++ return err ++ } ++ ++ if _, err := lcg.RunCommand(getStrCmd(FrontProxyCAName)); err != nil { ++ return err ++ } ++ } ++ + // create root ca + caConfig := &certs.CertConfig{ + CommonName: "kubernetes", +@@ -342,7 +358,7 @@ func createAdminKubeConfigForEggo(lcg certs.CertGenerator, caPath string, savePa + func prepareCredentials(clusterName string, ccfg *api.ClusterConfig) error { + lcg := certs.NewLocalCertGenerator() + caPath := api.GetCertificateStorePath(clusterName) +- if err := prepareCAs(lcg, caPath); err != nil { ++ if err := prepareCAs(lcg, caPath, ccfg); err != nil { + return err + } + return createAdminKubeConfigForEggo(lcg, caPath, api.GetClusterHomePath(clusterName), ccfg) +diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go +index 00f6116..29aeea7 100644 +--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go ++++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go +@@ -17,6 +17,7 @@ package etcdcluster + + import ( + "crypto/x509" ++ "fmt" + "path/filepath" + + "isula.org/eggo/pkg/api" +@@ -98,6 +99,18 @@ func generateCaAndApiserverEtcdCerts(ccfg *api.ClusterConfig) error { + caConfig := &certs.CertConfig{ + CommonName: "etcd-ca", + } ++ ++ if ccfg.Certificate.ExternalCA { ++ _, err := lcg.RunCommand(fmt.Sprintf("mkdir -p -m 0700 %s && cp -f %s/etcd/%s %s", etcdCertsPath, ccfg.Certificate.ExternalCAPath, certs.GetCertName("ca"), etcdCertsPath)) ++ if err != nil { ++ return err ++ } ++ _, err = lcg.RunCommand(fmt.Sprintf("cp -f %s/etcd/%s %s", ccfg.Certificate.ExternalCAPath, certs.GetKeyName("ca"), etcdCertsPath)) ++ if err != nil { ++ return err ++ } ++ } ++ + if err := lcg.CreateCA(caConfig, etcdCertsPath, "ca"); err != nil { + return err + } +diff --git a/pkg/utils/certs/certs.go b/pkg/utils/certs/certs.go +index 0f16f7f..e57cfe8 100644 +--- a/pkg/utils/certs/certs.go ++++ b/pkg/utils/certs/certs.go +@@ -123,7 +123,7 @@ func (o *OpensshBinCertGenerator) CreateCA(config *CertConfig, savePath string, + sb.WriteString("sudo -E /bin/sh -c \"") + sb.WriteString(fmt.Sprintf("mkdir -p %s && cd %s", savePath, savePath)) + sb.WriteString(fmt.Sprintf(" && openssl genrsa -out %s.key 4096", name)) +- sb.WriteString(fmt.Sprintf(" && openssl req -x509 -new -nodes -key %s.key -subj \"%s\" -days 10000 -out %s.crt", name, getSubject(config), name)) ++ sb.WriteString(fmt.Sprintf(" && openssl req -x509 -new -nodes -key %s.key -subj \"%s\" -days 36500 -out %s.crt", name, getSubject(config), name)) + sb.WriteString("\"") + + _, err := o.r.RunCommand(sb.String()) +@@ -184,7 +184,7 @@ func (o *OpensshBinCertGenerator) CreateCertAndKey(caCertPath, caKeyPath string, + sb.WriteString("sudo -E /bin/sh -c \"") + sb.WriteString(fmt.Sprintf("cd %s && openssl genrsa -out %s.key 4096", savePath, name)) + sb.WriteString(fmt.Sprintf(" && openssl req -new -key %s.key -out %s.csr -config %s/%s-csr.conf", name, name, savePath, name)) +- sb.WriteString(fmt.Sprintf(" && openssl x509 -req -in %s.csr -CA %s -CAkey %s -CAcreateserial -out %s.crt -days 10000 -extensions v3_ext -extfile %s-csr.conf", name, caCertPath, caKeyPath, name, name)) ++ sb.WriteString(fmt.Sprintf(" && openssl x509 -req -in %s.csr -CA %s -CAkey %s -CAcreateserial -out %s.crt -days 36500 -extensions v3_ext -extfile %s-csr.conf", name, caCertPath, caKeyPath, name, name)) + sb.WriteString(fmt.Sprintf(" && rm -f %s/%s-csr.conf", savePath, name)) + sb.WriteString(fmt.Sprintf(" && rm -f %s.csr", name)) + sb.WriteString("\"") +diff --git a/pkg/utils/certs/localcerts.go b/pkg/utils/certs/localcerts.go +index 7feca10..c5fe2e5 100644 +--- a/pkg/utils/certs/localcerts.go ++++ b/pkg/utils/certs/localcerts.go +@@ -151,7 +151,7 @@ func (l *LocalCertGenerator) CreateCertAndKey(caCertPath, caKeyPath string, conf + KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, + ExtKeyUsage: config.Usages, + NotBefore: caCert.NotBefore, +- NotAfter: time.Now().Add(time.Hour * 24 * 365).UTC(), ++ NotAfter: time.Now().Add(time.Hour * 24 * 36500).UTC(), + } + + certBytes, err := x509.CreateCertificate(rand.Reader, &certConf, caCert, signer.Public(), caKey) +diff --git a/pkg/utils/dependency/dependency.go b/pkg/utils/dependency/dependency.go +index 1c24a2e..870b938 100644 +--- a/pkg/utils/dependency/dependency.go ++++ b/pkg/utils/dependency/dependency.go +@@ -247,6 +247,10 @@ func (dy *dependencyYaml) Install(r runner.Runner) error { + var sb strings.Builder + sb.WriteString(fmt.Sprintf("sudo -E /bin/sh -c \"export KUBECONFIG=%s ", dy.kubeconfig)) + for _, y := range dy.yaml { ++ if strings.HasPrefix(y.Name, "http://") || strings.HasPrefix(y.Name, "https://") { ++ sb.WriteString(fmt.Sprintf("&& kubectl apply -f %s ", y.Name)) ++ continue ++ } + sb.WriteString(fmt.Sprintf("&& kubectl apply -f %s/%s ", dy.srcPath, y.Name)) + } + sb.WriteString("\"") +@@ -262,6 +266,10 @@ func (dy *dependencyYaml) Remove(r runner.Runner) error { + var sb strings.Builder + sb.WriteString(fmt.Sprintf("sudo -E /bin/sh -c \"export KUBECONFIG=%s ", dy.kubeconfig)) + for _, y := range dy.yaml { ++ if strings.HasPrefix(y.Name, "http://") || strings.HasPrefix(y.Name, "https://") { ++ sb.WriteString(fmt.Sprintf("&& kubectl delete -f %s ", y.Name)) ++ continue ++ } + sb.WriteString(fmt.Sprintf("&& kubectl delete -f %s/%s ", dy.srcPath, y.Name)) + } + sb.WriteString("\"") +-- +2.25.1 + diff --git a/eggo.spec b/eggo.spec index f012714..79c9298 100644 --- a/eggo.spec +++ b/eggo.spec @@ -1,6 +1,6 @@ Name: eggo Version: 0.9.3 -Release: 3 +Release: 4 Summary: Eggo is a tool built to provide standard multi-ways for creating Kubernetes clusters. License: Mulan PSL V2 URL: https://gitee.com/openeuler/eggo @@ -9,6 +9,10 @@ Source0: https://gitee.com/openeuler/eggo/repository/archive/v%{version}.tar.gz Patch0001: 0001-remove-residual-objects.patch Patch0002: 0002-remove-residual-in-infrastruce.patch Patch0003: 0003-eggo-static-compile.patch +Patch0004: 0004-use-local-cert-replace-openssl.patch +Patch0005: 0005-add-coredns-checker.patch +Patch0006: 0006-add-list-command-for-eggo.patch +Patch0007: 0007-update-cert-of-ca.patch BuildRequires: make BuildRequires: git @@ -49,6 +53,12 @@ rm -rf src %attr(551,root,root) %{_bindir}/eggo %changelog +* Mon Sep 13 2021 zhangxiaoyu - 0.9.3-4 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:use local cert, add coredns checker, add list command, update cert of ca + * Tue Sep 07 2021 zhangxiaoyu - 0.9.3-3 - Type:bugfix - CVE:NA