eggo several bugfix

Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
2021-09-13 20:09:25 +08:00 · 2021-09-13 20:09:25 +08:00 · 12225118de
commit 12225118de
parent 29243a9e7b
5 changed files with 784 additions and 1 deletions
--- a/0004-use-local-cert-replace-openssl.patch
+++ b/0004-use-local-cert-replace-openssl.patch
@ -0,0 +1,203 @@
+From 5a443177a9c70296d9a3e57b2336e33ba72c6657 Mon Sep 17 00:00:00 2001
+From: haozi007 <liuhao27@huawei.com>
+Date: Wed, 8 Sep 2021 04:21:32 +0100
+Subject: [PATCH 1/4] use local cert replace openssl
+
+Signed-off-by: haozi007 <liuhao27@huawei.com>
+---
+ cmd/checker.go                                       | 10 ++++++++++
+ cmd/checker_test.go                                  |  9 +++++++++
+ .../binary/controlplane/controlplane.go              |  2 +-
+ .../binary/etcdcluster/etcdcerts.go                  |  8 ++++----
+ .../binary/etcdcluster/etcdcluster.go                |  2 +-
+ .../binary/etcdcluster/etcdcluster_test.go           |  2 +-
+ pkg/utils/certs/certs_test.go                        | 12 ++++++------
+ pkg/utils/runner/runner.go                           |  4 ++--
+ 8 files changed, 34 insertions(+), 15 deletions(-)
+
+diff --git a/cmd/checker.go b/cmd/checker.go
+index a924629..4530f2b 100644
+--- a/cmd/checker.go
+++ b/cmd/checker.go
+@@ -24,6 +24,7 @@ import (
+ 	"time"
+ 
+ 	"isula.org/eggo/pkg/api"
+	"isula.org/eggo/pkg/utils"
+ 	"isula.org/eggo/pkg/utils/endpoint"
+ 	chain "isula.org/eggo/pkg/utils/responsibilitychain"
+ 	"k8s.io/apimachinery/pkg/util/validation"
+@@ -388,6 +389,15 @@ func (ccr *InstallConfigResponsibility) Execute() error {
+ 			if !filepath.IsAbs(path) {
+ 				return fmt.Errorf("srcpackage %s path: %s must be absolute", arch, path)
+ 			}
+			if _, ok := ccr.arch[arch]; ok {
+				exist, err := utils.CheckPathExist(path)
+				if err != nil {
+					return err
+				}
+				if !exist {
+					return fmt.Errorf("have arch: %s node, but src package: %s is not exist", arch, path)
+				}
+			}
+ 		}
+ 
+ 		if len(ccr.conf.PackageSrc.SrcPath) != 0 {
+diff --git a/cmd/checker_test.go b/cmd/checker_test.go
+index fefe0e6..1fee45a 100644
+--- a/cmd/checker_test.go
+++ b/cmd/checker_test.go
+@@ -44,6 +44,15 @@ func TestRunChecker(t *testing.T) {
+ 		t.Fatalf("load deploy config file failed: %v", err)
+ 	}
+ 
+	if err = RunChecker(conf); err == nil {
+		t.Fatalf("test invalid cluster config failed: %v", err)
+	}
+
+	for _, fn := range conf.InstallConfig.PackageSrc.SrcPath {
+		os.MkdirAll(fn, 0755)
+		defer os.RemoveAll(fn)
+	}
+
+ 	// test check success
+ 	if err = RunChecker(conf); err != nil {
+ 		t.Fatalf("test checker success failed: %v", err)
+diff --git a/pkg/clusterdeployment/binary/controlplane/controlplane.go b/pkg/clusterdeployment/binary/controlplane/controlplane.go
+index 5e6a8a0..2296c57 100644
+--- a/pkg/clusterdeployment/binary/controlplane/controlplane.go
+++ b/pkg/clusterdeployment/binary/controlplane/controlplane.go
+@@ -285,7 +285,7 @@ func generateCerts(savePath string, cg certs.CertGenerator, ccfg *api.ClusterCon
+ }
+ 
+ func prepareCAs(lcg certs.CertGenerator, savePath string) error {
+-	if _, err := lcg.RunCommand(fmt.Sprintf("sudo mkdir -p -m 0700 %s", savePath)); err != nil {
+	if _, err := lcg.RunCommand(fmt.Sprintf("mkdir -p -m 0700 %s", savePath)); err != nil {
+ 		logrus.Errorf("prepare certificates store path failed: %v", err)
+ 		return err
+ 	}
+diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go
+index 1262e99..00f6116 100644
+--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go
+++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go
+@@ -89,21 +89,21 @@ func generateEtcdCerts(r runner.Runner, ccfg *api.ClusterConfig, hostConfig *api
+ }
+ 
+ // see: https://kubernetes.io/docs/setup/best-practices/certificates/
+-func generateCaAndApiserverEtcdCerts(r runner.Runner, ccfg *api.ClusterConfig) error {
+func generateCaAndApiserverEtcdCerts(ccfg *api.ClusterConfig) error {
+ 	savePath := api.GetCertificateStorePath(ccfg.Name)
+ 	etcdCertsPath := filepath.Join(savePath, "etcd")
+-	cg := certs.NewOpensshBinCertGenerator(r)
+	lcg := certs.NewLocalCertGenerator()
+ 
+ 	// generate etcd root ca
+ 	caConfig := &certs.CertConfig{
+ 		CommonName: "etcd-ca",
+ 	}
+-	if err := cg.CreateCA(caConfig, etcdCertsPath, "ca"); err != nil {
+	if err := lcg.CreateCA(caConfig, etcdCertsPath, "ca"); err != nil {
+ 		return err
+ 	}
+ 
+ 	// generate apiserver-etcd-client certificates
+-	if err := genApiserverEtcdClientCerts(savePath, cg, ccfg); err != nil {
+	if err := genApiserverEtcdClientCerts(savePath, lcg, ccfg); err != nil {
+ 		return err
+ 	}
+ 
+diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go
+index 88db696..5444e77 100644
+--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go
+++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go
+@@ -229,7 +229,7 @@ func prepareEtcdConfigs(ccfg *api.ClusterConfig, r runner.Runner, hostConfig *ap
+ 
+ func Init(conf *api.ClusterConfig) error {
+ 	// generate ca certificates and kube-apiserver-etcd-client certificates
+-	if err := generateCaAndApiserverEtcdCerts(&runner.LocalRunner{}, conf); err != nil {
+	if err := generateCaAndApiserverEtcdCerts(conf); err != nil {
+ 		return err
+ 	}
+ 
+diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go
+index 43be12d..f19394a 100644
+--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go
+++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go
+@@ -172,7 +172,7 @@ func TestEtcdCertsAndConfig(t *testing.T) {
+ 		t.Fatalf("prepare etcd configs failed: %v", err)
+ 	}
+ 
+-	if err = generateCaAndApiserverEtcdCerts(r, deployConf); err != nil {
+	if err = generateCaAndApiserverEtcdCerts(deployConf); err != nil {
+ 		t.Fatalf("generate ca and apiserver etcd certs failed: %v", err)
+ 	}
+ 
+diff --git a/pkg/utils/certs/certs_test.go b/pkg/utils/certs/certs_test.go
+index 522d0cb..59a4a65 100644
+--- a/pkg/utils/certs/certs_test.go
+++ b/pkg/utils/certs/certs_test.go
+@@ -12,8 +12,8 @@ import (
+ 
+ func TestNewLocalCertGenerator(t *testing.T) {
+ 	savePath := "/tmp/haozi"
+-	cg := NewLocalCertGenerator()
+-	err := cg.CreateServiceAccount(savePath)
+	lcg := NewLocalCertGenerator()
+	err := lcg.CreateServiceAccount(savePath)
+ 	if err != nil {
+ 		t.Fatalf("create service account failed: %v", err)
+ 	}
+@@ -37,7 +37,7 @@ func TestNewLocalCertGenerator(t *testing.T) {
+ 		},
+ 		Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
+ 	}
+-	err = cg.CreateCA(apiserverConfig, savePath, "ca")
+	err = lcg.CreateCA(apiserverConfig, savePath, "ca")
+ 	if err != nil {
+ 		t.Fatalf("create apiserver ca failed: %v", err)
+ 	}
+@@ -59,16 +59,16 @@ func TestNewLocalCertGenerator(t *testing.T) {
+ 	}
+ 	caCertPath := fmt.Sprintf("%s/ca.crt", savePath)
+ 	caKeyPath := fmt.Sprintf("%s/ca.key", savePath)
+-	err = cg.CreateCertAndKey(caCertPath, caKeyPath, adminConfig, savePath, "admin")
+	err = lcg.CreateCertAndKey(caCertPath, caKeyPath, adminConfig, savePath, "admin")
+ 	if err != nil {
+ 		t.Fatalf("create cert and key for admin failed: %v", err)
+ 	}
+-	err = cg.CreateKubeConfig(savePath, constants.KubeConfigFileNameAdmin, caCertPath, "default-cluster", "default-admin",
+	err = lcg.CreateKubeConfig(savePath, constants.KubeConfigFileNameAdmin, caCertPath, "default-cluster", "default-admin",
+ 		filepath.Join(savePath, "admin.crt"), filepath.Join(savePath, "admin.key"), "https://127.0.0.1:6443")
+ 	if err != nil {
+ 		t.Fatalf("create kubeconfig for admin failed: %v", err)
+ 	}
+-	if err := cg.CleanAll(savePath); err != nil {
+	if err := lcg.CleanAll(savePath); err != nil {
+ 		t.Fatalf("clean all failed: %v", err)
+ 	}
+ }
+diff --git a/pkg/utils/runner/runner.go b/pkg/utils/runner/runner.go
+index 3b15a08..9e1689e 100644
+--- a/pkg/utils/runner/runner.go
+++ b/pkg/utils/runner/runner.go
+@@ -51,7 +51,7 @@ type LocalRunner struct {
+ }
+ 
+ func (r *LocalRunner) copyDir(srcDir, dstDir string) error {
+-	output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("sudo cp -rf %v %v", srcDir, dstDir)).CombinedOutput()
+	output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("cp -rf %v %v", srcDir, dstDir)).CombinedOutput()
+ 	if err != nil {
+ 		logrus.Errorf("[local] copy %s to %s failed: %v\noutput: %v\n", srcDir, dstDir, err, string(output))
+ 		return err
+@@ -70,7 +70,7 @@ func (r *LocalRunner) Copy(src, dst string) error {
+ 		// just copy file
+ 		return r.copyDir(src, dst)
+ 	}
+-	output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("sudo cp -f %v %v", src, dst)).CombinedOutput()
+	output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("cp -f %v %v", src, dst)).CombinedOutput()
+ 	if err != nil {
+ 		logrus.Errorf("[local] copy %s to %s failed: %v\noutput: %v\n", src, dst, err, string(output))
+ 	} else {
+-- 
+2.25.1
+
--- a/0005-add-coredns-checker.patch
+++ b/0005-add-coredns-checker.patch
@ -0,0 +1,213 @@
+From e3f440f40c64265fd3cb2e0a3c8e7d44b1022550 Mon Sep 17 00:00:00 2001
+From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
+Date: Wed, 8 Sep 2021 17:11:43 +0800
+Subject: [PATCH 2/4] add coredns checker
+
+Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
+---
+ cmd/api.go                                    |  1 +
+ cmd/configs.go                                | 20 +++++++++++--------
+ cmd/join.go                                   |  9 +++++++--
+ config/centos.config                          |  7 ++++---
+ config/openEuler.config                       |  5 +++--
+ docs/manual.md                                |  7 ++++---
+ .../binary/coredns/coredns.go                 |  8 ++++++++
+ pkg/utils/infra/infra.go                      |  6 ++++++
+ 8 files changed, 45 insertions(+), 18 deletions(-)
+
+diff --git a/cmd/api.go b/cmd/api.go
+index fdc8949..538c2e0 100644
+--- a/cmd/api.go
+++ b/cmd/api.go
+@@ -28,6 +28,7 @@ type InstallConfig struct {
+ 	LoadBalance      []*PackageConfig            `yaml:"loadbalance"`
+ 	Container        []*PackageConfig            `yaml:"container"`
+ 	Image            []*PackageConfig            `yaml:"image"`
+	Dns              []*PackageConfig            `yaml:"dns"`
+ 	Addition         map[string][]*PackageConfig `yaml:"addition"` // key: master, worker, etcd, loadbalance
+ }
+ 
+diff --git a/cmd/configs.go b/cmd/configs.go
+index 7555a92..dfc4c45 100644
+--- a/cmd/configs.go
+++ b/cmd/configs.go
+@@ -28,6 +28,7 @@ import (
+ 
+ 	"github.com/sirupsen/logrus"
+ 	"isula.org/eggo/pkg/api"
+	"isula.org/eggo/pkg/clusterdeployment/binary/coredns"
+ 	"isula.org/eggo/pkg/constants"
+ 	"isula.org/eggo/pkg/utils"
+ 	"isula.org/eggo/pkg/utils/infra"
+@@ -279,6 +280,10 @@ func fillPackageConfig(ccfg *api.ClusterConfig, icfg *InstallConfig) {
+ 		ccfg.RoleInfra[s.role].Softwares = appendSoftware(ccfg.RoleInfra[s.role].Softwares, s.pc, s.dpc)
+ 	}
+ 
+	if coredns.IsTypeBinary(ccfg.ServiceCluster.DNS.CorednsType) {
+		ccfg.RoleInfra[api.Master].Softwares = appendSoftware(ccfg.RoleInfra[api.Master].Softwares, ToEggoPackageConfig(icfg.Dns), infra.DnsPackages)
+	}
+
+ 	if len(icfg.Addition) == 0 {
+ 		return
+ 	}
+@@ -306,12 +311,9 @@ func fillOpenPort(ccfg *api.ClusterConfig, openports map[string][]*OpenPorts, dn
+ 		ccfg.RoleInfra[role].OpenPorts = append(ccfg.RoleInfra[role].OpenPorts, ToEggoOpenPort(p)...)
+ 	}
+ 
+-	if dnsType == "binary" || dnsType == "" {
+	if coredns.IsTypeBinary(dnsType) {
+ 		ccfg.RoleInfra[api.Master].OpenPorts =
+ 			append(ccfg.RoleInfra[api.Master].OpenPorts, infra.CorednsPorts...)
+-	} else if dnsType == "pod" {
+-		ccfg.RoleInfra[api.Worker].OpenPorts =
+-			append(ccfg.RoleInfra[api.Worker].OpenPorts, infra.CorednsPorts...)
+ 	}
+ }
+ 
+@@ -766,6 +768,12 @@ func createDeployConfigTemplate(file string) error {
+ 					Type: "image",
+ 				},
+ 			},
+			Dns: []*PackageConfig{
+				{
+					Name: "coredns",
+					Type: "pkg",
+				},
+			},
+ 			Addition: map[string][]*PackageConfig{
+ 				"master": {
+ 					{
+@@ -778,10 +786,6 @@ func createDeployConfigTemplate(file string) error {
+ 						Name: "calico.yaml",
+ 						Type: "yaml",
+ 					},
+-					{
+-						Name: "coredns",
+-						Type: "pkg",
+-					},
+ 				},
+ 				"worker": {
+ 					{
+diff --git a/cmd/join.go b/cmd/join.go
+index 7d0b4a1..79d68fc 100644
+--- a/cmd/join.go
+++ b/cmd/join.go
+@@ -117,8 +117,13 @@ func getMergedAndDiffConfigs(conf *DeployConfig, joinConf *DeployConfig) (*Deplo
+ 		if getHostConfigByIp(mergedConfig.Workers, host.Ip) != nil {
+ 			continue
+ 		}
+-		h := createHostConfig(getHostConfigByIp(allHostConfigs, host.Ip), host,
+-			defaultHostName(conf.ClusterID, "worker", len(conf.Workers)+i))
+
+		h := getHostConfigByIp(diffConfig.Masters, host.Ip)
+		if h == nil {
+			h = createHostConfig(getHostConfigByIp(allHostConfigs, host.Ip), host,
+				defaultHostName(conf.ClusterID, "worker", len(conf.Workers)+i))
+		}
+
+ 		mergedConfig.Workers = append(mergedConfig.Workers, h)
+ 		diffConfig.Workers = append(diffConfig.Workers, h)
+ 	}
+diff --git a/config/centos.config b/config/centos.config
+index c9b0d0e..a5a2924 100755
+--- a/config/centos.config
+++ b/config/centos.config
+@@ -54,13 +54,14 @@ install:
+   image:
+   - name: images.tar
+     type: image
+  dns:
+  - name: coredns
+    type: bin
+    dst: /usr/bin
+   addition:
+     master:
+     - name: calico.yaml
+       type: yaml
+-    - name: coredns
+-      type: bin
+-      dst: /usr/bin
+     worker:
+     - name: conntrack,socat
+       type: bin
+diff --git a/config/openEuler.config b/config/openEuler.config
+index 90e5892..07acf9b 100755
+--- a/config/openEuler.config
+++ b/config/openEuler.config
+@@ -36,9 +36,10 @@ install:
+   image:
+   - name: images.tar
+     type: image
+  dns:
+  - name: coredns
+    type: pkg
+   addition:
+     master:
+     - name: calico.yaml
+       type: yaml
+-    - name: coredns
+-      type: pkg
+diff --git a/docs/manual.md b/docs/manual.md
+index 0957069..a4913b1 100644
+--- a/docs/manual.md
+++ b/docs/manual.md
+@@ -300,6 +300,10 @@ install:                                    // 配置各种类型节点上需要
+   - name: pause.tar
+     type: image
+     dst: ""
+  dns:                                      // k8s coredns安装包。如果corednstype配置为pod，此处无需配置
+  - name: coredns
+    type: pkg
+    dst: ""
+   addition:                                 // 额外的安装包或二进制文件列表
+     master:
+     - name: prejoin.sh
+@@ -309,9 +313,6 @@ install:                                    // 配置各种类型节点上需要
+     - name: calico.yaml
+       type: yaml
+       dst: ""
+-    - name: coredns
+-      type: pkg
+-      dst: ""
+     worker:
+     - name: docker.service
+       type: file
+diff --git a/pkg/clusterdeployment/binary/coredns/coredns.go b/pkg/clusterdeployment/binary/coredns/coredns.go
+index 35edb08..a33c71f 100644
+--- a/pkg/clusterdeployment/binary/coredns/coredns.go
+++ b/pkg/clusterdeployment/binary/coredns/coredns.go
+@@ -33,6 +33,14 @@ func init() {
+ 	cbs[CorednsTypeOfBinary] = &BinaryCoredns{}
+ }
+ 
+func IsTypeBinary(configType string) bool {
+	return configType == CorednsTypeOfBinary || configType == ""
+}
+
+func IsTypePod(configType string) bool {
+	return configType == CorednsTypeOfPod
+}
+
+ func getTypeOfCoredns(configType string) string {
+ 	if configType != "" {
+ 		return configType
+diff --git a/pkg/utils/infra/infra.go b/pkg/utils/infra/infra.go
+index b0c8ecd..2b36e2a 100644
+--- a/pkg/utils/infra/infra.go
+++ b/pkg/utils/infra/infra.go
+@@ -110,6 +110,12 @@ var (
+ 	}
+ 
+ 	// coredns
+	DnsPackages = []*api.PackageConfig{
+		{
+			Name: "coredns",
+			Type: "repo",
+		},
+	}
+ 	CorednsPorts = []*api.OpenPorts{
+ 		{
+ 			Port:     53,
+-- 
+2.25.1
+
--- a/0006-add-list-command-for-eggo.patch
+++ b/0006-add-list-command-for-eggo.patch
@ -0,0 +1,199 @@
+From a0ce71ec1363c210f12b92926ba911896bd32134 Mon Sep 17 00:00:00 2001
+From: haozi007 <liuhao27@huawei.com>
+Date: Thu, 9 Sep 2021 03:28:17 +0100
+Subject: [PATCH 3/4] add list command for eggo
+
+Signed-off-by: haozi007 <liuhao27@huawei.com>
+---
+ cmd/configs.go   |   6 +--
+ cmd/eggo.go      |   1 +
+ cmd/list.go      | 122 +++++++++++++++++++++++++++++++++++++++++++++++
+ pkg/api/tools.go |   4 ++
+ 4 files changed, 130 insertions(+), 3 deletions(-)
+ create mode 100644 cmd/list.go
+
+diff --git a/cmd/configs.go b/cmd/configs.go
+index dfc4c45..04e1ec8 100644
+--- a/cmd/configs.go
+++ b/cmd/configs.go
+@@ -90,11 +90,11 @@ func defaultDeployConfigPath() string {
+ }
+ 
+ func eggoPlaceHolderPath(ClusterID string) string {
+-	return filepath.Join(api.EggoHomePath, ClusterID, ".eggo.pid")
+	return filepath.Join(api.GetEggoClusterPath(), ClusterID, ".eggo.pid")
+ }
+ 
+ func savedDeployConfigPath(ClusterID string) string {
+-	return filepath.Join(api.EggoHomePath, ClusterID, "deploy.yaml")
+	return filepath.Join(api.GetEggoClusterPath(), ClusterID, "deploy.yaml")
+ }
+ 
+ func saveDeployConfig(cc *DeployConfig, filePath string) error {
+@@ -104,7 +104,7 @@ func saveDeployConfig(cc *DeployConfig, filePath string) error {
+ 	}
+ 
+ 	cleanPath := filepath.Clean(filePath)
+-	if !strings.HasPrefix(cleanPath, api.EggoHomePath) {
+	if !strings.HasPrefix(cleanPath, api.GetEggoClusterPath()) {
+ 		return fmt.Errorf("invalid config file path %v", filePath)
+ 	}
+ 
+diff --git a/cmd/eggo.go b/cmd/eggo.go
+index 7e42833..272fb17 100644
+--- a/cmd/eggo.go
+++ b/cmd/eggo.go
+@@ -99,6 +99,7 @@ func NewEggoCmd() *cobra.Command {
+ 	eggoCmd.AddCommand(NewTemplateCmd())
+ 	eggoCmd.AddCommand(NewJoinCmd())
+ 	eggoCmd.AddCommand(NewDeleteCmd())
+	eggoCmd.AddCommand(NewListCmd())
+ 
+ 	return eggoCmd
+ }
+diff --git a/cmd/list.go b/cmd/list.go
+new file mode 100644
+index 0000000..27729ba
+--- /dev/null
+++ b/cmd/list.go
+@@ -0,0 +1,122 @@
+/******************************************************************************
+ * Copyright (c) Huawei Technologies Co., Ltd. 2021. All rights reserved.
+ * eggo licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ * Author: haozi007
+ * Create: 2021-09-09
+ * Description: eggo list command implement
+ ******************************************************************************/
+
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+	"isula.org/eggo/pkg/api"
+)
+
+type clusterInfo struct {
+	name      string
+	masterCnt int
+	workerCnt int
+	status    string
+}
+
+var (
+	infos []clusterInfo
+)
+
+func addClusterInfo(name string, conf *DeployConfig, err error) {
+	info := clusterInfo{
+		name: name,
+	}
+	if err != nil {
+		info.status = "unknow"
+		logrus.Debugf("%s: %s", info.name, err.Error())
+		infos = append(infos, info)
+		return
+	}
+	if conf.Masters != nil {
+		info.masterCnt = len(conf.Masters)
+	}
+	if conf.Workers != nil {
+		info.workerCnt = len(conf.Workers)
+	}
+
+	if terr := RunChecker(conf); terr != nil {
+		info.status = "broken"
+		logrus.Debugf("%s: %s", info.name, terr.Error())
+	} else {
+		info.status = "success"
+	}
+
+	infos = append(infos, info)
+}
+
+func checkFile(path string, info os.FileInfo, err error) error {
+	if err != nil {
+		return err
+	}
+	if !info.IsDir() {
+		logrus.Debugf("ingore non-dir: %q", path)
+		return nil
+	}
+
+	if path == api.GetEggoClusterPath() {
+		return nil
+	}
+
+	conf, err := loadDeployConfig(savedDeployConfigPath(info.Name()))
+	addClusterInfo(info.Name(), conf, err)
+	return filepath.SkipDir
+}
+
+func showClustersInfo() {
+	maxLen := 8
+	for _, info := range infos {
+		if len(info.name) > maxLen {
+			maxLen = len(info.name)
+		}
+	}
+	fmt.Printf("Name%*s\tMasters\tWorkers\tStatus\n", maxLen, "")
+	for _, info := range infos {
+		fmt.Printf("%s%*s\t%d\t%d\t%s\n", info.name, len(info.name)-maxLen, "", info.masterCnt, info.workerCnt, info.status)
+	}
+}
+
+func listClusters(cmd *cobra.Command, args []string) error {
+	infos = nil
+	if opts.debug {
+		initLog()
+	}
+
+	eggoDir := api.GetEggoClusterPath()
+
+	if err := filepath.Walk(eggoDir, checkFile); err != nil {
+		logrus.Debugf("walk eggo cluster dir: %s, err: %v\n", eggoDir, err)
+	}
+
+	showClustersInfo()
+
+	return nil
+}
+
+func NewListCmd() *cobra.Command {
+	listCmd := &cobra.Command{
+		Use:   "list",
+		Short: "list clusters which manager by eggo",
+		RunE:  listClusters,
+	}
+
+	return listCmd
+}
+diff --git a/pkg/api/tools.go b/pkg/api/tools.go
+index 89a82d5..c9aaf93 100644
+--- a/pkg/api/tools.go
+++ b/pkg/api/tools.go
+@@ -63,6 +63,10 @@ func GetCertificateStorePath(cluster string) string {
+ 	return filepath.Join(EggoHomePath, cluster, "pki")
+ }
+ 
+func GetEggoClusterPath() string {
+	return EggoHomePath
+}
+
+ func GetEtcdServers(ecc *EtcdClusterConfig) string {
+ 	//etcd_servers="https://${MASTER_IPS[$i]}:2379"
+ 	//etcd_servers="$etcd_servers,https://${MASTER_IPS[$i]}:2379"
+-- 
+2.25.1
+
--- a/0007-update-cert-of-ca.patch
+++ b/0007-update-cert-of-ca.patch
@ -0,0 +1,158 @@
+From f21402b93adae2162b2cf6d57dda5c3350bd9995 Mon Sep 17 00:00:00 2001
+From: haozi007 <liuhao27@huawei.com>
+Date: Sat, 11 Sep 2021 11:04:10 +0100
+Subject: [PATCH 4/4] update cert of ca
+
+1. support external ca;
+2. default expired time change to 100 years;
+3. support remote yaml;
+
+Signed-off-by: haozi007 <liuhao27@huawei.com>
+---
+ .../binary/controlplane/controlplane.go       | 20 +++++++++++++++++--
+ .../binary/etcdcluster/etcdcerts.go           | 13 ++++++++++++
+ pkg/utils/certs/certs.go                      |  4 ++--
+ pkg/utils/certs/localcerts.go                 |  2 +-
+ pkg/utils/dependency/dependency.go            |  8 ++++++++
+ 5 files changed, 42 insertions(+), 5 deletions(-)
+
+diff --git a/pkg/clusterdeployment/binary/controlplane/controlplane.go b/pkg/clusterdeployment/binary/controlplane/controlplane.go
+index 2296c57..9c591c4 100644
+--- a/pkg/clusterdeployment/binary/controlplane/controlplane.go
+++ b/pkg/clusterdeployment/binary/controlplane/controlplane.go
+@@ -284,7 +284,7 @@ func generateCerts(savePath string, cg certs.CertGenerator, ccfg *api.ClusterCon
+ 	return generateFrontProxyClientCertificate(savePath, cg)
+ }
+ 
+-func prepareCAs(lcg certs.CertGenerator, savePath string) error {
+func prepareCAs(lcg certs.CertGenerator, savePath string, ccfg *api.ClusterConfig) error {
+ 	if _, err := lcg.RunCommand(fmt.Sprintf("mkdir -p -m 0700 %s", savePath)); err != nil {
+ 		logrus.Errorf("prepare certificates store path failed: %v", err)
+ 		return err
+@@ -293,6 +293,22 @@ func prepareCAs(lcg certs.CertGenerator, savePath string) error {
+ 	if err := lcg.CreateServiceAccount(savePath); err != nil {
+ 		return err
+ 	}
+
+	if ccfg.Certificate.ExternalCA {
+		getStrCmd := func(name string) string {
+			return fmt.Sprintf("cp -f %s/%s %s/%s %s", ccfg.Certificate.ExternalCAPath, certs.GetKeyName(name),
+				ccfg.Certificate.ExternalCAPath, certs.GetCertName(name), savePath)
+		}
+
+		if _, err := lcg.RunCommand(getStrCmd(RootCAName)); err != nil {
+			return err
+		}
+
+		if _, err := lcg.RunCommand(getStrCmd(FrontProxyCAName)); err != nil {
+			return err
+		}
+	}
+
+ 	// create root ca
+ 	caConfig := &certs.CertConfig{
+ 		CommonName: "kubernetes",
+@@ -342,7 +358,7 @@ func createAdminKubeConfigForEggo(lcg certs.CertGenerator, caPath string, savePa
+ func prepareCredentials(clusterName string, ccfg *api.ClusterConfig) error {
+ 	lcg := certs.NewLocalCertGenerator()
+ 	caPath := api.GetCertificateStorePath(clusterName)
+-	if err := prepareCAs(lcg, caPath); err != nil {
+	if err := prepareCAs(lcg, caPath, ccfg); err != nil {
+ 		return err
+ 	}
+ 	return createAdminKubeConfigForEggo(lcg, caPath, api.GetClusterHomePath(clusterName), ccfg)
+diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go
+index 00f6116..29aeea7 100644
+--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go
+++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go
+@@ -17,6 +17,7 @@ package etcdcluster
+ 
+ import (
+ 	"crypto/x509"
+	"fmt"
+ 	"path/filepath"
+ 
+ 	"isula.org/eggo/pkg/api"
+@@ -98,6 +99,18 @@ func generateCaAndApiserverEtcdCerts(ccfg *api.ClusterConfig) error {
+ 	caConfig := &certs.CertConfig{
+ 		CommonName: "etcd-ca",
+ 	}
+
+	if ccfg.Certificate.ExternalCA {
+		_, err := lcg.RunCommand(fmt.Sprintf("mkdir -p -m 0700 %s && cp -f %s/etcd/%s %s", etcdCertsPath, ccfg.Certificate.ExternalCAPath, certs.GetCertName("ca"), etcdCertsPath))
+		if err != nil {
+			return err
+		}
+		_, err = lcg.RunCommand(fmt.Sprintf("cp -f %s/etcd/%s %s", ccfg.Certificate.ExternalCAPath, certs.GetKeyName("ca"), etcdCertsPath))
+		if err != nil {
+			return err
+		}
+	}
+
+ 	if err := lcg.CreateCA(caConfig, etcdCertsPath, "ca"); err != nil {
+ 		return err
+ 	}
+diff --git a/pkg/utils/certs/certs.go b/pkg/utils/certs/certs.go
+index 0f16f7f..e57cfe8 100644
+--- a/pkg/utils/certs/certs.go
+++ b/pkg/utils/certs/certs.go
+@@ -123,7 +123,7 @@ func (o *OpensshBinCertGenerator) CreateCA(config *CertConfig, savePath string,
+ 	sb.WriteString("sudo -E /bin/sh -c \"")
+ 	sb.WriteString(fmt.Sprintf("mkdir -p %s && cd %s", savePath, savePath))
+ 	sb.WriteString(fmt.Sprintf(" && openssl genrsa -out %s.key 4096", name))
+-	sb.WriteString(fmt.Sprintf(" && openssl req -x509 -new -nodes -key %s.key -subj \"%s\" -days 10000 -out %s.crt", name, getSubject(config), name))
+	sb.WriteString(fmt.Sprintf(" && openssl req -x509 -new -nodes -key %s.key -subj \"%s\" -days 36500 -out %s.crt", name, getSubject(config), name))
+ 	sb.WriteString("\"")
+ 
+ 	_, err := o.r.RunCommand(sb.String())
+@@ -184,7 +184,7 @@ func (o *OpensshBinCertGenerator) CreateCertAndKey(caCertPath, caKeyPath string,
+ 	sb.WriteString("sudo -E /bin/sh -c \"")
+ 	sb.WriteString(fmt.Sprintf("cd %s && openssl genrsa -out %s.key 4096", savePath, name))
+ 	sb.WriteString(fmt.Sprintf(" && openssl req -new -key %s.key -out %s.csr -config %s/%s-csr.conf", name, name, savePath, name))
+-	sb.WriteString(fmt.Sprintf(" && openssl x509 -req -in %s.csr -CA %s -CAkey %s -CAcreateserial -out %s.crt -days 10000 -extensions v3_ext -extfile %s-csr.conf", name, caCertPath, caKeyPath, name, name))
+	sb.WriteString(fmt.Sprintf(" && openssl x509 -req -in %s.csr -CA %s -CAkey %s -CAcreateserial -out %s.crt -days 36500 -extensions v3_ext -extfile %s-csr.conf", name, caCertPath, caKeyPath, name, name))
+ 	sb.WriteString(fmt.Sprintf(" && rm -f %s/%s-csr.conf", savePath, name))
+ 	sb.WriteString(fmt.Sprintf(" && rm -f %s.csr", name))
+ 	sb.WriteString("\"")
+diff --git a/pkg/utils/certs/localcerts.go b/pkg/utils/certs/localcerts.go
+index 7feca10..c5fe2e5 100644
+--- a/pkg/utils/certs/localcerts.go
+++ b/pkg/utils/certs/localcerts.go
+@@ -151,7 +151,7 @@ func (l *LocalCertGenerator) CreateCertAndKey(caCertPath, caKeyPath string, conf
+ 		KeyUsage:     x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
+ 		ExtKeyUsage:  config.Usages,
+ 		NotBefore:    caCert.NotBefore,
+-		NotAfter:     time.Now().Add(time.Hour * 24 * 365).UTC(),
+		NotAfter:     time.Now().Add(time.Hour * 24 * 36500).UTC(),
+ 	}
+ 
+ 	certBytes, err := x509.CreateCertificate(rand.Reader, &certConf, caCert, signer.Public(), caKey)
+diff --git a/pkg/utils/dependency/dependency.go b/pkg/utils/dependency/dependency.go
+index 1c24a2e..870b938 100644
+--- a/pkg/utils/dependency/dependency.go
+++ b/pkg/utils/dependency/dependency.go
+@@ -247,6 +247,10 @@ func (dy *dependencyYaml) Install(r runner.Runner) error {
+ 	var sb strings.Builder
+ 	sb.WriteString(fmt.Sprintf("sudo -E /bin/sh -c \"export KUBECONFIG=%s ", dy.kubeconfig))
+ 	for _, y := range dy.yaml {
+		if strings.HasPrefix(y.Name, "http://") || strings.HasPrefix(y.Name, "https://") {
+			sb.WriteString(fmt.Sprintf("&& kubectl apply -f %s ", y.Name))
+			continue
+		}
+ 		sb.WriteString(fmt.Sprintf("&& kubectl apply -f %s/%s ", dy.srcPath, y.Name))
+ 	}
+ 	sb.WriteString("\"")
+@@ -262,6 +266,10 @@ func (dy *dependencyYaml) Remove(r runner.Runner) error {
+ 	var sb strings.Builder
+ 	sb.WriteString(fmt.Sprintf("sudo -E /bin/sh -c \"export KUBECONFIG=%s ", dy.kubeconfig))
+ 	for _, y := range dy.yaml {
+		if strings.HasPrefix(y.Name, "http://") || strings.HasPrefix(y.Name, "https://") {
+			sb.WriteString(fmt.Sprintf("&& kubectl delete -f %s ", y.Name))
+			continue
+		}
+ 		sb.WriteString(fmt.Sprintf("&& kubectl delete -f %s/%s ", dy.srcPath, y.Name))
+ 	}
+ 	sb.WriteString("\"")
+-- 
+2.25.1
+
--- a/eggo.spec
+++ b/eggo.spec
@ -1,6 +1,6 @@
 Name: eggo
 Version: 0.9.3
-Release: 3
+Release: 4
 Summary: Eggo is a tool built to provide standard multi-ways for creating Kubernetes clusters.
 License: Mulan PSL V2
 URL: https://gitee.com/openeuler/eggo
@ -9,6 +9,10 @@ Source0: https://gitee.com/openeuler/eggo/repository/archive/v%{version}.tar.gz
 Patch0001:	0001-remove-residual-objects.patch
 Patch0002:	0002-remove-residual-in-infrastruce.patch
 Patch0003:	0003-eggo-static-compile.patch
+Patch0004:	0004-use-local-cert-replace-openssl.patch
+Patch0005:	0005-add-coredns-checker.patch
+Patch0006:	0006-add-list-command-for-eggo.patch
+Patch0007:	0007-update-cert-of-ca.patch

 BuildRequires: make
 BuildRequires: git
@ -49,6 +53,12 @@ rm -rf src
 %attr(551,root,root) %{_bindir}/eggo

 %changelog
+* Mon Sep 13 2021 zhangxiaoyu<zhangxiaoyu58@huawei.com> - 0.9.3-4
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:use local cert, add coredns checker, add list command, update cert of ca
+
 * Tue Sep 07 2021 zhangxiaoyu<zhangxiaoyu58@huawei.com> - 0.9.3-3
 - Type:bugfix
 - CVE:NA