From 5a443177a9c70296d9a3e57b2336e33ba72c6657 Mon Sep 17 00:00:00 2001 From: haozi007 Date: Wed, 8 Sep 2021 04:21:32 +0100 Subject: [PATCH 1/4] use local cert replace openssl Signed-off-by: haozi007 --- cmd/checker.go | 10 ++++++++++ cmd/checker_test.go | 9 +++++++++ .../binary/controlplane/controlplane.go | 2 +- .../binary/etcdcluster/etcdcerts.go | 8 ++++---- .../binary/etcdcluster/etcdcluster.go | 2 +- .../binary/etcdcluster/etcdcluster_test.go | 2 +- pkg/utils/certs/certs_test.go | 12 ++++++------ pkg/utils/runner/runner.go | 4 ++-- 8 files changed, 34 insertions(+), 15 deletions(-) diff --git a/cmd/checker.go b/cmd/checker.go index a924629..4530f2b 100644 --- a/cmd/checker.go +++ b/cmd/checker.go @@ -24,6 +24,7 @@ import ( "time" "isula.org/eggo/pkg/api" + "isula.org/eggo/pkg/utils" "isula.org/eggo/pkg/utils/endpoint" chain "isula.org/eggo/pkg/utils/responsibilitychain" "k8s.io/apimachinery/pkg/util/validation" @@ -388,6 +389,15 @@ func (ccr *InstallConfigResponsibility) Execute() error { if !filepath.IsAbs(path) { return fmt.Errorf("srcpackage %s path: %s must be absolute", arch, path) } + if _, ok := ccr.arch[arch]; ok { + exist, err := utils.CheckPathExist(path) + if err != nil { + return err + } + if !exist { + return fmt.Errorf("have arch: %s node, but src package: %s is not exist", arch, path) + } + } } if len(ccr.conf.PackageSrc.SrcPath) != 0 { diff --git a/cmd/checker_test.go b/cmd/checker_test.go index fefe0e6..1fee45a 100644 --- a/cmd/checker_test.go +++ b/cmd/checker_test.go @@ -44,6 +44,15 @@ func TestRunChecker(t *testing.T) { t.Fatalf("load deploy config file failed: %v", err) } + if err = RunChecker(conf); err == nil { + t.Fatalf("test invalid cluster config failed: %v", err) + } + + for _, fn := range conf.InstallConfig.PackageSrc.SrcPath { + os.MkdirAll(fn, 0755) + defer os.RemoveAll(fn) + } + // test check success if err = RunChecker(conf); err != nil { t.Fatalf("test checker success failed: %v", err) diff --git a/pkg/clusterdeployment/binary/controlplane/controlplane.go b/pkg/clusterdeployment/binary/controlplane/controlplane.go index 5e6a8a0..2296c57 100644 --- a/pkg/clusterdeployment/binary/controlplane/controlplane.go +++ b/pkg/clusterdeployment/binary/controlplane/controlplane.go @@ -285,7 +285,7 @@ func generateCerts(savePath string, cg certs.CertGenerator, ccfg *api.ClusterCon } func prepareCAs(lcg certs.CertGenerator, savePath string) error { - if _, err := lcg.RunCommand(fmt.Sprintf("sudo mkdir -p -m 0700 %s", savePath)); err != nil { + if _, err := lcg.RunCommand(fmt.Sprintf("mkdir -p -m 0700 %s", savePath)); err != nil { logrus.Errorf("prepare certificates store path failed: %v", err) return err } diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go index 1262e99..00f6116 100644 --- a/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go +++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go @@ -89,21 +89,21 @@ func generateEtcdCerts(r runner.Runner, ccfg *api.ClusterConfig, hostConfig *api } // see: https://kubernetes.io/docs/setup/best-practices/certificates/ -func generateCaAndApiserverEtcdCerts(r runner.Runner, ccfg *api.ClusterConfig) error { +func generateCaAndApiserverEtcdCerts(ccfg *api.ClusterConfig) error { savePath := api.GetCertificateStorePath(ccfg.Name) etcdCertsPath := filepath.Join(savePath, "etcd") - cg := certs.NewOpensshBinCertGenerator(r) + lcg := certs.NewLocalCertGenerator() // generate etcd root ca caConfig := &certs.CertConfig{ CommonName: "etcd-ca", } - if err := cg.CreateCA(caConfig, etcdCertsPath, "ca"); err != nil { + if err := lcg.CreateCA(caConfig, etcdCertsPath, "ca"); err != nil { return err } // generate apiserver-etcd-client certificates - if err := genApiserverEtcdClientCerts(savePath, cg, ccfg); err != nil { + if err := genApiserverEtcdClientCerts(savePath, lcg, ccfg); err != nil { return err } diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go index 88db696..5444e77 100644 --- a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go +++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go @@ -229,7 +229,7 @@ func prepareEtcdConfigs(ccfg *api.ClusterConfig, r runner.Runner, hostConfig *ap func Init(conf *api.ClusterConfig) error { // generate ca certificates and kube-apiserver-etcd-client certificates - if err := generateCaAndApiserverEtcdCerts(&runner.LocalRunner{}, conf); err != nil { + if err := generateCaAndApiserverEtcdCerts(conf); err != nil { return err } diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go index 43be12d..f19394a 100644 --- a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go +++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go @@ -172,7 +172,7 @@ func TestEtcdCertsAndConfig(t *testing.T) { t.Fatalf("prepare etcd configs failed: %v", err) } - if err = generateCaAndApiserverEtcdCerts(r, deployConf); err != nil { + if err = generateCaAndApiserverEtcdCerts(deployConf); err != nil { t.Fatalf("generate ca and apiserver etcd certs failed: %v", err) } diff --git a/pkg/utils/certs/certs_test.go b/pkg/utils/certs/certs_test.go index 522d0cb..59a4a65 100644 --- a/pkg/utils/certs/certs_test.go +++ b/pkg/utils/certs/certs_test.go @@ -12,8 +12,8 @@ import ( func TestNewLocalCertGenerator(t *testing.T) { savePath := "/tmp/haozi" - cg := NewLocalCertGenerator() - err := cg.CreateServiceAccount(savePath) + lcg := NewLocalCertGenerator() + err := lcg.CreateServiceAccount(savePath) if err != nil { t.Fatalf("create service account failed: %v", err) } @@ -37,7 +37,7 @@ func TestNewLocalCertGenerator(t *testing.T) { }, Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, } - err = cg.CreateCA(apiserverConfig, savePath, "ca") + err = lcg.CreateCA(apiserverConfig, savePath, "ca") if err != nil { t.Fatalf("create apiserver ca failed: %v", err) } @@ -59,16 +59,16 @@ func TestNewLocalCertGenerator(t *testing.T) { } caCertPath := fmt.Sprintf("%s/ca.crt", savePath) caKeyPath := fmt.Sprintf("%s/ca.key", savePath) - err = cg.CreateCertAndKey(caCertPath, caKeyPath, adminConfig, savePath, "admin") + err = lcg.CreateCertAndKey(caCertPath, caKeyPath, adminConfig, savePath, "admin") if err != nil { t.Fatalf("create cert and key for admin failed: %v", err) } - err = cg.CreateKubeConfig(savePath, constants.KubeConfigFileNameAdmin, caCertPath, "default-cluster", "default-admin", + err = lcg.CreateKubeConfig(savePath, constants.KubeConfigFileNameAdmin, caCertPath, "default-cluster", "default-admin", filepath.Join(savePath, "admin.crt"), filepath.Join(savePath, "admin.key"), "https://127.0.0.1:6443") if err != nil { t.Fatalf("create kubeconfig for admin failed: %v", err) } - if err := cg.CleanAll(savePath); err != nil { + if err := lcg.CleanAll(savePath); err != nil { t.Fatalf("clean all failed: %v", err) } } diff --git a/pkg/utils/runner/runner.go b/pkg/utils/runner/runner.go index 3b15a08..9e1689e 100644 --- a/pkg/utils/runner/runner.go +++ b/pkg/utils/runner/runner.go @@ -51,7 +51,7 @@ type LocalRunner struct { } func (r *LocalRunner) copyDir(srcDir, dstDir string) error { - output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("sudo cp -rf %v %v", srcDir, dstDir)).CombinedOutput() + output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("cp -rf %v %v", srcDir, dstDir)).CombinedOutput() if err != nil { logrus.Errorf("[local] copy %s to %s failed: %v\noutput: %v\n", srcDir, dstDir, err, string(output)) return err @@ -70,7 +70,7 @@ func (r *LocalRunner) Copy(src, dst string) error { // just copy file return r.copyDir(src, dst) } - output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("sudo cp -f %v %v", src, dst)).CombinedOutput() + output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("cp -f %v %v", src, dst)).CombinedOutput() if err != nil { logrus.Errorf("[local] copy %s to %s failed: %v\noutput: %v\n", src, dst, err, string(output)) } else { -- 2.25.1