204 lines
8.3 KiB
Diff
204 lines
8.3 KiB
Diff
From 5a443177a9c70296d9a3e57b2336e33ba72c6657 Mon Sep 17 00:00:00 2001
|
|
From: haozi007 <liuhao27@huawei.com>
|
|
Date: Wed, 8 Sep 2021 04:21:32 +0100
|
|
Subject: [PATCH 1/4] use local cert replace openssl
|
|
|
|
Signed-off-by: haozi007 <liuhao27@huawei.com>
|
|
---
|
|
cmd/checker.go | 10 ++++++++++
|
|
cmd/checker_test.go | 9 +++++++++
|
|
.../binary/controlplane/controlplane.go | 2 +-
|
|
.../binary/etcdcluster/etcdcerts.go | 8 ++++----
|
|
.../binary/etcdcluster/etcdcluster.go | 2 +-
|
|
.../binary/etcdcluster/etcdcluster_test.go | 2 +-
|
|
pkg/utils/certs/certs_test.go | 12 ++++++------
|
|
pkg/utils/runner/runner.go | 4 ++--
|
|
8 files changed, 34 insertions(+), 15 deletions(-)
|
|
|
|
diff --git a/cmd/checker.go b/cmd/checker.go
|
|
index a924629..4530f2b 100644
|
|
--- a/cmd/checker.go
|
|
+++ b/cmd/checker.go
|
|
@@ -24,6 +24,7 @@ import (
|
|
"time"
|
|
|
|
"isula.org/eggo/pkg/api"
|
|
+ "isula.org/eggo/pkg/utils"
|
|
"isula.org/eggo/pkg/utils/endpoint"
|
|
chain "isula.org/eggo/pkg/utils/responsibilitychain"
|
|
"k8s.io/apimachinery/pkg/util/validation"
|
|
@@ -388,6 +389,15 @@ func (ccr *InstallConfigResponsibility) Execute() error {
|
|
if !filepath.IsAbs(path) {
|
|
return fmt.Errorf("srcpackage %s path: %s must be absolute", arch, path)
|
|
}
|
|
+ if _, ok := ccr.arch[arch]; ok {
|
|
+ exist, err := utils.CheckPathExist(path)
|
|
+ if err != nil {
|
|
+ return err
|
|
+ }
|
|
+ if !exist {
|
|
+ return fmt.Errorf("have arch: %s node, but src package: %s is not exist", arch, path)
|
|
+ }
|
|
+ }
|
|
}
|
|
|
|
if len(ccr.conf.PackageSrc.SrcPath) != 0 {
|
|
diff --git a/cmd/checker_test.go b/cmd/checker_test.go
|
|
index fefe0e6..1fee45a 100644
|
|
--- a/cmd/checker_test.go
|
|
+++ b/cmd/checker_test.go
|
|
@@ -44,6 +44,15 @@ func TestRunChecker(t *testing.T) {
|
|
t.Fatalf("load deploy config file failed: %v", err)
|
|
}
|
|
|
|
+ if err = RunChecker(conf); err == nil {
|
|
+ t.Fatalf("test invalid cluster config failed: %v", err)
|
|
+ }
|
|
+
|
|
+ for _, fn := range conf.InstallConfig.PackageSrc.SrcPath {
|
|
+ os.MkdirAll(fn, 0755)
|
|
+ defer os.RemoveAll(fn)
|
|
+ }
|
|
+
|
|
// test check success
|
|
if err = RunChecker(conf); err != nil {
|
|
t.Fatalf("test checker success failed: %v", err)
|
|
diff --git a/pkg/clusterdeployment/binary/controlplane/controlplane.go b/pkg/clusterdeployment/binary/controlplane/controlplane.go
|
|
index 5e6a8a0..2296c57 100644
|
|
--- a/pkg/clusterdeployment/binary/controlplane/controlplane.go
|
|
+++ b/pkg/clusterdeployment/binary/controlplane/controlplane.go
|
|
@@ -285,7 +285,7 @@ func generateCerts(savePath string, cg certs.CertGenerator, ccfg *api.ClusterCon
|
|
}
|
|
|
|
func prepareCAs(lcg certs.CertGenerator, savePath string) error {
|
|
- if _, err := lcg.RunCommand(fmt.Sprintf("sudo mkdir -p -m 0700 %s", savePath)); err != nil {
|
|
+ if _, err := lcg.RunCommand(fmt.Sprintf("mkdir -p -m 0700 %s", savePath)); err != nil {
|
|
logrus.Errorf("prepare certificates store path failed: %v", err)
|
|
return err
|
|
}
|
|
diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go
|
|
index 1262e99..00f6116 100644
|
|
--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go
|
|
+++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcerts.go
|
|
@@ -89,21 +89,21 @@ func generateEtcdCerts(r runner.Runner, ccfg *api.ClusterConfig, hostConfig *api
|
|
}
|
|
|
|
// see: https://kubernetes.io/docs/setup/best-practices/certificates/
|
|
-func generateCaAndApiserverEtcdCerts(r runner.Runner, ccfg *api.ClusterConfig) error {
|
|
+func generateCaAndApiserverEtcdCerts(ccfg *api.ClusterConfig) error {
|
|
savePath := api.GetCertificateStorePath(ccfg.Name)
|
|
etcdCertsPath := filepath.Join(savePath, "etcd")
|
|
- cg := certs.NewOpensshBinCertGenerator(r)
|
|
+ lcg := certs.NewLocalCertGenerator()
|
|
|
|
// generate etcd root ca
|
|
caConfig := &certs.CertConfig{
|
|
CommonName: "etcd-ca",
|
|
}
|
|
- if err := cg.CreateCA(caConfig, etcdCertsPath, "ca"); err != nil {
|
|
+ if err := lcg.CreateCA(caConfig, etcdCertsPath, "ca"); err != nil {
|
|
return err
|
|
}
|
|
|
|
// generate apiserver-etcd-client certificates
|
|
- if err := genApiserverEtcdClientCerts(savePath, cg, ccfg); err != nil {
|
|
+ if err := genApiserverEtcdClientCerts(savePath, lcg, ccfg); err != nil {
|
|
return err
|
|
}
|
|
|
|
diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go
|
|
index 88db696..5444e77 100644
|
|
--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go
|
|
+++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster.go
|
|
@@ -229,7 +229,7 @@ func prepareEtcdConfigs(ccfg *api.ClusterConfig, r runner.Runner, hostConfig *ap
|
|
|
|
func Init(conf *api.ClusterConfig) error {
|
|
// generate ca certificates and kube-apiserver-etcd-client certificates
|
|
- if err := generateCaAndApiserverEtcdCerts(&runner.LocalRunner{}, conf); err != nil {
|
|
+ if err := generateCaAndApiserverEtcdCerts(conf); err != nil {
|
|
return err
|
|
}
|
|
|
|
diff --git a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go
|
|
index 43be12d..f19394a 100644
|
|
--- a/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go
|
|
+++ b/pkg/clusterdeployment/binary/etcdcluster/etcdcluster_test.go
|
|
@@ -172,7 +172,7 @@ func TestEtcdCertsAndConfig(t *testing.T) {
|
|
t.Fatalf("prepare etcd configs failed: %v", err)
|
|
}
|
|
|
|
- if err = generateCaAndApiserverEtcdCerts(r, deployConf); err != nil {
|
|
+ if err = generateCaAndApiserverEtcdCerts(deployConf); err != nil {
|
|
t.Fatalf("generate ca and apiserver etcd certs failed: %v", err)
|
|
}
|
|
|
|
diff --git a/pkg/utils/certs/certs_test.go b/pkg/utils/certs/certs_test.go
|
|
index 522d0cb..59a4a65 100644
|
|
--- a/pkg/utils/certs/certs_test.go
|
|
+++ b/pkg/utils/certs/certs_test.go
|
|
@@ -12,8 +12,8 @@ import (
|
|
|
|
func TestNewLocalCertGenerator(t *testing.T) {
|
|
savePath := "/tmp/haozi"
|
|
- cg := NewLocalCertGenerator()
|
|
- err := cg.CreateServiceAccount(savePath)
|
|
+ lcg := NewLocalCertGenerator()
|
|
+ err := lcg.CreateServiceAccount(savePath)
|
|
if err != nil {
|
|
t.Fatalf("create service account failed: %v", err)
|
|
}
|
|
@@ -37,7 +37,7 @@ func TestNewLocalCertGenerator(t *testing.T) {
|
|
},
|
|
Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
|
|
}
|
|
- err = cg.CreateCA(apiserverConfig, savePath, "ca")
|
|
+ err = lcg.CreateCA(apiserverConfig, savePath, "ca")
|
|
if err != nil {
|
|
t.Fatalf("create apiserver ca failed: %v", err)
|
|
}
|
|
@@ -59,16 +59,16 @@ func TestNewLocalCertGenerator(t *testing.T) {
|
|
}
|
|
caCertPath := fmt.Sprintf("%s/ca.crt", savePath)
|
|
caKeyPath := fmt.Sprintf("%s/ca.key", savePath)
|
|
- err = cg.CreateCertAndKey(caCertPath, caKeyPath, adminConfig, savePath, "admin")
|
|
+ err = lcg.CreateCertAndKey(caCertPath, caKeyPath, adminConfig, savePath, "admin")
|
|
if err != nil {
|
|
t.Fatalf("create cert and key for admin failed: %v", err)
|
|
}
|
|
- err = cg.CreateKubeConfig(savePath, constants.KubeConfigFileNameAdmin, caCertPath, "default-cluster", "default-admin",
|
|
+ err = lcg.CreateKubeConfig(savePath, constants.KubeConfigFileNameAdmin, caCertPath, "default-cluster", "default-admin",
|
|
filepath.Join(savePath, "admin.crt"), filepath.Join(savePath, "admin.key"), "https://127.0.0.1:6443")
|
|
if err != nil {
|
|
t.Fatalf("create kubeconfig for admin failed: %v", err)
|
|
}
|
|
- if err := cg.CleanAll(savePath); err != nil {
|
|
+ if err := lcg.CleanAll(savePath); err != nil {
|
|
t.Fatalf("clean all failed: %v", err)
|
|
}
|
|
}
|
|
diff --git a/pkg/utils/runner/runner.go b/pkg/utils/runner/runner.go
|
|
index 3b15a08..9e1689e 100644
|
|
--- a/pkg/utils/runner/runner.go
|
|
+++ b/pkg/utils/runner/runner.go
|
|
@@ -51,7 +51,7 @@ type LocalRunner struct {
|
|
}
|
|
|
|
func (r *LocalRunner) copyDir(srcDir, dstDir string) error {
|
|
- output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("sudo cp -rf %v %v", srcDir, dstDir)).CombinedOutput()
|
|
+ output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("cp -rf %v %v", srcDir, dstDir)).CombinedOutput()
|
|
if err != nil {
|
|
logrus.Errorf("[local] copy %s to %s failed: %v\noutput: %v\n", srcDir, dstDir, err, string(output))
|
|
return err
|
|
@@ -70,7 +70,7 @@ func (r *LocalRunner) Copy(src, dst string) error {
|
|
// just copy file
|
|
return r.copyDir(src, dst)
|
|
}
|
|
- output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("sudo cp -f %v %v", src, dst)).CombinedOutput()
|
|
+ output, err := exec.Command("/bin/sh", "-c", fmt.Sprintf("cp -f %v %v", src, dst)).CombinedOutput()
|
|
if err != nil {
|
|
logrus.Errorf("[local] copy %s to %s failed: %v\noutput: %v\n", src, dst, err, string(output))
|
|
} else {
|
|
--
|
|
2.25.1
|
|
|