mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-15 14:53:44 +00:00
Fixing bug: non-leaders should retry fetching auth keys
This commit is contained in:
parent
533d4bfd54
commit
12a5c3a2f3
@ -159,15 +159,9 @@ def setup_leader_authentication():
|
|||||||
api_opts.add('--service-cluster-ip-range', service_cidr())
|
api_opts.add('--service-cluster-ip-range', service_cidr())
|
||||||
hookenv.status_set('maintenance', 'Rendering authentication templates.')
|
hookenv.status_set('maintenance', 'Rendering authentication templates.')
|
||||||
|
|
||||||
# Try to fetch data from leadership broadcast.
|
# Try first to fetch data from an old leadership broadcast.
|
||||||
contents = charms.leadership.leader_get(service_key)
|
|
||||||
if contents is not None:
|
|
||||||
# Since there was a leader in the past and we are bootstrapping
|
|
||||||
# the leader here, all masters were killed and a new one is
|
|
||||||
# added again.
|
|
||||||
keys = [service_key, basic_auth, known_tokens]
|
keys = [service_key, basic_auth, known_tokens]
|
||||||
get_keys_from_leader(keys)
|
if not get_keys_from_leader(keys):
|
||||||
else:
|
|
||||||
if not os.path.isfile(basic_auth):
|
if not os.path.isfile(basic_auth):
|
||||||
setup_basic_auth('admin', 'admin', 'admin')
|
setup_basic_auth('admin', 'admin', 'admin')
|
||||||
if not os.path.isfile(known_tokens):
|
if not os.path.isfile(known_tokens):
|
||||||
@ -211,9 +205,10 @@ def setup_non_leader_authentication():
|
|||||||
|
|
||||||
hookenv.status_set('maintenance', 'Rendering authentication templates.')
|
hookenv.status_set('maintenance', 'Rendering authentication templates.')
|
||||||
|
|
||||||
# Set an array for looping logic
|
|
||||||
keys = [service_key, basic_auth, known_tokens]
|
keys = [service_key, basic_auth, known_tokens]
|
||||||
get_keys_from_leader(keys)
|
if not get_keys_from_leader(keys):
|
||||||
|
# the keys were not retrieved. Non-leaders have to retry.
|
||||||
|
return
|
||||||
|
|
||||||
api_opts.add('--basic-auth-file', basic_auth)
|
api_opts.add('--basic-auth-file', basic_auth)
|
||||||
api_opts.add('--token-auth-file', known_tokens)
|
api_opts.add('--token-auth-file', known_tokens)
|
||||||
@ -225,6 +220,16 @@ def setup_non_leader_authentication():
|
|||||||
|
|
||||||
|
|
||||||
def get_keys_from_leader(keys):
|
def get_keys_from_leader(keys):
|
||||||
|
"""
|
||||||
|
Gets the broadcasted keys from the leader and stores them in
|
||||||
|
the corresponding files.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
keys: list of keys. Keys are actually files on the FS.
|
||||||
|
|
||||||
|
Returns: True if all key were fetched, False if not.
|
||||||
|
|
||||||
|
"""
|
||||||
# This races with other codepaths, and seems to require being created first
|
# This races with other codepaths, and seems to require being created first
|
||||||
# This block may be extracted later, but for now seems to work as intended
|
# This block may be extracted later, but for now seems to work as intended
|
||||||
os.makedirs('/etc/kubernetes', exist_ok=True)
|
os.makedirs('/etc/kubernetes', exist_ok=True)
|
||||||
@ -240,10 +245,11 @@ def get_keys_from_leader(keys):
|
|||||||
msg = "Waiting on leaders crypto keys."
|
msg = "Waiting on leaders crypto keys."
|
||||||
hookenv.status_set('waiting', msg)
|
hookenv.status_set('waiting', msg)
|
||||||
hookenv.log('Missing content for file {}'.format(k))
|
hookenv.log('Missing content for file {}'.format(k))
|
||||||
return
|
return False
|
||||||
# Write out the file and move on to the next item
|
# Write out the file and move on to the next item
|
||||||
with open(k, 'w+') as fp:
|
with open(k, 'w+') as fp:
|
||||||
fp.write(contents)
|
fp.write(contents)
|
||||||
|
return True
|
||||||
|
|
||||||
|
|
||||||
@when('kubernetes-master.components.installed')
|
@when('kubernetes-master.components.installed')
|
||||||
|
Loading…
Reference in New Issue
Block a user