From a9aa892177b9e529be251105f45163d3d32552c5 Mon Sep 17 00:00:00 2001 From: Aaron Crickenberger Date: Thu, 26 Jul 2018 14:48:51 -0700 Subject: [PATCH] Exit gce kube-up.sh early if openssl is LibreSSL macOS has an openssl binary, but it's actually LibreSSL, which doesn't play well with the easyrsa script that cluster/gce/util.sh uses to generate certs Instead of waiting until we generate certs to discover easyrsa doesn't work, consider openssl a prereq for gce, and include a check for the version string starting with OpenSSL Also, mirror kube-up.sh's "... calling" output in kube-down.sh --- cluster/gce/util.sh | 5 +++++ cluster/kube-down.sh | 3 +++ hack/lib/util.sh | 7 +++++++ 3 files changed, 15 insertions(+) diff --git a/cluster/gce/util.sh b/cluster/gce/util.sh index fae2463497f..1d7d475bc5a 100755 --- a/cluster/gce/util.sh +++ b/cluster/gce/util.sh @@ -109,6 +109,11 @@ function split_csv() { # Verify prereqs function verify-prereqs() { local cmd + + # we use openssl to generate certs + kube::util::test_openssl_installed + + # we use gcloud to create the cluster, gsutil to stage binaries and data for cmd in gcloud gsutil; do if ! which "${cmd}" >/dev/null; then local resp="n" diff --git a/cluster/kube-down.sh b/cluster/kube-down.sh index 5993dc4a413..7c183c6eeb1 100755 --- a/cluster/kube-down.sh +++ b/cluster/kube-down.sh @@ -30,8 +30,11 @@ source "${KUBE_ROOT}/cluster/kube-util.sh" echo "Bringing down cluster using provider: $KUBERNETES_PROVIDER" +echo "... calling verify-prereqs" >&2 verify-prereqs +echo "... calling verify-kube-binaries" >&2 verify-kube-binaries +echo "... calling kube-down" >&2 kube-down echo "Done" diff --git a/hack/lib/util.sh b/hack/lib/util.sh index 82010551f9b..1d2f714a49d 100755 --- a/hack/lib/util.sh +++ b/hack/lib/util.sh @@ -539,7 +539,14 @@ function kube::util::test_openssl_installed { if [ "$?" != "0" ]; then echo "Failed to run openssl. Please ensure openssl is installed" exit 1 + elif [ "$(openssl version | cut -d\ -f1)" == "LibreSSL" ]; then + echo "LibreSSL is not supported. Please ensure openssl points to an OpenSSL binary" + if [ "$(uname -s)" == "Darwin" ]; then + echo 'On macOS we recommend using homebrew and adding "$(brew --prefix openssl)/bin" to your PATH' + fi + exit 1 fi + OPENSSL_BIN=$(command -v openssl) }