github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-28 14:07:14 +00:00
Code Issues Projects Releases Wiki Activity

Modify nodemanager to use credentials from secret

Browse Source
This commit is contained in:
Abrar Shivani 2018-05-08 14:39:56 -07:00
parent 94117d748c
commit 21a7e9b1cb
2 changed files with 99 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
pkg/cloudprovider/providers/vsphere/nodemanager.go
View File

@ -45,10 +45,13 @@ type NodeManager struct {
nodeInfoMap map[string]*NodeInfo nodeInfoMap map[string]*NodeInfo
// Maps node name to node structure // Maps node name to node structure
registeredNodes map[string]*v1.Node registeredNodes map[string]*v1.Node
//CredentialsManager
credentialManager *SecretCredentialManager
// Mutexes // Mutexes
registeredNodesLock sync.RWMutex registeredNodesLock sync.RWMutex
nodeInfoLock sync.RWMutex nodeInfoLock sync.RWMutex
credentialManagerLock sync.Mutex
} }
type NodeDetails struct { type NodeDetails struct {
@ -119,7 +122,7 @@ func (nm *NodeManager) DiscoverNode(node *v1.Node) error {
ctx, cancel := context.WithCancel(context.Background()) ctx, cancel := context.WithCancel(context.Background())
defer cancel() defer cancel()
err := vsi.conn.Connect(ctx) err := nm.vcConnect(ctx, vsi)
if err != nil { if err != nil {
glog.V(4).Info("Discovering node error vc:", err) glog.V(4).Info("Discovering node error vc:", err)
setGlobalErr(err) setGlobalErr(err)
@ -297,30 +300,17 @@ func (nm *NodeManager) GetNodeInfo(nodeName k8stypes.NodeName) (NodeInfo, error)
// //
// This method is a getter but it can cause side-effect of updating NodeInfo objects. // This method is a getter but it can cause side-effect of updating NodeInfo objects.
func (nm *NodeManager) GetNodeDetails() ([]NodeDetails, error) { func (nm *NodeManager) GetNodeDetails() ([]NodeDetails, error) {
nm.nodeInfoLock.RLock() nm.registeredNodesLock.Lock()
defer nm.nodeInfoLock.RUnlock() defer nm.registeredNodesLock.Unlock()
var nodeDetails []NodeDetails var nodeDetails []NodeDetails
vsphereSessionRefreshMap := make(map[string]bool)
for nodeName, nodeInfo := range nm.nodeInfoMap { for nodeName, nodeObj := range nm.registeredNodes {
var n *NodeInfo nodeInfo, err := nm.GetNodeInfoWithNodeObject(nodeObj)
var err error
if vsphereSessionRefreshMap[nodeInfo.vcServer] {
// vSphere connection already refreshed. Just refresh VM and Datacenter.
glog.V(4).Infof("Renewing NodeInfo %+v for node %q. No new connection needed.", nodeInfo, nodeName)
n, err = nm.renewNodeInfo(nodeInfo, false)
} else {
// Refresh vSphere connection, VM and Datacenter.
glog.V(4).Infof("Renewing NodeInfo %+v for node %q with new vSphere connection.", nodeInfo, nodeName)
n, err = nm.renewNodeInfo(nodeInfo, true)
vsphereSessionRefreshMap[nodeInfo.vcServer] = true
}
if err != nil { if err != nil {
return nil, err return nil, err
} }
nm.nodeInfoMap[nodeName] = n
glog.V(4).Infof("Updated NodeInfo %q for node %q.", nodeInfo, nodeName) glog.V(4).Infof("Updated NodeInfo %q for node %q.", nodeInfo, nodeName)
nodeDetails = append(nodeDetails, NodeDetails{nodeName, n.vm, n.vmUUID}) nodeDetails = append(nodeDetails, NodeDetails{nodeName, nodeInfo.vm, nodeInfo.vmUUID})
} }
return nodeDetails, nil return nodeDetails, nil
} }
@ -355,7 +345,7 @@ func (nm *NodeManager) renewNodeInfo(nodeInfo *NodeInfo, reconnect bool) (*NodeI
return nil, err return nil, err
} }
if reconnect { if reconnect {
err := vsphereInstance.conn.Connect(ctx) err := nm.vcConnect(ctx, vsphereInstance)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -370,3 +360,82 @@ func (nodeInfo *NodeInfo) VM() *vclib.VirtualMachine {
} }
return nodeInfo.vm return nodeInfo.vm
} }
// vcConnect connects to vCenter with existing credentials
// If credentials are invalid:
// 1. It will fetch credentials from credentialManager
// 2. Update the credentials
// 3. Connects again to vCenter with fetched credentials
func (nm *NodeManager) vcConnect(ctx context.Context, vsphereInstance *VSphereInstance) error {
err := vsphereInstance.conn.Connect(ctx)
if err == nil {
return nil
}
credentialManager := nm.CredentialManager()
if !vclib.IsInvalidCredentialsError(err) || credentialManager == nil {
glog.Errorf("Cannot connect to vCenter with err: %v", err)
return err
}
glog.V(4).Infof("Invalid credentials. Cannot connect to server %q. "+
"Fetching credentials from secrets.", vsphereInstance.conn.Hostname)
// Get latest credentials from SecretCredentialManager
credentials, err := credentialManager.GetCredential(vsphereInstance.conn.Hostname)
if err != nil {
glog.Errorf("Failed to get credentials from Secret Credential Manager with err: %v", err)
return err
}
vsphereInstance.conn.UpdateCredentials(credentials.User, credentials.Password)
return vsphereInstance.conn.Connect(ctx)
}
// GetNodeInfoWithNodeObject returns a NodeInfo which datacenter, vm and vc server ip address.
// This method returns an error if it is unable find node VCs and DCs listed in vSphere.conf
// NodeInfo returned may not be updated to reflect current VM location.
//
// This method is a getter but it can cause side-effect of updating NodeInfo object.
func (nm *NodeManager) GetNodeInfoWithNodeObject(node *v1.Node) (NodeInfo, error) {
nodeName := node.Name
getNodeInfo := func(nodeName string) *NodeInfo {
nm.nodeInfoLock.RLock()
nodeInfo := nm.nodeInfoMap[nodeName]
nm.nodeInfoLock.RUnlock()
return nodeInfo
}
nodeInfo := getNodeInfo(nodeName)
var err error
if nodeInfo == nil {
// Rediscover node if no NodeInfo found.
glog.V(4).Infof("No VM found for node %q. Initiating rediscovery.", nodeName)
err = nm.DiscoverNode(node)
if err != nil {
glog.Errorf("Error %q node info for node %q not found", err, nodeName)
return NodeInfo{}, err
}
nodeInfo = getNodeInfo(nodeName)
} else {
// Renew the found NodeInfo to avoid stale vSphere connection.
glog.V(4).Infof("Renewing NodeInfo %+v for node %q", nodeInfo, nodeName)
nodeInfo, err = nm.renewNodeInfo(nodeInfo, true)
if err != nil {
glog.Errorf("Error %q occurred while renewing NodeInfo for %q", err, nodeName)
return NodeInfo{}, err
}
nm.addNodeInfo(nodeName, nodeInfo)
}
return *nodeInfo, nil
}
func (nm *NodeManager) CredentialManager() *SecretCredentialManager {
nm.credentialManagerLock.Lock()
defer nm.credentialManagerLock.Unlock()
return nm.credentialManager
}
func (nm *NodeManager) UpdateCredentialManager(credentialManager *SecretCredentialManager) {
nm.credentialManagerLock.Lock()
defer nm.credentialManagerLock.Unlock()
nm.credentialManager = credentialManager
}

8
pkg/cloudprovider/providers/vsphere/vclib/utils.go
View File

@ -172,6 +172,14 @@ func IsManagedObjectNotFoundError(err error) bool {
return isManagedObjectNotFoundError return isManagedObjectNotFoundError
} }
func IsInvalidCredentialsError(err error) bool {
isInvalidCredentialsError := false
if soap.IsSoapFault(err) {
_, isInvalidCredentialsError = soap.ToSoapFault(err).VimFault().(types.InvalidLogin)
}
return isInvalidCredentialsError
}
// VerifyVolumePathsForVM verifies if the volume paths (volPaths) are attached to VM. // VerifyVolumePathsForVM verifies if the volume paths (volPaths) are attached to VM.
func VerifyVolumePathsForVM(vmMo mo.VirtualMachine, volPaths []string, nodeName string, nodeVolumeMap map[string]map[string]bool) { func VerifyVolumePathsForVM(vmMo mo.VirtualMachine, volPaths []string, nodeName string, nodeVolumeMap map[string]map[string]bool) {
// Verify if the volume paths are present on the VM backing virtual disk devices // Verify if the volume paths are present on the VM backing virtual disk devices