2017-11-02 10:07:10 +00:00
|
|
|
package cluster
|
|
|
|
|
|
|
|
|
|
import (
|
2018-01-09 22:10:56 +00:00
|
|
|
"context"
|
2018-10-31 23:11:57 +00:00
|
|
|
"encoding/json"
|
2017-11-02 10:07:10 +00:00
|
|
|
"fmt"
|
2018-10-31 23:11:57 +00:00
|
|
|
"io/ioutil"
|
2017-11-21 19:25:08 +00:00
|
|
|
"os"
|
2019-03-18 18:27:59 +00:00
|
|
|
"path"
|
2018-10-31 23:11:57 +00:00
|
|
|
"path/filepath"
|
|
|
|
|
"strings"
|
2017-11-02 10:07:10 +00:00
|
|
|
"time"
|
|
|
|
|
|
2019-08-19 17:53:15 +00:00
|
|
|
"k8s.io/client-go/transport"
|
|
|
|
|
|
2018-09-13 00:29:53 +00:00
|
|
|
"github.com/rancher/rke/hosts"
|
2017-11-02 10:07:10 +00:00
|
|
|
"github.com/rancher/rke/k8s"
|
2018-01-09 22:10:56 +00:00
|
|
|
"github.com/rancher/rke/log"
|
2018-04-25 05:11:57 +00:00
|
|
|
"github.com/rancher/rke/pki"
|
2020-07-11 16:24:19 +00:00
|
|
|
v3 "github.com/rancher/rke/types"
|
2017-11-13 21:28:38 +00:00
|
|
|
"github.com/sirupsen/logrus"
|
2018-01-09 22:10:56 +00:00
|
|
|
"gopkg.in/yaml.v2"
|
2019-04-23 19:44:42 +00:00
|
|
|
v1 "k8s.io/api/core/v1"
|
2017-11-02 10:07:10 +00:00
|
|
|
)
|
|
|
|
|
|
2018-10-31 23:11:57 +00:00
|
|
|
const (
|
|
|
|
|
stateFileExt = ".rkestate"
|
2019-01-02 23:02:34 +00:00
|
|
|
certDirExt = "_certs"
|
2018-10-31 23:11:57 +00:00
|
|
|
)
|
|
|
|
|
|
2018-11-07 23:54:08 +00:00
|
|
|
type FullState struct {
|
|
|
|
|
DesiredState State `json:"desiredState,omitempty"`
|
|
|
|
|
CurrentState State `json:"currentState,omitempty"`
|
2018-10-31 23:11:57 +00:00
|
|
|
}
|
|
|
|
|
|
2018-11-07 23:54:08 +00:00
|
|
|
type State struct {
|
2018-10-31 23:11:57 +00:00
|
|
|
RancherKubernetesEngineConfig *v3.RancherKubernetesEngineConfig `json:"rkeConfig,omitempty"`
|
2018-11-07 23:54:08 +00:00
|
|
|
CertificatesBundle map[string]pki.CertificatePKI `json:"certificatesBundle,omitempty"`
|
2019-10-03 01:56:39 +00:00
|
|
|
EncryptionConfig string `json:"encryptionConfig,omitempty"`
|
2018-10-31 23:11:57 +00:00
|
|
|
}
|
|
|
|
|
|
2018-11-07 23:54:08 +00:00
|
|
|
func (c *Cluster) UpdateClusterCurrentState(ctx context.Context, fullState *FullState) error {
|
2018-11-03 01:45:23 +00:00
|
|
|
fullState.CurrentState.RancherKubernetesEngineConfig = c.RancherKubernetesEngineConfig.DeepCopy()
|
2018-11-07 23:54:08 +00:00
|
|
|
fullState.CurrentState.CertificatesBundle = c.Certificates
|
2019-10-03 01:56:39 +00:00
|
|
|
fullState.CurrentState.EncryptionConfig = c.EncryptionConfig.EncryptionProviderFile
|
2018-11-02 05:53:29 +00:00
|
|
|
return fullState.WriteStateFile(ctx, c.StateFilePath)
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-07 23:54:08 +00:00
|
|
|
func (c *Cluster) GetClusterState(ctx context.Context, fullState *FullState) (*Cluster, error) {
|
2018-11-02 05:53:29 +00:00
|
|
|
var err error
|
|
|
|
|
if fullState.CurrentState.RancherKubernetesEngineConfig == nil {
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-07 23:54:08 +00:00
|
|
|
// resetup external flags
|
2018-11-12 23:24:59 +00:00
|
|
|
flags := GetExternalFlags(false, false, false, c.ConfigDir, c.ConfigPath)
|
2019-10-03 01:56:39 +00:00
|
|
|
currentCluster, err := InitClusterObject(ctx, fullState.CurrentState.RancherKubernetesEngineConfig, flags, fullState.CurrentState.EncryptionConfig)
|
2018-11-02 05:53:29 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2018-11-07 23:54:08 +00:00
|
|
|
currentCluster.Certificates = fullState.CurrentState.CertificatesBundle
|
2019-10-03 01:56:39 +00:00
|
|
|
currentCluster.EncryptionConfig.EncryptionProviderFile = fullState.CurrentState.EncryptionConfig
|
2018-11-07 23:54:08 +00:00
|
|
|
// resetup dialers
|
|
|
|
|
dialerOptions := hosts.GetDialerOptions(c.DockerDialerFactory, c.LocalConnDialerFactory, c.K8sWrapTransport)
|
|
|
|
|
if err := currentCluster.SetupDialers(ctx, dialerOptions); err != nil {
|
|
|
|
|
return nil, err
|
2018-11-02 05:53:29 +00:00
|
|
|
}
|
|
|
|
|
return currentCluster, nil
|
|
|
|
|
}
|
2018-11-07 23:54:08 +00:00
|
|
|
|
|
|
|
|
func SaveFullStateToKubernetes(ctx context.Context, kubeCluster *Cluster, fullState *FullState) error {
|
|
|
|
|
k8sClient, err := k8s.NewClient(kubeCluster.LocalKubeConfigPath, kubeCluster.K8sWrapTransport)
|
2018-11-07 00:24:49 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("Failed to create Kubernetes Client: %v", err)
|
|
|
|
|
}
|
|
|
|
|
log.Infof(ctx, "[state] Saving full cluster state to Kubernetes")
|
|
|
|
|
stateFile, err := json.Marshal(*fullState)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
timeout := make(chan bool, 1)
|
|
|
|
|
go func() {
|
|
|
|
|
for {
|
|
|
|
|
_, err := k8s.UpdateConfigMap(k8sClient, stateFile, FullStateConfigMapName)
|
|
|
|
|
if err != nil {
|
|
|
|
|
time.Sleep(time.Second * 5)
|
|
|
|
|
continue
|
|
|
|
|
}
|
2020-01-09 13:12:54 +00:00
|
|
|
log.Infof(ctx, "[state] Successfully Saved full cluster state to Kubernetes ConfigMap: %s", FullStateConfigMapName)
|
2018-11-07 00:24:49 +00:00
|
|
|
timeout <- true
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
select {
|
|
|
|
|
case <-timeout:
|
|
|
|
|
return nil
|
|
|
|
|
case <-time.After(time.Second * UpdateStateTimeout):
|
|
|
|
|
return fmt.Errorf("[state] Timeout waiting for kubernetes to be ready")
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-11-02 05:53:29 +00:00
|
|
|
|
2018-11-07 23:54:08 +00:00
|
|
|
func GetStateFromKubernetes(ctx context.Context, kubeCluster *Cluster) (*Cluster, error) {
|
2018-01-09 22:10:56 +00:00
|
|
|
log.Infof(ctx, "[state] Fetching cluster state from Kubernetes")
|
2018-11-07 23:54:08 +00:00
|
|
|
k8sClient, err := k8s.NewClient(kubeCluster.LocalKubeConfigPath, kubeCluster.K8sWrapTransport)
|
2018-11-07 00:24:49 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("Failed to create Kubernetes Client: %v", err)
|
|
|
|
|
}
|
2017-11-02 10:07:10 +00:00
|
|
|
var cfgMap *v1.ConfigMap
|
|
|
|
|
var currentCluster Cluster
|
|
|
|
|
timeout := make(chan bool, 1)
|
|
|
|
|
go func() {
|
|
|
|
|
for {
|
2018-11-07 00:24:49 +00:00
|
|
|
cfgMap, err = k8s.GetConfigMap(k8sClient, StateConfigMapName)
|
2017-11-02 10:07:10 +00:00
|
|
|
if err != nil {
|
|
|
|
|
time.Sleep(time.Second * 5)
|
|
|
|
|
continue
|
|
|
|
|
}
|
2018-01-09 22:10:56 +00:00
|
|
|
log.Infof(ctx, "[state] Successfully Fetched cluster state to Kubernetes ConfigMap: %s", StateConfigMapName)
|
2017-11-02 10:07:10 +00:00
|
|
|
timeout <- true
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
select {
|
|
|
|
|
case <-timeout:
|
|
|
|
|
clusterData := cfgMap.Data[StateConfigMapName]
|
|
|
|
|
err := yaml.Unmarshal([]byte(clusterData), ¤tCluster)
|
|
|
|
|
if err != nil {
|
2018-09-13 00:29:53 +00:00
|
|
|
return nil, fmt.Errorf("Failed to unmarshal cluster data")
|
2017-11-02 10:07:10 +00:00
|
|
|
}
|
2018-09-13 00:29:53 +00:00
|
|
|
return ¤tCluster, nil
|
2017-11-02 10:07:10 +00:00
|
|
|
case <-time.After(time.Second * GetStateTimeout):
|
2018-01-09 22:10:56 +00:00
|
|
|
log.Infof(ctx, "Timed out waiting for kubernetes cluster to get state")
|
2018-09-13 00:29:53 +00:00
|
|
|
return nil, fmt.Errorf("Timeout waiting for kubernetes cluster to get state")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-19 17:53:15 +00:00
|
|
|
func GetK8sVersion(localConfigPath string, k8sWrapTransport transport.WrapperFunc) (string, error) {
|
2017-11-30 23:16:45 +00:00
|
|
|
logrus.Debugf("[version] Using %s to connect to Kubernetes cluster..", localConfigPath)
|
2018-02-20 11:51:57 +00:00
|
|
|
k8sClient, err := k8s.NewClient(localConfigPath, k8sWrapTransport)
|
2017-11-13 00:30:13 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return "", fmt.Errorf("Failed to create Kubernetes Client: %v", err)
|
|
|
|
|
}
|
|
|
|
|
discoveryClient := k8sClient.DiscoveryClient
|
|
|
|
|
logrus.Debugf("[version] Getting Kubernetes server version..")
|
|
|
|
|
serverVersion, err := discoveryClient.ServerVersion()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", fmt.Errorf("Failed to get Kubernetes server version: %v", err)
|
|
|
|
|
}
|
|
|
|
|
return fmt.Sprintf("%#v", *serverVersion), nil
|
|
|
|
|
}
|
2018-10-31 23:11:57 +00:00
|
|
|
|
2019-10-03 01:56:39 +00:00
|
|
|
func RebuildState(ctx context.Context, kubeCluster *Cluster, oldState *FullState, flags ExternalFlags) (*FullState, error) {
|
|
|
|
|
rkeConfig := &kubeCluster.RancherKubernetesEngineConfig
|
2018-11-07 23:54:08 +00:00
|
|
|
newState := &FullState{
|
|
|
|
|
DesiredState: State{
|
2018-11-03 01:45:23 +00:00
|
|
|
RancherKubernetesEngineConfig: rkeConfig.DeepCopy(),
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-02 23:02:34 +00:00
|
|
|
if flags.CustomCerts {
|
|
|
|
|
certBundle, err := pki.ReadCertsAndKeysFromDir(flags.CertificateDir)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("Failed to read certificates from dir [%s]: %v", flags.CertificateDir, err)
|
|
|
|
|
}
|
|
|
|
|
// make sure all custom certs are included
|
|
|
|
|
if err := pki.ValidateBundleContent(rkeConfig, certBundle, flags.ClusterFilePath, flags.ConfigDir); err != nil {
|
|
|
|
|
return nil, fmt.Errorf("Failed to validates certificates from dir [%s]: %v", flags.CertificateDir, err)
|
|
|
|
|
}
|
|
|
|
|
newState.DesiredState.CertificatesBundle = certBundle
|
|
|
|
|
newState.CurrentState = oldState.CurrentState
|
|
|
|
|
return newState, nil
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-03 01:45:23 +00:00
|
|
|
// Rebuilding the certificates of the desired state
|
2019-10-03 01:56:39 +00:00
|
|
|
if oldState.DesiredState.CertificatesBundle == nil { // this is a fresh cluster
|
|
|
|
|
if err := buildFreshState(ctx, kubeCluster, newState); err != nil {
|
|
|
|
|
return nil, err
|
2019-03-06 01:02:46 +00:00
|
|
|
}
|
2019-10-03 01:56:39 +00:00
|
|
|
} else { // This is an existing cluster with an old DesiredState
|
|
|
|
|
if err := rebuildExistingState(ctx, kubeCluster, oldState, newState, flags); err != nil {
|
2018-11-03 01:45:23 +00:00
|
|
|
return nil, err
|
|
|
|
|
}
|
2018-10-31 23:11:57 +00:00
|
|
|
}
|
2018-11-03 01:45:23 +00:00
|
|
|
newState.CurrentState = oldState.CurrentState
|
2018-11-02 05:53:29 +00:00
|
|
|
return newState, nil
|
2018-10-31 23:11:57 +00:00
|
|
|
}
|
|
|
|
|
|
2018-11-07 23:54:08 +00:00
|
|
|
func (s *FullState) WriteStateFile(ctx context.Context, statePath string) error {
|
2018-10-31 23:11:57 +00:00
|
|
|
stateFile, err := json.MarshalIndent(s, "", " ")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("Failed to Marshal state object: %v", err)
|
|
|
|
|
}
|
2020-03-05 18:42:05 +00:00
|
|
|
logrus.Tracef("Writing state file: %s", stateFile)
|
2018-11-03 01:45:23 +00:00
|
|
|
if err := ioutil.WriteFile(statePath, stateFile, 0640); err != nil {
|
2018-10-31 23:11:57 +00:00
|
|
|
return fmt.Errorf("Failed to write state file: %v", err)
|
|
|
|
|
}
|
|
|
|
|
log.Infof(ctx, "Successfully Deployed state file at [%s]", statePath)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func GetStateFilePath(configPath, configDir string) string {
|
2018-11-03 01:45:23 +00:00
|
|
|
if configPath == "" {
|
|
|
|
|
configPath = pki.ClusterConfig
|
|
|
|
|
}
|
2018-10-31 23:11:57 +00:00
|
|
|
baseDir := filepath.Dir(configPath)
|
|
|
|
|
if len(configDir) > 0 {
|
|
|
|
|
baseDir = filepath.Dir(configDir)
|
|
|
|
|
}
|
|
|
|
|
fileName := filepath.Base(configPath)
|
|
|
|
|
baseDir += "/"
|
|
|
|
|
fullPath := fmt.Sprintf("%s%s", baseDir, fileName)
|
|
|
|
|
trimmedName := strings.TrimSuffix(fullPath, filepath.Ext(fullPath))
|
|
|
|
|
return trimmedName + stateFileExt
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-02 23:02:34 +00:00
|
|
|
func GetCertificateDirPath(configPath, configDir string) string {
|
|
|
|
|
if configPath == "" {
|
|
|
|
|
configPath = pki.ClusterConfig
|
|
|
|
|
}
|
|
|
|
|
baseDir := filepath.Dir(configPath)
|
|
|
|
|
if len(configDir) > 0 {
|
|
|
|
|
baseDir = filepath.Dir(configDir)
|
|
|
|
|
}
|
|
|
|
|
fileName := filepath.Base(configPath)
|
|
|
|
|
baseDir += "/"
|
|
|
|
|
fullPath := fmt.Sprintf("%s%s", baseDir, fileName)
|
|
|
|
|
trimmedName := strings.TrimSuffix(fullPath, filepath.Ext(fullPath))
|
|
|
|
|
return trimmedName + certDirExt
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-07 23:54:08 +00:00
|
|
|
func ReadStateFile(ctx context.Context, statePath string) (*FullState, error) {
|
|
|
|
|
rkeFullState := &FullState{}
|
2018-10-31 23:11:57 +00:00
|
|
|
fp, err := filepath.Abs(statePath)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return rkeFullState, fmt.Errorf("failed to lookup current directory name: %v", err)
|
|
|
|
|
}
|
|
|
|
|
file, err := os.Open(fp)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return rkeFullState, fmt.Errorf("Can not find RKE state file: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer file.Close()
|
|
|
|
|
buf, err := ioutil.ReadAll(file)
|
|
|
|
|
if err != nil {
|
2018-11-03 01:45:23 +00:00
|
|
|
return rkeFullState, fmt.Errorf("failed to read state file: %v", err)
|
2018-10-31 23:11:57 +00:00
|
|
|
}
|
|
|
|
|
if err := json.Unmarshal(buf, rkeFullState); err != nil {
|
|
|
|
|
return rkeFullState, fmt.Errorf("failed to unmarshal the state file: %v", err)
|
|
|
|
|
}
|
2018-11-07 23:54:08 +00:00
|
|
|
rkeFullState.DesiredState.CertificatesBundle = pki.TransformPEMToObject(rkeFullState.DesiredState.CertificatesBundle)
|
|
|
|
|
rkeFullState.CurrentState.CertificatesBundle = pki.TransformPEMToObject(rkeFullState.CurrentState.CertificatesBundle)
|
2018-10-31 23:11:57 +00:00
|
|
|
return rkeFullState, nil
|
|
|
|
|
}
|
2018-11-03 01:45:23 +00:00
|
|
|
|
2018-11-07 23:54:08 +00:00
|
|
|
func removeStateFile(ctx context.Context, statePath string) {
|
2018-11-03 01:45:23 +00:00
|
|
|
log.Infof(ctx, "Removing state file: %s", statePath)
|
|
|
|
|
if err := os.Remove(statePath); err != nil {
|
|
|
|
|
logrus.Warningf("Failed to remove state file: %v", err)
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
log.Infof(ctx, "State file removed successfully")
|
|
|
|
|
}
|
2019-03-18 18:27:59 +00:00
|
|
|
|
|
|
|
|
func GetStateFromNodes(ctx context.Context, kubeCluster *Cluster) *Cluster {
|
|
|
|
|
var currentCluster Cluster
|
|
|
|
|
var clusterFile string
|
|
|
|
|
var err error
|
|
|
|
|
|
|
|
|
|
uniqueHosts := hosts.GetUniqueHostList(kubeCluster.EtcdHosts, kubeCluster.ControlPlaneHosts, kubeCluster.WorkerHosts)
|
|
|
|
|
for _, host := range uniqueHosts {
|
2019-04-09 21:39:20 +00:00
|
|
|
filePath := path.Join(pki.TempCertPath, pki.ClusterStateFile)
|
2019-03-18 18:27:59 +00:00
|
|
|
clusterFile, err = pki.FetchFileFromHost(ctx, filePath, kubeCluster.SystemImages.Alpine, host, kubeCluster.PrivateRegistriesMap, pki.StateDeployerContainerName, "state")
|
|
|
|
|
if err == nil {
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if len(clusterFile) == 0 {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
err = yaml.Unmarshal([]byte(clusterFile), ¤tCluster)
|
|
|
|
|
if err != nil {
|
|
|
|
|
logrus.Debugf("[state] Failed to unmarshal the cluster file fetched from nodes: %v", err)
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
log.Infof(ctx, "[state] Successfully fetched cluster state from Nodes")
|
|
|
|
|
return ¤tCluster
|
|
|
|
|
}
|
2019-10-03 01:56:39 +00:00
|
|
|
|
|
|
|
|
func buildFreshState(ctx context.Context, kubeCluster *Cluster, newState *FullState) error {
|
|
|
|
|
rkeConfig := &kubeCluster.RancherKubernetesEngineConfig
|
|
|
|
|
// Get the certificate Bundle
|
|
|
|
|
certBundle, err := pki.GenerateRKECerts(ctx, *rkeConfig, "", "")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("Failed to generate certificate bundle: %v", err)
|
|
|
|
|
}
|
|
|
|
|
newState.DesiredState.CertificatesBundle = certBundle
|
|
|
|
|
if isEncryptionEnabled(rkeConfig) {
|
|
|
|
|
if newState.DesiredState.EncryptionConfig, err = kubeCluster.getEncryptionProviderFile(); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func rebuildExistingState(ctx context.Context, kubeCluster *Cluster, oldState, newState *FullState, flags ExternalFlags) error {
|
|
|
|
|
rkeConfig := &kubeCluster.RancherKubernetesEngineConfig
|
|
|
|
|
pkiCertBundle := oldState.DesiredState.CertificatesBundle
|
|
|
|
|
// check for legacy clusters prior to requestheaderca
|
|
|
|
|
if pkiCertBundle[pki.RequestHeaderCACertName].Certificate == nil {
|
|
|
|
|
if err := pki.GenerateRKERequestHeaderCACert(ctx, pkiCertBundle, flags.ClusterFilePath, flags.ConfigDir); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if err := pki.GenerateRKEServicesCerts(ctx, pkiCertBundle, *rkeConfig, flags.ClusterFilePath, flags.ConfigDir, false); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
newState.DesiredState.CertificatesBundle = pkiCertBundle
|
|
|
|
|
if isEncryptionEnabled(rkeConfig) {
|
|
|
|
|
if oldState.DesiredState.EncryptionConfig != "" {
|
|
|
|
|
newState.DesiredState.EncryptionConfig = oldState.DesiredState.EncryptionConfig
|
|
|
|
|
} else {
|
|
|
|
|
var err error
|
|
|
|
|
if newState.DesiredState.EncryptionConfig, err = kubeCluster.getEncryptionProviderFile(); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
