mirror of
https://github.com/rancher/rke.git
synced 2025-06-23 14:07:13 +00:00
130 lines
3.4 KiB
Go
130 lines
3.4 KiB
Go
package cluster
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
"strings"
|
|
"syscall"
|
|
|
|
"github.com/rancher/rke/hosts"
|
|
"github.com/rancher/rke/pki"
|
|
"github.com/rancher/rke/services"
|
|
"github.com/sirupsen/logrus"
|
|
"golang.org/x/crypto/ssh"
|
|
"golang.org/x/crypto/ssh/terminal"
|
|
)
|
|
|
|
const (
|
|
DefaultSSHKeyPath = "/.ssh/id_rsa"
|
|
)
|
|
|
|
func (c *Cluster) TunnelHosts() error {
|
|
key, err := checkEncryptedKey(c.SSHKeyPath)
|
|
if err != nil {
|
|
return fmt.Errorf("Failed to parse the private key: %v", err)
|
|
}
|
|
for i := range c.EtcdHosts {
|
|
err := c.EtcdHosts[i].TunnelUp(key)
|
|
if err != nil {
|
|
return fmt.Errorf("Failed to set up SSH tunneling for Etcd hosts: %v", err)
|
|
}
|
|
}
|
|
for i := range c.ControlPlaneHosts {
|
|
err := c.ControlPlaneHosts[i].TunnelUp(key)
|
|
if err != nil {
|
|
return fmt.Errorf("Failed to set up SSH tunneling for Control hosts: %v", err)
|
|
}
|
|
}
|
|
for i := range c.WorkerHosts {
|
|
err := c.WorkerHosts[i].TunnelUp(key)
|
|
if err != nil {
|
|
return fmt.Errorf("Failed to set up SSH tunneling for Worker hosts: %v", err)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (c *Cluster) InvertIndexHosts() error {
|
|
c.EtcdHosts = make([]hosts.Host, 0)
|
|
c.WorkerHosts = make([]hosts.Host, 0)
|
|
c.ControlPlaneHosts = make([]hosts.Host, 0)
|
|
for _, host := range c.Hosts {
|
|
for _, role := range host.Role {
|
|
logrus.Debugf("Host: " + host.AdvertisedHostname + " has role: " + role)
|
|
newHost := hosts.Host{
|
|
RKEConfigHost: host,
|
|
}
|
|
switch role {
|
|
case services.ETCDRole:
|
|
c.EtcdHosts = append(c.EtcdHosts, newHost)
|
|
case services.ControlRole:
|
|
c.ControlPlaneHosts = append(c.ControlPlaneHosts, newHost)
|
|
case services.WorkerRole:
|
|
c.WorkerHosts = append(c.WorkerHosts, newHost)
|
|
default:
|
|
return fmt.Errorf("Failed to recognize host [%s] role %s", host.AdvertisedHostname, role)
|
|
}
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (c *Cluster) SetUpHosts() error {
|
|
if c.Authentication.Strategy == X509AuthenticationProvider {
|
|
logrus.Infof("[certificates] Deploying kubernetes certificates to Cluster nodes")
|
|
err := pki.DeployCertificatesOnMasters(c.ControlPlaneHosts, c.Certificates)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = pki.DeployCertificatesOnWorkers(c.WorkerHosts, c.Certificates)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = pki.DeployAdminConfig(c.Certificates[pki.KubeAdminCommonName].Config, c.LocalKubeConfigPath)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
logrus.Infof("[certificates] Successfully deployed kubernetes certificates to Cluster nodes")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func CheckEtcdHostsChanged(kubeCluster, currentCluster *Cluster) error {
|
|
if currentCluster != nil {
|
|
etcdChanged := hosts.IsHostListChanged(currentCluster.EtcdHosts, kubeCluster.EtcdHosts)
|
|
if etcdChanged {
|
|
return fmt.Errorf("Adding or removing Etcd nodes is not supported")
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func checkEncryptedKey(sshKeyPath string) (ssh.Signer, error) {
|
|
logrus.Infof("[ssh] Checking private key")
|
|
key, err := hosts.ParsePrivateKey(privateKeyPath(sshKeyPath))
|
|
if err != nil {
|
|
if strings.Contains(err.Error(), "decode encrypted private keys") {
|
|
fmt.Printf("Passphrase for Private SSH Key: ")
|
|
passphrase, err := terminal.ReadPassword(int(syscall.Stdin))
|
|
fmt.Printf("\n")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
key, err = hosts.ParsePrivateKeyWithPassPhrase(privateKeyPath(sshKeyPath), passphrase)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
} else {
|
|
return nil, err
|
|
}
|
|
}
|
|
return key, nil
|
|
}
|
|
|
|
func privateKeyPath(sshKeyPath string) string {
|
|
if len(sshKeyPath) == 0 {
|
|
return os.Getenv("HOME") + DefaultSSHKeyPath
|
|
}
|
|
return sshKeyPath
|
|
}
|