Skip to content

Commit

Permalink
Add missing TLS support to Generic provider
Browse files Browse the repository at this point in the history
  • Loading branch information
@cab105
cab105 committed Nov 8, 2015
1 parent 2840c66 commit 95950c8
Show file tree
Hide file tree
Showing 4 changed files with 224 additions and 129 deletions.
264 changes: 144 additions & 120 deletions libmachine/provision/configure_kubernetes.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ func xferCert(p Provisioner, certPath string, targetPath string) error {
return err
}

if _, err := p.SSHCommand(fmt.Sprintf("mkdir -p %s", targetPath)); err != nil {
return err
}

/*
* TODO: Until we start dynamically generating the configuration file,
* these must have a known naming convention on the machine.
Expand Down Expand Up @@ -53,132 +57,152 @@ func fixPermissions(p Provisioner, certPath string, targetPath string) error {
return nil
}

func GenerateCertificates(p Provisioner, k8sOptions kubernetes.KubernetesOptions, authOptions auth.AuthOptions) (error) {
/* Generate and install certificates. Then kick off kubernetes */
driver := p.GetDriver()
machine := driver.GetMachineName()
bits := 2048 // Based on the initial configuration
targetDir := k8sOptions.K8SCertPath
ip, err := driver.GetIP()
if err != nil {
return fmt.Errorf("Error retrieving address: %s", err)
}

err = cert.GenerateCert(
[]string{ip, "localhost"},
k8sOptions.K8SAPICert,
k8sOptions.K8SAPIKey,
authOptions.CaCertPath,
authOptions.CaPrivateKeyPath,
kubernetes.GenOrg(machine, "api"),
bits)

if err != nil {
return fmt.Errorf("Error generating API cert: %s", err)
}

err = cert.GenerateCert(
[]string{""},
k8sOptions.K8SAdminCert,
k8sOptions.K8SAdminKey,
authOptions.CaCertPath,
authOptions.CaPrivateKeyPath,
kubernetes.GenOrg(machine, "admin"),
bits)

if err != nil {
return fmt.Errorf("Error generating Admin cert: %s", err)
}

err = cert.GenerateCert(
[]string{},
k8sOptions.K8SProxyCert,
k8sOptions.K8SProxyKey,
authOptions.CaCertPath,
authOptions.CaPrivateKeyPath,
kubernetes.GenOrg(machine, "proxy"),
bits)

if err != nil {
return fmt.Errorf("Error generating proxy cert: %s", err)
}

/* Copy certs into place */
log.Info("Copying certs to the remote system...")

/* Kick off the kubernetes run */
if _, err := p.SSHCommand(fmt.Sprintf("mkdir -p %s", targetDir)); err != nil {
return err
}

if _, err := p.SSHCommand(fmt.Sprintf("printf '%q,%s,%d' |sudo tee %s", k8sOptions.K8SToken, "kuser",0,path.Join(targetDir, "tokenfile.txt"))); err != nil {
return err
}

if err := xferCert(p, k8sOptions.K8SAPIKey, targetDir + "/apiserver"); err != nil {
return err
}

if err := fixPermissions(p, k8sOptions.K8SAPIKey, targetDir + "/apiserver"); err != nil {
return err
}

if err := xferCert(p, k8sOptions.K8SAPICert, targetDir + "/apiserver"); err != nil {
return err
}

if err := xferCert(p, k8sOptions.K8SProxyCert, targetDir + "/proxyserver"); err != nil {
return err
}

if err := xferCert(p, k8sOptions.K8SProxyKey, targetDir + "/proxyserver"); err != nil {
return err
}

if err := fixPermissions(p, k8sOptions.K8SProxyKey, targetDir + "/proxyserver"); err != nil {
return err
}

if err := xferCert(p, k8sOptions.K8SAdminCert, targetDir + "/kubelet"); err != nil {
return err
}

if err := xferCert(p, k8sOptions.K8SAdminKey, targetDir + "/kubelet"); err != nil {
return err
}

if err := fixPermissions(p, k8sOptions.K8SAdminKey, targetDir + "/kubelet"); err != nil {
return err
}

/* Copy the CA cert to a known location */
caCertContents, err := ioutil.ReadFile(authOptions.CaCertPath)
if err != nil {
return err
}

if _, err := p.SSHCommand(fmt.Sprintf("printf '%%s' '%s' | sudo tee %s/ca.pem", caCertContents, targetDir)); err != nil {
return err
}

return nil
}

func configureKubernetes(p Provisioner, k8sOptions *kubernetes.KubernetesOptions, authOptions auth.AuthOptions) (error) {
log.Info("Configuring kubernetes...")

if _, err := p.SSHCommand("sudo /bin/sh /usr/local/etc/init.d/kubelet stop"); err != nil {
log.Info("Errored while attempting to stop the kubelet: %s", err)
}
if _, err := p.SSHCommand("sudo /bin/sh /usr/local/etc/init.d/kubelet stop"); err != nil {
log.Info("Errored while attempting to stop the kubelet: %s", err)
}

/* Generate and install certificates. Then kick off kubernetes */
if err := GenerateCertificates(p, *k8sOptions, authOptions); err != nil {
return err
}

/* Generate and install certificates. Then kick off kubernetes */
driver := p.GetDriver()
machine := driver.GetMachineName()
bits := 2048 // Based on the initial configuration
ip, err := driver.GetIP()
if err != nil {
return fmt.Errorf("Error retrieving address: %s", err)
}

err = cert.GenerateCert(
[]string{ip, "localhost"},
k8sOptions.K8SAPICert,
k8sOptions.K8SAPIKey,
authOptions.CaCertPath,
authOptions.CaPrivateKeyPath,
kubernetes.GenOrg(machine, "api"),
bits)

if err != nil {
return fmt.Errorf("Error generating API cert: %s", err)
}

err = cert.GenerateCert(
[]string{""},
k8sOptions.K8SAdminCert,
k8sOptions.K8SAdminKey,
authOptions.CaCertPath,
authOptions.CaPrivateKeyPath,
kubernetes.GenOrg(machine, "admin"),
bits)

if err != nil {
return fmt.Errorf("Error generating Admin cert: %s", err)
}

err = cert.GenerateCert(
[]string{},
k8sOptions.K8SProxyCert,
k8sOptions.K8SProxyKey,
authOptions.CaCertPath,
authOptions.CaPrivateKeyPath,
kubernetes.GenOrg(machine, "proxy"),
bits)

if err != nil {
return fmt.Errorf("Error generating proxy cert: %s", err)
}

/* Copy certs into place */
log.Info("Copying certs to the remote system...")

/* CAB: This should probably be an option */
targetDir := k8sOptions.K8SCertPath

/* Kick off the kubernetes run */
if _, err := p.SSHCommand(fmt.Sprintf("printf '%q,%s,%d' |sudo tee %s", k8sOptions.K8SToken, "kuser",0,path.Join(targetDir, "tokenfile.txt"))); err != nil {
return err
}

if err := xferCert(p, k8sOptions.K8SAPIKey, targetDir + "/apiserver"); err != nil {
return err
}

if err := fixPermissions(p, k8sOptions.K8SAPIKey, targetDir + "/apiserver"); err != nil {
return err
}

if err := xferCert(p, k8sOptions.K8SAPICert, targetDir + "/apiserver"); err != nil {
return err
}

if err := xferCert(p, k8sOptions.K8SProxyCert, targetDir + "/proxyserver"); err != nil {
return err
}

if err := xferCert(p, k8sOptions.K8SProxyKey, targetDir + "/proxyserver"); err != nil {
return err
}

if err := fixPermissions(p, k8sOptions.K8SProxyKey, targetDir + "/proxyserver"); err != nil {
return err
}

if err := xferCert(p, k8sOptions.K8SAdminCert, targetDir + "/kubelet"); err != nil {
return err
}

if err := xferCert(p, k8sOptions.K8SAdminKey, targetDir + "/kubelet"); err != nil {
return err
}

if err := fixPermissions(p, k8sOptions.K8SAdminKey, targetDir + "/kubelet"); err != nil {
return err
}

/* Copy the CA cert to a known location */
if _, err := p.SSHCommand(fmt.Sprintf("sudo cp /home/docker/.docker/ca.pem %s/ca.pem", targetDir)); err != nil {
return err
}

/* Generate and copy a new YAML file to the target */
configFile, err := Generatek8sManifest(machine, targetDir)
if err != nil {
return err
}

kubeletConfig, err := GenerateKubeletConfig(machine, targetDir)
if err != nil {
return err
}

/* TOOD: The target manifest directory should be a parameter throughout here */
if _, err := p.SSHCommand(fmt.Sprintf("printf '%%s' '%s' | sudo tee %s", kubeletConfig, "/etc/kubernetes/kubelet.kubeconfig")); err != nil {
return err
}

if _, err := p.SSHCommand(fmt.Sprintf("printf '%%s' '%s' | sudo tee %s", configFile, "/etc/kubernetes/manifests/kubernetes.yaml")); err != nil {
return err
}
targetDir := k8sOptions.K8SCertPath

/* Generate and copy a new YAML file to the target */
configFile, err := Generatek8sManifest(machine, targetDir)
if err != nil {
return err
}

kubeletConfig, err := GenerateKubeletConfig(machine, targetDir)
if err != nil {
return err
}

/* TOOD: The target manifest directory should be a parameter throughout here */
if _, err := p.SSHCommand(fmt.Sprintf("printf '%%s' '%s' | sudo tee %s", kubeletConfig, "/etc/kubernetes/kubelet.kubeconfig")); err != nil {
return err
}

if _, err := p.SSHCommand(fmt.Sprintf("printf '%%s' '%s' | sudo tee %s", configFile, "/etc/kubernetes/manifests/kubernetes.yaml")); err != nil {
return err
}

/* Lastly, start the kubelet */
if _, err := p.SSHCommand("sudo /bin/sh /usr/local/etc/init.d/kubelet start"); err != nil {
Expand Down
Loading

0 comments on commit 95950c8

Please sign in to comment.