From 731aea42427b5475c9a5e69916cb214c236a0e14 Mon Sep 17 00:00:00 2001 From: "junsheng.wu" Date: Thu, 4 Jan 2024 13:51:34 +0800 Subject: [PATCH 1/4] Modify the kubernetes installer * Modify the kubernetes installer from kubespray to captain. --- pkg/controllers/clusterops/controller.go | 2 +- pkg/util/entrypoint/entrypoint.go | 14 +++----------- 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/pkg/controllers/clusterops/controller.go b/pkg/controllers/clusterops/controller.go index 289dc4c74..48c665fc3 100644 --- a/pkg/controllers/clusterops/controller.go +++ b/pkg/controllers/clusterops/controller.go @@ -696,7 +696,7 @@ func (c *Controller) injectCustomAction(clusterOps *clusteroperationv1alpha1.Clu } } defaultMode := int32(0o700) - pathPrefix := "/kubespray" + pathPrefix := "/captain" if actionType == clusteroperationv1alpha1.ShellActionType { pathPrefix = "/bin" } diff --git a/pkg/util/entrypoint/entrypoint.go b/pkg/util/entrypoint/entrypoint.go index b46f8adf0..a221fb4cb 100644 --- a/pkg/util/entrypoint/entrypoint.go +++ b/pkg/util/entrypoint/entrypoint.go @@ -95,17 +95,9 @@ func (ep *EntryPoint) buildPlaybookCmd(action, extraArgs string, isPrivateKey, b return "", ArgsError{fmt.Sprintf("unknown playbook type, the currently supported ranges include: %s", ep.Actions.Playbooks.List)} } } - playbookCmd := "ansible-playbook -i /conf/hosts.yml -b --become-user root -e \"@/conf/group_vars.yml\"" - if isPrivateKey { - playbookCmd = fmt.Sprintf("%s --private-key /auth/ssh-privatekey", playbookCmd) - } - if action == ResetPB { - playbookCmd = fmt.Sprintf("%s -e \"reset_confirmation=yes\"", playbookCmd) - } - if action == RemoveNodePB { - playbookCmd = fmt.Sprintf("%s -e \"skip_confirmation=true\"", playbookCmd) - } - playbookCmd = fmt.Sprintf("%s /kubespray/%s", playbookCmd, action) + playbookCmd := "ansible-playbook -i /conf/hosts.yml --extra-vars @/conf/group_vars.yml --flush-cache" + + playbookCmd = fmt.Sprintf("%s %s", playbookCmd, action) if len(extraArgs) > 0 { playbookCmd = fmt.Sprintf("%s %s", playbookCmd, extraArgs) } From 17612ce5cc600f2ce97d945297f968dca11d7b85 Mon Sep 17 00:00:00 2001 From: "junsheng.wu" Date: Fri, 5 Jan 2024 10:52:54 +0800 Subject: [PATCH 2/4] Add some parameters in ansible cmd --- pkg/util/entrypoint/entrypoint.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkg/util/entrypoint/entrypoint.go b/pkg/util/entrypoint/entrypoint.go index a221fb4cb..e36caf7bc 100644 --- a/pkg/util/entrypoint/entrypoint.go +++ b/pkg/util/entrypoint/entrypoint.go @@ -97,6 +97,16 @@ func (ep *EntryPoint) buildPlaybookCmd(action, extraArgs string, isPrivateKey, b } playbookCmd := "ansible-playbook -i /conf/hosts.yml --extra-vars @/conf/group_vars.yml --flush-cache" + if isPrivateKey { + playbookCmd = fmt.Sprintf("%s --private-key /auth/ssh-privatekey", playbookCmd) + } + if action == ResetPB { + playbookCmd = fmt.Sprintf("%s -e \"reset_confirmation=yes\"", playbookCmd) + } + if action == RemoveNodePB { + playbookCmd = fmt.Sprintf("%s -e \"skip_confirmation=true\"", playbookCmd) + } + playbookCmd = fmt.Sprintf("%s %s", playbookCmd, action) if len(extraArgs) > 0 { playbookCmd = fmt.Sprintf("%s %s", playbookCmd, extraArgs) From 013aefe3e46b75e67a038fed2addf3587839a2b9 Mon Sep 17 00:00:00 2001 From: "junsheng.wu" Date: Tue, 9 Jan 2024 16:48:59 +0800 Subject: [PATCH 3/4] Modify the ssh-key to 600 mode --- pkg/controllers/clusterops/controller.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/controllers/clusterops/controller.go b/pkg/controllers/clusterops/controller.go index 48c665fc3..b58d0cacf 100644 --- a/pkg/controllers/clusterops/controller.go +++ b/pkg/controllers/clusterops/controller.go @@ -355,7 +355,7 @@ func (c *Controller) FetchGlobalManifestImageTag() string { func (c *Controller) NewKubesprayJob(clusterOps *clusteroperationv1alpha1.ClusterOperation, serviceAccountName string) *batchv1.Job { BackoffLimit := int32(0) DefaultMode := int32(0o700) - PrivatekeyMode := int32(0o400) + PrivatekeyMode := int32(0600) jobName := c.GenerateJobName(clusterOps) namespace := util.GetCurrentNSOrDefault() job := &batchv1.Job{ @@ -449,7 +449,6 @@ func (c *Controller) NewKubesprayJob(clusterOps *clusteroperationv1alpha1.Cluste Name: "ssh-auth", MountPath: "/auth/ssh-privatekey", SubPath: "ssh-privatekey", - ReadOnly: true, }) } job.Spec.Template.Spec.Volumes = append(job.Spec.Template.Spec.Volumes, From e898d79bd9d00b7030337f21cbe5b509e0a6cbe0 Mon Sep 17 00:00:00 2001 From: "junsheng.wu" Date: Wed, 10 Jan 2024 19:29:26 +0800 Subject: [PATCH 4/4] Modify the hosts file fromt /conf/host.yml to inventory/inventory --- pkg/controllers/clusterops/controller.go | 6 +++--- pkg/util/entrypoint/entrypoint.go | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/controllers/clusterops/controller.go b/pkg/controllers/clusterops/controller.go index b58d0cacf..d3d5144d6 100644 --- a/pkg/controllers/clusterops/controller.go +++ b/pkg/controllers/clusterops/controller.go @@ -355,7 +355,7 @@ func (c *Controller) FetchGlobalManifestImageTag() string { func (c *Controller) NewKubesprayJob(clusterOps *clusteroperationv1alpha1.ClusterOperation, serviceAccountName string) *batchv1.Job { BackoffLimit := int32(0) DefaultMode := int32(0o700) - PrivatekeyMode := int32(0600) + PrivatekeyMode := int32(0o600) jobName := c.GenerateJobName(clusterOps) namespace := util.GetCurrentNSOrDefault() job := &batchv1.Job{ @@ -393,8 +393,8 @@ func (c *Controller) NewKubesprayJob(clusterOps *clusteroperationv1alpha1.Cluste }, { Name: "hosts-conf", - MountPath: "/conf/hosts.yml", - SubPath: "hosts.yml", + MountPath: "/captain/inventory/inventory", + SubPath: "inventory", }, { Name: "vars-conf", diff --git a/pkg/util/entrypoint/entrypoint.go b/pkg/util/entrypoint/entrypoint.go index e36caf7bc..a23b673c6 100644 --- a/pkg/util/entrypoint/entrypoint.go +++ b/pkg/util/entrypoint/entrypoint.go @@ -95,7 +95,7 @@ func (ep *EntryPoint) buildPlaybookCmd(action, extraArgs string, isPrivateKey, b return "", ArgsError{fmt.Sprintf("unknown playbook type, the currently supported ranges include: %s", ep.Actions.Playbooks.List)} } } - playbookCmd := "ansible-playbook -i /conf/hosts.yml --extra-vars @/conf/group_vars.yml --flush-cache" + playbookCmd := "ansible-playbook -i inventory/inventory --extra-vars @/conf/group_vars.yml --flush-cache" if isPrivateKey { playbookCmd = fmt.Sprintf("%s --private-key /auth/ssh-privatekey", playbookCmd)