Skip to content

Commit

Permalink
Mvp/fixes for vault (#136)
Browse files Browse the repository at this point in the history
* remove hardcoded aws profile, change default name

* fix for dns test logic and add vault skips
  • Loading branch information
jarededwards authored Jul 20, 2022
1 parent 4852398 commit 7626274
Show file tree
Hide file tree
Showing 3 changed files with 118 additions and 117 deletions.
170 changes: 92 additions & 78 deletions cmd/createUtils.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,32 +100,37 @@ func waitVaultToBeRunning(dryRun bool) {
log.Printf("[#99] Dry-run mode, waitVaultToBeRunning skipped.")
return
}
config := configs.ReadConfig()
x := 50
for i := 0; i < x; i++ {
_, _, err := pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "get", "namespace/vault")
if err != nil {
log.Println("Waiting vault to be born")
time.Sleep(10 * time.Second)
} else {
log.Println("vault namespace found, continuing")
time.Sleep(25 * time.Second)
break
token := viper.GetString("vault.token")
if len(token) == 0 {
config := configs.ReadConfig()
x := 50
for i := 0; i < x; i++ {
_, _, err := pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "get", "namespace/vault")
if err != nil {
log.Println("Waiting vault to be born")
time.Sleep(10 * time.Second)
} else {
log.Println("vault namespace found, continuing")
time.Sleep(25 * time.Second)
break
}
}
}

//! failing
x = 50
for i := 0; i < x; i++ {
_, _, err := pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "vault", "get", "pods", "-l", "app.kubernetes.io/instance=vault")
if err != nil {
log.Println("Waiting vault pods to create")
time.Sleep(10 * time.Second)
} else {
log.Println("vault pods found, continuing")
time.Sleep(15 * time.Second)
break
//! failing
x = 50
for i := 0; i < x; i++ {
_, _, err := pkg.ExecShellReturnStrings(config.KubectlClientPath, "--kubeconfig", config.KubeConfigPath, "-n", "vault", "get", "pods", "-l", "app.kubernetes.io/instance=vault")
if err != nil {
log.Println("Waiting vault pods to create")
time.Sleep(10 * time.Second)
} else {
log.Println("vault pods found, continuing")
time.Sleep(15 * time.Second)
break
}
}
} else {
log.Println("vault token arleady exists, skipping vault health checks waitVaultToBeRunning")
}
}

Expand All @@ -134,45 +139,49 @@ func loopUntilPodIsReady(dryRun bool) {
log.Printf("[#99] Dry-run mode, loopUntilPodIsReady skipped.")
return
}
token := viper.GetString("vault.token")
if len(token) == 0 {

x := 50
url := "http://localhost:8200/v1/sys/health"
for i := 0; i < x; i++ {
log.Println("vault is not ready yet, sleeping and checking again")
time.Sleep(10 * time.Second)
x := 50
url := "http://localhost:8200/v1/sys/health"
for i := 0; i < x; i++ {
log.Println("vault is not ready yet, sleeping and checking again")
time.Sleep(10 * time.Second)

req, _ := http.NewRequest("GET", url, nil)
req, _ := http.NewRequest("GET", url, nil)

req.Header.Add("Content-Type", "application/json")
req.Header.Add("Content-Type", "application/json")

res, err := http.DefaultClient.Do(req)
if err != nil {
log.Println("error with http request Do, vault is not available", err)
continue
}
res, err := http.DefaultClient.Do(req)
if err != nil {
log.Println("error with http request Do, vault is not available", err)
continue
}

defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
if err != nil {
log.Println("vault is availbale but the body is not what is expected ", err)
continue
}
log.Println(string(body))
defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
if err != nil {
log.Println("vault is availbale but the body is not what is expected ", err)
continue
}

var responseJson map[string]interface{}
var responseJson map[string]interface{}

if err := json.Unmarshal(body, &responseJson); err != nil {
log.Printf("vault is availbale but the body is not what is expected %s", err)
continue
}
if err := json.Unmarshal(body, &responseJson); err != nil {
log.Printf("vault is availbale but the body is not what is expected %s", err)
continue
}

_, ok := responseJson["initialized"]
if ok {
log.Printf("vault is initialized and is in the expected state")
return
_, ok := responseJson["initialized"]
if ok {
log.Printf("vault is initialized and is in the expected state")
return
}
log.Panic("vault was never initialized")
}
} else {
log.Println("vault token arleady exists, skipping vault health checks loopUntilPodIsReady")
}
log.Panic("vault was never initialized")
}

type VaultInitResponse struct {
Expand Down Expand Up @@ -206,41 +215,46 @@ func initializeVaultAndAutoUnseal(dryRun bool) {
return
}

time.Sleep(time.Second * 10)
url := "http://127.0.0.1:8200/v1/sys/init"
token := viper.GetString("vault.token")
if len(token) == 0 {

payload := strings.NewReader("{\n\t\"stored_shares\": 3,\n\t\"recovery_threshold\": 3,\n\t\"recovery_shares\": 5\n}")
time.Sleep(time.Second * 10)
url := "http://127.0.0.1:8200/v1/sys/init"

req, err := http.NewRequest("POST", url, payload)
if err != nil {
log.Panic(err)
}
payload := strings.NewReader("{\n\t\"stored_shares\": 3,\n\t\"recovery_threshold\": 3,\n\t\"recovery_shares\": 5\n}")

req.Header.Add("Content-Type", "application/json")
req, err := http.NewRequest("POST", url, payload)
if err != nil {
log.Panic(err)
}

res, err := http.DefaultClient.Do(req)
if err != nil {
log.Println("error in Do http client request", err)
}
req.Header.Add("Content-Type", "application/json")

defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
if err != nil {
log.Panic(err)
}
res, err := http.DefaultClient.Do(req)
if err != nil {
log.Println("error in Do http client request", err)
}

log.Println(string(body))
defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
if err != nil {
log.Panic(err)
}

log.Println(string(body))

vaultResponse := VaultUnsealResponse{}
err = json.Unmarshal(body, &vaultResponse)
if err != nil {
log.Panic(err)
}
vaultResponse := VaultUnsealResponse{}
err = json.Unmarshal(body, &vaultResponse)
if err != nil {
log.Panic(err)
}

viper.Set("vault.token", vaultResponse.RootToken)
viper.Set("vault.unseal-keys", vaultResponse)
viper.WriteConfig()
viper.Set("vault.token", vaultResponse.RootToken)
viper.Set("vault.unseal-keys", vaultResponse)
viper.WriteConfig()
} else {
log.Println("vault token already exists, continuing")
}
}

func waitGitlabToBeReady(dryRun bool) {
Expand Down
61 changes: 24 additions & 37 deletions internal/aws/aws.go
Original file line number Diff line number Diff line change
Expand Up @@ -124,49 +124,36 @@ func TestHostedZoneLiveness(dryRun bool, hostedZoneName, hostedZoneId string) {
log.Println("checking to see if record", route53RecordName, "exists")
log.Println("hostedZoneId", hostedZoneId)
log.Println("route53RecordName", route53RecordName)

recordList, err := route53Client.ListResourceRecordSets(context.TODO(), &route53.ListResourceRecordSetsInput{
HostedZoneId: aws.String(hostedZoneId),
StartRecordName: aws.String(route53RecordName),
StartRecordType: "TXT",
})
if err != nil {
log.Println("failed read route53 ", err.Error())
os.Exit(1)
}

if len(recordList.ResourceRecordSets) == 0 {
if !dryRun {
record, err := route53Client.ChangeResourceRecordSets(context.TODO(), &route53.ChangeResourceRecordSetsInput{
ChangeBatch: &types.ChangeBatch{
Changes: []types.Change{
{
Action: "CREATE",
ResourceRecordSet: &types.ResourceRecordSet{
Name: aws.String(route53RecordName),
Type: "TXT",
ResourceRecords: []types.ResourceRecord{
{
Value: aws.String(strconv.Quote(route53RecordValue)),
},
if !dryRun {
record, err := route53Client.ChangeResourceRecordSets(context.TODO(), &route53.ChangeResourceRecordSetsInput{
ChangeBatch: &types.ChangeBatch{
Changes: []types.Change{
{
Action: "UPSERT",
ResourceRecordSet: &types.ResourceRecordSet{
Name: aws.String(route53RecordName),
Type: "TXT",
ResourceRecords: []types.ResourceRecord{
{
Value: aws.String(strconv.Quote(route53RecordValue)),
},
TTL: aws.Int64(10),
Weight: aws.Int64(100),
SetIdentifier: aws.String("CREATE sanity check for kubefirst installation"),
},
TTL: aws.Int64(10),
Weight: aws.Int64(100),
SetIdentifier: aws.String("CREATE sanity check for kubefirst installation"),
},
},
Comment: aws.String("CREATE sanity check dns record."),
},
HostedZoneId: aws.String(hostedZoneId),
})
if err != nil {
log.Println(err)
}
log.Println("record creation status is ", record.ChangeInfo.Status)
} else {
log.Printf("[#99] Dry-run mode, route53 creation/update skipped: %s", route53RecordName)
Comment: aws.String("CREATE sanity check dns record."),
},
HostedZoneId: aws.String(hostedZoneId),
})
if err != nil {
log.Println(err)
}
log.Println("record creation status is ", record.ChangeInfo.Status)
} else {
log.Printf("[#99] Dry-run mode, route53 creation/update skipped: %s", route53RecordName)
}
count := 0
// todo need to exit after n number of minutes and tell them to check ns records
Expand Down
4 changes: 2 additions & 2 deletions internal/vault/vault.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,8 +67,8 @@ func ConfigureVault(dryRun bool) {
err := kPortForward.Start()
defer kPortForward.Process.Signal(syscall.SIGTERM)
if err != nil {
log.Println("Commad Execution STDOUT: %s", kPortForwardOutb.String())
log.Println("Commad Execution STDERR: %s", kPortForwardErrb.String())
log.Printf("Commad Execution STDOUT: %s", kPortForwardOutb.String())
log.Printf("Commad Execution STDERR: %s", kPortForwardErrb.String())
log.Panicf("error: failed to port-forward to vault namespce svc/vault %s", err)
}

Expand Down

0 comments on commit 7626274

Please sign in to comment.