machines: add the authorized keys for a pool using a machine config

`cluster-config-v1` is being deprecated in favor of global configs [1] and Machine Config Operator needs to drop using the `SSHKey` in install-config [2] to setup the `SSHAuthorizedKeys` for `core` user. This pushes a machineconfig with the `SSHAuthorizedKeys` sourced from [2] for each machinepool, so that Machine Config Operator can drop generating the machineconfig using the `cluster-config-v1` config map in the cluster. [1]: #680 [2]: https://godoc.org/github.com/openshift/installer/pkg/types#InstallConfig
openshift · Jan 30, 2019 · 87f5c3d · 87f5c3d
1 parent e8ce3e4
commit 87f5c3d
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 0 deletions.
diff --git a/pkg/asset/machines/authorized_keys.go b/pkg/asset/machines/authorized_keys.go
@@ -0,0 +1,46 @@
+package machines
+
+import (
+ "fmt"
+
+ ignv2_2types "github.com/coreos/ignition/config/v2_2/types"
+ mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+ "github.com/openshift/installer/pkg/types"
+)
+
+func machineConfigForSSH(pool types.MachinePool, key string) *mcfgv1.MachineConfig {
+ return &mcfgv1.MachineConfig{
+ TypeMeta: metav1.TypeMeta{
+ APIVersion: "machineconfiguration.openshift.io/v1",
+ Kind: "MachineConfig",
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Name: fmt.Sprintf("99-%s-ssh", pool.Name),
+ Labels: map[string]string{
+ "machineconfiguration.openshift.io/role": pool.Name,
+ },
+ },
+ Spec: mcfgv1.MachineConfigSpec{
+ Config: ignWithAuthorizedKeys("core", []string{key}),
+ },
+ }
+}
+
+func ignWithAuthorizedKeys(user string, keys []string) ignv2_2types.Config {
+ var ignKeys []ignv2_2types.SSHAuthorizedKey
+ for _, k := range keys {
+ ignKeys = append(ignKeys, ignv2_2types.SSHAuthorizedKey(k))
+ }
+ return ignv2_2types.Config{
+ Ignition: ignv2_2types.Ignition{
+ Version: ignv2_2types.MaxVersion.String(),
+ },
+ Passwd: ignv2_2types.Passwd{
+ Users: []ignv2_2types.PasswdUser{{
+ Name: user, SSHAuthorizedKeys: ignKeys,
+ }},
+ },
+ }
+}
diff --git a/pkg/asset/machines/master.go b/pkg/asset/machines/master.go
@@ -27,6 +27,7 @@ import (
 type Master struct {
  MachinesRaw []byte
  UserDataSecretRaw []byte
+ MachineConfig []byte
 }
 
 var _ asset.Asset = (*Master)(nil)
@@ -132,6 +133,12 @@ func (m *Master) Generate(dependencies asset.Parents) error {
  default:
  return fmt.Errorf("invalid Platform")
  }
+
+ mcWithSSH := machineConfigForSSH(pool, ic.SSHKey)
+ m.MachineConfig, err = yaml.Marshal(mcWithSSH)
+ if err != nil {
+ return errors.Wrap(err, "marshaling machineconfig for SSH")
+ }
  return nil
 }
 

diff --git a/pkg/asset/machines/worker.go b/pkg/asset/machines/worker.go
@@ -48,6 +48,7 @@ func defaultOpenStackMachinePoolPlatform(flavor string) openstacktypes.MachinePo
 type Worker struct {
  MachineSetRaw []byte
  UserDataSecretRaw []byte
+ MachineConfig []byte
 }
 
 var _ asset.Asset = (*Worker)(nil)
@@ -150,6 +151,13 @@ func (w *Worker) Generate(dependencies asset.Parents) error {
  default:
  return fmt.Errorf("invalid Platform")
  }
+
+ mcWithSSH := machineConfigForSSH(pool, ic.SSHKey)
+ w.MachineConfig, err = yaml.Marshal(mcWithSSH)
+ if err != nil {
+ return errors.Wrap(err, "marshaling machineconfig for SSH")
+ }
+
  return nil
 }
 

diff --git a/pkg/asset/manifests/openshift.go b/pkg/asset/manifests/openshift.go
@@ -127,8 +127,10 @@ func (o *Openshift) Generate(dependencies asset.Parents) error {
  "99_openshift-cluster-api_cluster.yaml": clusterk8sio.Raw,
  "99_openshift-cluster-api_master-machines.yaml": master.MachinesRaw,
  "99_openshift-cluster-api_master-user-data-secret.yaml": master.UserDataSecretRaw,
+ "99_openshift-machineconfiguration_master-ssh.yaml": master.MachineConfig,
  "99_openshift-cluster-api_worker-machineset.yaml": worker.MachineSetRaw,
  "99_openshift-cluster-api_worker-user-data-secret.yaml": worker.UserDataSecretRaw,
+ "99_openshift-machineconfiguration_worker-ssh.yaml": worker.MachineConfig,
  }
 
  switch platform {