From 87f5c3d3cbe1fbf847ace4c4a68cf329af5f97c5 Mon Sep 17 00:00:00 2001 From: Abhinav Dahiya Date: Tue, 29 Jan 2019 17:32:35 -0800 Subject: [PATCH] machines: add the authorized keys for a pool using a machine config `cluster-config-v1` is being deprecated in favor of global configs [1] and Machine Config Operator needs to drop using the `SSHKey` in install-config [2] to setup the `SSHAuthorizedKeys` for `core` user. This pushes a machineconfig with the `SSHAuthorizedKeys` sourced from [2] for each machinepool, so that Machine Config Operator can drop generating the machineconfig using the `cluster-config-v1` config map in the cluster. [1]: https://github.com/openshift/installer/issues/680 [2]: https://godoc.org/github.com/openshift/installer/pkg/types#InstallConfig --- pkg/asset/machines/authorized_keys.go | 46 +++++++++++++++++++++++++++ pkg/asset/machines/master.go | 7 ++++ pkg/asset/machines/worker.go | 8 +++++ pkg/asset/manifests/openshift.go | 2 ++ 4 files changed, 63 insertions(+) create mode 100644 pkg/asset/machines/authorized_keys.go diff --git a/pkg/asset/machines/authorized_keys.go b/pkg/asset/machines/authorized_keys.go new file mode 100644 index 00000000000..2cb6f807839 --- /dev/null +++ b/pkg/asset/machines/authorized_keys.go @@ -0,0 +1,46 @@ +package machines + +import ( + "fmt" + + ignv2_2types "github.com/coreos/ignition/config/v2_2/types" + mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/openshift/installer/pkg/types" +) + +func machineConfigForSSH(pool types.MachinePool, key string) *mcfgv1.MachineConfig { + return &mcfgv1.MachineConfig{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "machineconfiguration.openshift.io/v1", + Kind: "MachineConfig", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("99-%s-ssh", pool.Name), + Labels: map[string]string{ + "machineconfiguration.openshift.io/role": pool.Name, + }, + }, + Spec: mcfgv1.MachineConfigSpec{ + Config: ignWithAuthorizedKeys("core", []string{key}), + }, + } +} + +func ignWithAuthorizedKeys(user string, keys []string) ignv2_2types.Config { + var ignKeys []ignv2_2types.SSHAuthorizedKey + for _, k := range keys { + ignKeys = append(ignKeys, ignv2_2types.SSHAuthorizedKey(k)) + } + return ignv2_2types.Config{ + Ignition: ignv2_2types.Ignition{ + Version: ignv2_2types.MaxVersion.String(), + }, + Passwd: ignv2_2types.Passwd{ + Users: []ignv2_2types.PasswdUser{{ + Name: user, SSHAuthorizedKeys: ignKeys, + }}, + }, + } +} diff --git a/pkg/asset/machines/master.go b/pkg/asset/machines/master.go index 08d3f376d34..cda8645c861 100644 --- a/pkg/asset/machines/master.go +++ b/pkg/asset/machines/master.go @@ -27,6 +27,7 @@ import ( type Master struct { MachinesRaw []byte UserDataSecretRaw []byte + MachineConfig []byte } var _ asset.Asset = (*Master)(nil) @@ -132,6 +133,12 @@ func (m *Master) Generate(dependencies asset.Parents) error { default: return fmt.Errorf("invalid Platform") } + + mcWithSSH := machineConfigForSSH(pool, ic.SSHKey) + m.MachineConfig, err = yaml.Marshal(mcWithSSH) + if err != nil { + return errors.Wrap(err, "marshaling machineconfig for SSH") + } return nil } diff --git a/pkg/asset/machines/worker.go b/pkg/asset/machines/worker.go index d73ec0ba3be..a525d4ddd45 100644 --- a/pkg/asset/machines/worker.go +++ b/pkg/asset/machines/worker.go @@ -48,6 +48,7 @@ func defaultOpenStackMachinePoolPlatform(flavor string) openstacktypes.MachinePo type Worker struct { MachineSetRaw []byte UserDataSecretRaw []byte + MachineConfig []byte } var _ asset.Asset = (*Worker)(nil) @@ -150,6 +151,13 @@ func (w *Worker) Generate(dependencies asset.Parents) error { default: return fmt.Errorf("invalid Platform") } + + mcWithSSH := machineConfigForSSH(pool, ic.SSHKey) + w.MachineConfig, err = yaml.Marshal(mcWithSSH) + if err != nil { + return errors.Wrap(err, "marshaling machineconfig for SSH") + } + return nil } diff --git a/pkg/asset/manifests/openshift.go b/pkg/asset/manifests/openshift.go index c0b271a4028..11b3586a14e 100644 --- a/pkg/asset/manifests/openshift.go +++ b/pkg/asset/manifests/openshift.go @@ -127,8 +127,10 @@ func (o *Openshift) Generate(dependencies asset.Parents) error { "99_openshift-cluster-api_cluster.yaml": clusterk8sio.Raw, "99_openshift-cluster-api_master-machines.yaml": master.MachinesRaw, "99_openshift-cluster-api_master-user-data-secret.yaml": master.UserDataSecretRaw, + "99_openshift-machineconfiguration_master-ssh.yaml": master.MachineConfig, "99_openshift-cluster-api_worker-machineset.yaml": worker.MachineSetRaw, "99_openshift-cluster-api_worker-user-data-secret.yaml": worker.UserDataSecretRaw, + "99_openshift-machineconfiguration_worker-ssh.yaml": worker.MachineConfig, } switch platform {